Red Flags Rule Red Flags Rule Staff Training Course Practice Administrator SAMPLE AAP PEDIATRICS.

Slides:



Advertisements
Similar presentations
Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Advertisements

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Compliance with Federal Trade Commission’s “Red Flag Rule”
WELCOME Iowa State University Identity Theft Prevention Program
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do
Identity Theft Prevention Program Red Flags Rules Fighting Fraud at Montana Tech.
Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.
Identity Fraud Prevention 1 Copyright Identity Management Institute®
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator. The Red Flag Rule Detecting, Preventing, and Mitigating.
Red Flags 101. What It’s All About Section’s 114 and 315 of the FACT Act were implemented in October 2007 and became effective January 1, These.
1 Red Flags Rule: Implementing an Identity Theft Prevention Program Health Managers Network May Chris Apgar, CISSP President, Apgar & Associates,
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Red Flags Rule & Municipal Utilities
 Federal Trade Commission (FTC)  Final Regulations issued November, 2007 › Effective 1/1/08 › Compliance and Enforcement Date 11/1/08  Enforcement.
IDENTITY THEFT & THE RED FLAGS RULE Presented by Brady Keith, Assistant General Counsel CREDIT MANAGEMENT SERVICES, INC.
University of Minnesota Identity Theft Prevention Program: Red Flags Rule Detecting, Preventing, and Mitigating Identity Theft This presentation was adapted.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a “Red Flag”: Understanding the Fair and Accurate Credit Transactions Act, the “Red Flag”
1 The FACT Act – An Overview The FACT Act An Overview of the Final Rulemaking on Identity Theft Red Flags and Address Discrepancies Naomi Lefkovitz Attorney,
Identity Theft and Red Flag Rules Training Module The University of Texas at Tyler.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Detecting, Preventing, and Mitigating Identity Theft
© Chery F. Kendrick & Kendrick Technical Services.
UAMS Identity Theft Program—Red Flag Rule Computer Based Training (CBT) Module Prepared for UAMS Registration and Admissions Personnel Each slide contains.
Copyright 2007, Integrated Compliance Solutions, LLC FACT Act Red Flags Bank Compliance Association of Connecticut September 3, 2008 Copyright 2007, Integrated.
Tiffany George Attorney, Division of Privacy & Identity Protection Federal Trade Commission COMPLYING WITH THE RED FLAGS RULE & ADDRESS DISCREPANCY RULE.
FAIR CREDIT REPORTING ACT.  Serves the following principal purposes:  To regulate the consumer-reporting industry.  To prohibit unfair actions from.
2015 ANNUAL TRAINING By: Denise Goff
HIPAA PRIVACY AND SECURITY AWARENESS.
Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”
The FTC’s Red Flag Rule. FTC Red Flag Regulations Why the Red Flag Regulations?
Red Flag Rules Training Class SD 428. Red Flag Rules SD 428 The Red Flag Rules course (SD 428) was implemented at UTSA to meet the requirements and guidelines.
Proof of Identity Training Guide 1 This Red Flag Identification and Detection Plan is designed to assist automotive dealers in the detection of the Federal.
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
1 1 Fees, Billing, Collections, and Credit Lesson 1: Fees, Billing, Collections, and Credit.
FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,
IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.
Copyright© 2010 WeComply, Inc. All rights reserved. 10/10/2015 FACTA Red Flags.
Available from BankersOnline.com/tools 1 FACT ACT RED FLAG GUIDELINES.
Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING
Prevention of Identity Theft. Why now, Why us? Federal Trade Commission (FTC) regulations for Identity Theft which may not apply, but it is good business.
1 Identity Theft Prevention and the Red Flag Rules.
UNC Asheville Red Flag Rule and NC Identity Protection Act Information.
University of St. Thomas
Red Flags Rule An Introduction County College of Morris
Disability Services Agencies Briefing On HIPAA
Identity Theft Prevention Program Training
Protecting Yourself from Fraud including Identity Theft
Clemson University Red Flags Rule Training
FACT Act Training for Staff Identity Theft “Red Flags”
Protecting Yourself from Fraud including Identity Theft
Colorado “Protections For Consumer Data Privacy” Law
Getting the Green Light on the Red Flags Rule
Presentation transcript:

Red Flags Rule Red Flags Rule Staff Training Course Practice Administrator SAMPLE AAP PEDIATRICS

Disclaimer This content is for informational purposes only. It is not intended to constitute financial or legal advice. A financial advisor or attorney should be consulted if financial or legal advice is desired. The AL Chapter-AAP Practice Management Association accepts no legal liability or responsibility for any claims made or opinions expressed herein.

