Government // Leadership
10:08 PM
George V. Hulme
George V. Hulme
The 5 Keys for Dealing with an Email-Borne Ransomware Attack
Nov 30, 2016
Email-borne ransomware attacks are on the rise. An average of +4,000 ransomware incidents have occ ...Read More>>

Healthcare Providers Want "Red Flag" Exception

Dentists, physicians, and veterinarians are asking the Federal Trade Commission to exclude healthcare professionals from regulations designed to mitigate the risks of identity theft. I say: Step up and protect your customers from identity theft.

Dentists, physicians, and veterinarians are asking the Federal Trade Commission to exclude healthcare professionals from regulations designed to mitigate the risks of identity theft. I say: Step up and protect your customers from identity theft.In a letter sent to FTC Chairman Jon Leibowitz from the American Dental Association (ADA), American Medical Association (AMA), American Osteopathic Association (AOA), and American Veterinary Medical Association (AVMA), the groups are asking that the "red flags" rule not apply to them.

They say the FTC's interpretation of the regulation imposes an "unjustified, unfunded mandate on health professionals for detecting and responding to identity theft."

From the press release that went out Friday:

The organizations asked the FTC to make it clear that the rule will not apply to their members given the result of recent litigation brought by the American Bar Association against the FTC. In that case, the U.S. District Court for the District of Columbia ruled that lawyers should be excluded from the requirements imposed by the red flags rule.
This healthcare consortium may be legally right, and they may win this argument.

But they're going to lose the battle over their public image. The fact is that most healthcare providers do painfully little to protect their patients' from identity and medical identity theft. This comes despite years of news reports covering the growth of medical identity theft and hospital workers snooping at what should be private health data. So if they don't care about protecting patient data, why should we expect them to care about keeping an eye out for potential identity thieves?

When it comes to protecting data, most small retailers do more (thanks to payment industry regulations) to protect credit card data than most small healthcare providers do to protect their customers.

A quick search of the Dataloss database ( shows medical data breaches that spilled nearly 7.5 million sensitive records with a mean of 33,386 records per incident. Check it out here for yourself.

An important part of the group's argument stems from a court decision earlier this year that the FTC Red Flag rules do not apply to lawyers. And if they don't apply to lawyers, they shouldn't apply to healthcare providers.

It's not that straightforward of a comparison. The government hasn't set a goal to get electronic legal records established for every American within the next five years.

But that's exactly the goal the Obama administration has set for electronic medical records. EMRs are to be on file for every American by 2014. And the government has put forth $20 billion in incentives for the adoption of EMRs in the American Recovery and Reinvestment Act of 2009.

With all of our health records being digitized, and the growth of medical identity theft, it's not asking that much for the stewards of this data to step up and take the step to implement a written identity theft prevention program to identify the warning signs "Red Flags" of identity theft. That's essentially what the Red Flag rules do.

As more of our health data is digitized, the more healthcare providers - large and small - will be targeted for that information. And, one way or another, all healthcare providers are going to have to detect and respond to it. The idea is to do that before patients find themselves without access to health insurance or are bankrupt.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2014 US Salary Survey: 10 Stats
2014 US Salary Survey: 10 Stats
InformationWeek surveyed 11,662 IT pros across 30 industries about their pay, benefits, job satisfaction, outsourcing, and more. Some of the results will surprise you.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll