Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.

Slides:



Advertisements
Similar presentations
HIPAA and Joint Commission Requirements Compared and Contrasted
Advertisements

JCAHO –A HIPAA Business Associate National HIPAA Summit
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
1 1 Medicare Marketing Danielle R. Moon, J.D., M.P.A. Director, Medicare Drug & Health Plan Contract Administration Group National Association of Health.
1 Targeted Case Management (TCM) Changes Iowa Medicaid Enterprise October 14, 2008.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA AWARENESS TRAINING
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Compliance with Federal Trade Commission’s “Red Flag Rule”
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Minimum Necessary Standard Version 1.0
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
© Chery F. Kendrick & Kendrick Technical Services.
Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
1 Red Flags Rule: Implementing an Identity Theft Prevention Program Health Managers Network May Chris Apgar, CISSP President, Apgar & Associates,
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Red Flags Rule & Municipal Utilities
 Federal Trade Commission (FTC)  Final Regulations issued November, 2007 › Effective 1/1/08 › Compliance and Enforcement Date 11/1/08  Enforcement.
IDENTITY THEFT & THE RED FLAGS RULE Presented by Brady Keith, Assistant General Counsel CREDIT MANAGEMENT SERVICES, INC.
University of Minnesota Identity Theft Prevention Program: Red Flags Rule Detecting, Preventing, and Mitigating Identity Theft This presentation was adapted.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a “Red Flag”: Understanding the Fair and Accurate Credit Transactions Act, the “Red Flag”
1 The FACT Act – An Overview The FACT Act An Overview of the Final Rulemaking on Identity Theft Red Flags and Address Discrepancies Naomi Lefkovitz Attorney,
Identity Theft and Red Flag Rules Training Module The University of Texas at Tyler.
© Chery F. Kendrick & Kendrick Technical Services.
Practical Steps to Minimize Privacy Risks: Understanding The Intersection Between Information Management and Privacy Law Presented by Alexandria McCombs.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Tiffany George Attorney, Division of Privacy & Identity Protection Federal Trade Commission COMPLYING WITH THE RED FLAGS RULE & ADDRESS DISCREPANCY RULE.
FAIR CREDIT REPORTING ACT.  Serves the following principal purposes:  To regulate the consumer-reporting industry.  To prohibit unfair actions from.
2015 ANNUAL TRAINING By: Denise Goff
HIPAA PRIVACY AND SECURITY AWARENESS.
Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”
The FTC’s Red Flag Rule. FTC Red Flag Regulations Why the Red Flag Regulations?
Red Flag Rules Training Class SD 428. Red Flag Rules SD 428 The Red Flag Rules course (SD 428) was implemented at UTSA to meet the requirements and guidelines.
FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Lydia E. Payne-Johnson Peter A. Rabinowitz PricewaterhouseCoopers, LLP Harvard University August 20, 2008 New Identity Theft Red Flags Rule: What is New.
IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Available from BankersOnline.com/tools 1 FACT ACT RED FLAG GUIDELINES.
Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Prevention of Identity Theft. Why now, Why us? Federal Trade Commission (FTC) regulations for Identity Theft which may not apply, but it is good business.
1 Identity Theft Prevention and the Red Flag Rules.
Red Flags Rule Red Flags Rule Staff Training Course Practice Administrator SAMPLE AAP PEDIATRICS.
IDENTITY THEFT What’s a lawyer to do. H. Amos Goodall, Jr
Red Flags Rule An Introduction County College of Morris
Disability Services Agencies Briefing On HIPAA
Identity Theft Prevention Program Training
Getting the Green Light on the Red Flags Rule
Presentation transcript:

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer

2 Background of Regulation The Fair Credit Reporting Act (FCRA) as amended in 2003 requires the Federal Trade Commission joint regulations and guidelines regarding the detection, prevention, and mitigation of identity theft. These Red Flag and Address Discrepancy regulations were published in final form on November 9, 2007, 72 Fed. Reg

3 Trends Medical Identity Theft World Privacy Forum estimates 250,000 to 500,000 Americans are victims of Medical Identity Theft. FTC report 8.3 million identity theft victims in 2005, 3% involving Medical Identity Theft. A Few Cases: -Wellpoint 128,000 member personal information exposed (server security problem). -Jose Medical Group 185,000 individuals (3/05) two computers were stolen that had billing information. -Duke University Medical Center 14,000 a hacker broke into the computer system and stole over 5,000 passwords and 9,000 SSN fragments.