Red Flags Rule for your Office The Red Flags Rule gives you the flexibility to design a Program appropriate for your company, its size and potential risks of identity theft. While some businesses and organizations may need a comprehensive Program that addresses a high risk of identity theft in a complex organization, others with a low risk of identity theft could have a more streamlined Program.

Red Flags Rule Training Table of Contents 1. Federal Trade Commission (FTC) Information 2. FTC Red Flags Rules 3. Applicability to Health Care Providers 4. Definitions 5. Program Requirement 6. Possible Red Flags 7. Detection of Red Flags 8. Prevention of Red Flags 9. Sanctions Against the Practice 10. Updating the Program 11. Oversight of the Program 12. Examples 13. Filing a Complaint 14. Questions and Discussion 15. Resources for Practice Managers

The FTC reports that of the 8.3 million cases of identity theft, 4.5% of those were medical identity theft. That’s almost 375,000 cases of medical identity theft. Federal Trade Commission Information -5-

FTC Information Continued: The FTC defines the term “Red Flags” as a pattern, practice or specific activity that indicates identity theft -6-

FTC Red Flags Rule  Fair and Accurate Credit Transactions Act of 2003 (“FACTA”): o As an extension of the Fair Credit Reporting Act (“FCRA”), the Federal Trade Commission (“FTC”) adopted FACTA to provide rules aimed at deterring, detecting and preventing identity theft. o Under these “Red Flags Rules,” financial institutions and creditors of covered accounts must establish a program to detect, prevent and mitigate identity theft.  Effective Date for Health Care: May 1, Postponed Effective Date Postponed to August 1, 2009 Effective Date Now Set for November 1,

Applicability to Health Care Providers Initially unsure whether applied to health care providers. AMA challenged applicability to health care providers. FTC confirmed that a health care provider would be a creditor if the health care provider does not regularly demand payment in full for services or supplies at the time of service (i.e. extending credit) and maintains covered accounts of its patients.  Collecting co-pay or deductible at the time of service, then subsequently collecting from third party payers and finally collecting remaining balance from patient.  Payment plans. -8-

Definitions Creditor: o An entity that regularly extends, renews, continues credit or arranges for the extension of credit. Covered Account: o A consumer account designed to permit multiple payments or transactions, or any other account for which there is a reasonably foreseeable risk of identity theft (e.g. patient billing records, patient payment plans). -9-

Definitions continued: Identity Theft Occurs when a person wholly takes over another individual’s identifying information:  To obtain medical services or goods.  To obtain money by falsifying claims for medical services and falsifying medical records to support those claims. Identifying Information  Is defined as any Identifying Information which may be used to identify a person, such as (e.g. name date of birth, social security number, state issued driver’s license, government identification, passport, insurance policy number, etc.) Red Flags  Means a pattern, practice or specific activity that indicates the possible existence of identity theft. -10-

Identity Theft Prevention Program Requirements Identify Red Flags Detect Red Flags Respond to Red Flags detected to prevent and mitigate identity theft and Ensure the Program is updated periodically to reflect changes in the risks of identity theft -11-

Red Flags Categories 1.Alerts from others 2.Suspicious documents 3.Suspicious personal Identifying Information 4.Suspicious account activity or unusual use of account -12-

26 Possible Red Flags 1.A fraud alert included with a consumer report. 2.Notice of a credit freeze in response to a request for a consumer report. 3.A consumer reporting agency providing a notice of address discrepancy. 4.Unusual credit activity, such as an increased number of accounts or inquiries. 5.Documents provided for identification appearing altered or forged. 6.Photograph on ID inconsistent with appearance of customer. 7.Information on ID inconsistent with information provided by person opening account. 8.Information on ID, such as signature, inconsistent with information on file at financial institution or creditor. 9.Application appearing forged or altered or destroyed and reassembled. 10.Information on ID not matching any address in the consumer report, Social Security number has not been issued or appears on the Social Security Administration's Death Master File, a file of information associated with Social Security numbers of those who are deceased. 11.Lack of correlation between Social Security number range and date of birth. -13-

26 Possible Red Flags 12.Personal Identifying Information associated with known fraud activity. 13.Suspicious addresses supplied, such as a mail drop or prison, or phone numbers associated with pagers or answering service. 14.Social Security number provided matching that submitted by another person opening an account or other customers. 15.An address or phone number matching that supplied by a large number of applicants. 16.The person opening the account unable to supply Identifying Information in response to notification that the application is incomplete. 17.Personal information inconsistent with information already on file at financial institution or creditor. 18.Person opening account or customer unable to correctly answer challenge questions. 19.Shortly after change of address, creditor receiving request for additional users of account. -14-

