Congressional vote changes wording, eliminates medical practices from definition. In a vote that came right down to the wire on the Jan. 1 Red Flags Rule deadline, Congress voted to change the wording of who is considered a "creditor" in the government's eyes. Fortunately, medical practices no longer appear to fit the definition, which means that the Jan. 1 deadline to comply with the Red Flags Rule may not affect you. Check What Changed Previously, the Red Flags Rule defined a creditor as any entity that bills a customer after rendering services. The Federal Trade Commission's (FTC's) Web site noted earlier this year that creditors included "many doctor's offices, hospitals, and other health care providers." As creditors, medical practices had to comply with the FTC's Red Flags Rule, which required creditors to develop programs to address identity theft prevention techniques, as well as tools to detect and deal with potential identity theft incidents. New ruling: Good news: Physician advocacy organizations were pleased with the ruling, and want the FTC to specifically indicate in writing that physicians are exempt from the Red Flags Rule, which has not yet happened. "The AMA is pleased that this legislation supports AMA's longstanding argument to the FTC that physicians are not creditors," said AMA President Cecil B. Wilson, MD, in a Dec. 7 statement. "We hope that the FTC will now withdraw its assertion that the red flags rule applies to physicians." "The FTC is revising the materials on this site to reflect the change in the law," according to the FTC Web site (http://ftc.gov/redflagsrule). Don't Abandon Your Efforts If you've worked throughout the past year to tighten up your identity theft prevention processes, don't think that work was for naught. The provisions in the Red Flags Rule are still considered smart if you want to avoid problems in your practice, says James D. Hook, MPH, director of consulting services with The Fox Group, a healthcare consulting firm based in Upland, Calif. Your practice is still legally responsible for protecting the confidential information that patients give to you, Hook says. If you created a Red Flags program, don't just toss it aside - - instead, continue to implement the safeguards that you put in place to protect your patients. For instance, "it's pretty common now to take a photograph of your patients and store that picture to verify that the person presenting for a visit is the same patient connected to the insurance identification number," Hook advises. "That way you'll know that someone hasn't pilfered or borrowed an insurance card to receive care and have someone else pay the bill." If you instituted this practice, you should continue to follow it. Additionally: For the full text of the legislation, visit www.gpo.gov/fdsys/pkg/BILLS-111s3987enr/pdf/BILLS-111s3987enr.pdf.