4 Data Breaches & Risks Reported 2006 Privacy Rights Clearinghouse Health Care Outside Hackers3% Insider Malfeasance20% Human/software incompetence20% Theft (non laptop) 17% Laptop theft40%

5 FTC Requirements Two key areas of focus medical identity theft Red Flags Address Discrepancy

6 Red Flag & Address Discrepancy Defined Red Flag is defined as a pattern, practice, or specific activity that could indicate identity theft. All Creditors are subject to this new rule. Address Discrepancy Organizations Requirements: 1. Required for organizations which check credit reports-the language in this is broad: includes any viewing, information obtained from credit report or a complete credit report. 2. Address Discrepancy are triggers which must be addressed with the consumer.

7 Creditors Defined Any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor, participating in the decision to extend, renew, or continue credit. Essentially, if a health care provider extends credit to a consumer by establishing an account that permits multiple payments, the provider is a creditor. Everyone...

8 Examples Red Flags A bill for another individual. A bill for a product or service that the patient denies receiving. A bill from health care provider that the patient never patronized collection notice, including a complaint regarding the Notice. EOB not received. A dispute of a bill by a patient who claims to be the victim of any type of identity theft.

9 Requirements of Health Care Providers Red Flag Rule There are four required elements: Identify relevant Red Flags. Detect Red Flags. Respond to noted Red Flags. Review/education of identity theft program.

10 Identify & Detect Red Flags Providers should have processes in place to appropriately detect red flags once the program has been implemented. Processes may include patient authentication (require the patient to produce identifying information at the time the account is opened and upon receiving services), and validating any change of address requests.

11 Identify & Detect Red Flags Start with an assessment of current practices Tools to Assist Risk Assessment provided by FTC Section J Handout Key Assessment Points

12 Identify & Detect Red Flags Group Activity: Small groups: Review Key Assessment Handout- identify an area of concern Discussions

13 Internal Red Flag Create a process to identify a red flag at the Point of Service Develop a process which fits for your practice computer paper system

14 Respond to Red Flags Response Plan should contain an identity theft mitigation strategy including: Monitoring covered accounts. Contacting patients when questions arise or suspicious activity is detected. Changing passwords or security codes. Notifying law enforcement when appropriate. Addressing documentation issues in the patients medical record that may be related to identity theft (ensuring the medical records are accurate).

15 Response Expectations Designate an individual to respond to possible medical identity theft Privacy Officer Type of Cases: ID theft reported by a patient Incorrect bill, name on bill, wrong address=investigate Handouts: ID Theft Affidavit

16 Additional FTC Requirements Update the Program Periodically - changes in the risk of identity theft. Obtain Written Board Approval -identity theft program must be approved by the Board of Directors. Designation of Oversight Responsibilities -the Board or an individual of senior level management must be involved in the oversight, development, management of the program. Training and Compliance Monitoring - staff training: regulation, including awareness of the risk of identity theft, and impact. Oversight and compliance with the program should be monitored.

17 Penalties for Non-Compliance The FTCs plan with respect to monitoring compliance with the Red Flag rules is not clear. Nevertheless, failure to comply with the Red Flag rules could result in the imposition of monetary penalties. The FTC is authorized to bring enforcement actions in federal court for violations with penalties set at $2,500 per independent violation. State enforcement action is authorized on behalf of victims with penalties set at $1,000 per violation and reasonable attorney fees. Finally each patient may be entitled to bring a civil action and recover actual damages sustained from a violation of the Red Flag rules.

18 Red Flag Resources State of Md Notification Requirements of a Breach State of Md Display of Social Security Number

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.