26 Possible Red Flags 20.Most of available credit used for cash advances, jewelry or electronics, plus customer fails to make first payment. 21.Drastic change in payment patterns, use of available credit or spending patterns. 22.An account that has been inactive for a lengthy time suddenly exhibiting unusual activity. 23.Mail sent to customer repeatedly returned as undeliverable despite ongoing transactions on active account. 24.Financial institution or creditor notified that customer is not receiving paper account statements. 25.Financial institution or creditor notified of unauthorized charges or transactions on customer's account. 26.Financial institution or creditor notified that it has opened a fraudulent account for a person engaged in identity theft. -15-

Detection of Red Flags 1. New patient accounts.  Require and verify Identifying Information.  Compare photo identification carefully to patient presenting identification.  Compare physical description to patient presenting identification (e.g. DOB, height, etc.).  Check expiration date.  Compare signature on identification to other signatures of patient.  Review identification for evidence of tampering.  When available verify Identifying Information with insurance company’s information. 2.Existing patient accounts.  Verify identification of patient or their legal representative before disclosing any personal Identifying Information.  Verify identification of patient or their legal representative before accommodating requests for changes of billing address. -16-

Prevention and Mitigation of Identity Theft If identity theft is suspected for any reason, immediate action is required. Notify Administrator, Doctor or supervisor. One of the following actions will immediately be put into place.  Monitor the covered account for evidence of identity theft.  Contact the patient.  Change any passwords, security codes or other security devices that permit access to a covered account.  Re-open a covered account with a new account number.  Do not open a new covered account.  Close an existing covered account.  Notify law enforcement.  Determine no response is warranted under the particular circumstances. -17-

Sanctions Against the Practice Federal Enforcement: FTC can enforce penalties up to $2,500 per violation. State Enforcement: State can enforce penalties up to $1,000 per violation plus attorney’s fees. Civil Liability: Each patient may be entitled to recover actual damages. -18-

Updating the Program The Program will be reviewed and updated annually to reflect changes in risks to patients based on the following factors:  The experience of the entity with identity theft.  Changes in methods of identity theft.  Changes in methods to detect, prevent and mitigate identity theft.  Changes in the types of accounts that the entity offers or maintains. -19-

Oversight of the Program Oversight of the Program shall include: The Physician Owners of the entity approve of the Program. Disclosure of their approval is located in Operational Policy and Procedure Manual. Administrator and all management staff will be responsible for implementation of the Program. Compliance by all staff members is required. Approval of material changes to the Program. The Compliance Officer should be responsible for oversight of the Program and report to the Administrator, and/or the Physician Owners. Physician Owners have ultimate responsibility over the Program. -20-

Examples of Red Flags Mitigation and Resolution Procedures Red Flags: Personal Identifying Information provided by the patient is not consistent with other personal Identifying Information provided by patient.  State issued driver’s license describes an individual as 45 year old, 5’ 10” male; patient presenting is 25 year old, 5’ 5” male. Prevention/mitigation procedure:  Stop the intake/admissions process and require patient to provide additional satisfactory information to verify identity.  Notify law enforcement as appropriate. -21-

Examples of Red Flags Mitigation and Resolution Procedures Red Flags: Patient complaint regarding bill for service patient did not receive. Prevention/mitigation procedure:  Hold bill.  Investigate complaint.  Interview individuals as appropriate.  Obtain additional satisfactory information to verify identity.  Notify law enforcement as appropriate. -22-

Examples of Red Flags Mitigation and Resolution Procedures Red Flags: Change in address requested. Prevention/mitigation procedure:  Verify patient’s identity through social security number, DOB and other form of Patient information as originally provided to the entity, prior to accepting any address change.  Do not change address if identity is not verified.  Notify law enforcement as appropriate. -23-

Filing a complaint: To report or discuss a case of identity theft, call toll free , or go to FTC online, at Medicaid Fraud related complaints should be reported to: Alabama Director, MFCU Office of the Attorney General 11 South Union Street Montgomery, AL

Thank you!! Questions and Discussion

Resources for Practice Managers Federal Trade Commission Website for Red Flags Rule American Academy of Pediatrics Website 687http://practice.aap.org/content.aspx?aid=2 687 (AAP member log-in required)  Your Local Attorney