The American Medical Association (AMA), the American Bar Association (ABA) and the American Institute of Public Accountants (AICPA) all have brought legal actions against the FTC on the Red Flags rule. In the most recent suit filed on May 21, 2010 by the AMA, the American Osteopathic Association, and the Medical Society of the District of Columbia, the groups argued that the FTC will require them to start verifying their patients’ identities before they agree to treat them. In August 2009, in a suit brought by the ABA, the district court barred the FTC from applying its Red Flags rule to lawyers. The FTC appealed the ruling in February 2010. A decision in the appeal is pending.

The AICPA’s suit, filed on behalf of its members on November 10, 1009, charged in part that the FTC exceeded its statutory authority by extending the rule to regulate accountants and public accounting firms. The AICPA said that “it did not believe there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered.” That suit is now linked to the outcome of the appeal of the ABA ruling. AICPA members have been granted a 90-day grace period – a 90-day delay of enforcement of the rule – from the date on which the U.S. Court of Appeals for the District of Columbia Circuit renders an opinion in the ABA’s case against the FTC.

On May 28, 2010, the FTC announced that it again delayed the implementation until December 31, 2010 of a proposed Final Rule relating to Identity Theft Red Flags under the Fair and Accurate Credit Transactions Act of 2003. The proposed “Red Flags” rule is designed to help prevent identity theft among credit providers and financial institutions.