After more than two years of uncertainty, veterinary clinics and other businesses are on the verge of being excused from a government regulation known as the Red Flags Rule
that is designed to safeguard consumers from identity theft.
The House on Tuesday is scheduled to consider the Red Flag Program Clarification Act of 2010, H.R. 6420, which markedly limits the types of businesses that would fall under the rule.
The Senate last week unanimously passed its version of the same measure, S. 3987.
Under the pending legislation, businesses to come under the Red Flags Rule would be only those that “regularly and in the ordinary course of business” obtain or use credit reports and furnish information to consumer credit reporting agencies in connection with a credit transaction; and that loan money or provide credit to consumers.
Businesses that advance funds or extend credit for expenses “incidental to” the service provided by business to the consumer would not be affected.
Up to now, the Federal Trade Commission, which developed rules requiring businesses to respond to patterns, practices and specific activities — or “red flags” — that potentially indicate identity theft, has considered as creditors any businesses, including medical providers, that allow consumers to pay later.
“Identity theft is a serious problem, but the definition of ‘creditor’ for purposes of the FTC’s Red Flags Rule is too broad and would cover small businesses that pose little risk to consumers,” Sen. John Thune, R-S.D., a sponsor of the Senate bill, said in a written statement.
The Red Flags Rule originally was scheduled to take effect in 2008. Ensuing discussion
and protest over the scope of the rules led the FTC to delay enforcement several times. The latest enforcement deadline is Dec. 31.
Adrian Hoschstadt, assistant director of state legislative and regulatory affairs at the American Veterinary Medical Association (AVMA), urges veterinarians to take steps to protect their clients’ data regardless of the legal requirements.
“You still carry risk if information is mishandled and someone’s private information gets out because of negligence,” said Hochstadt, who is a lawyer.
The Veterinary Information Network has put together a model identity theft prevention program
for practitioners. The AVMA also has posted information
and resources on the subject.