© Chery F. Kendrick & Kendrick Technical Services, LLC

Presented by: Dr. Chery F. Kendrick Kendrick Technical Services © Chery F. Kendrick & Kendrick Technical Services, LLC

 Define the Red Flags Rule  Identify who must comply and why  Identify risks for and ways to prevent, detect or minimize the effects of identity theft  Discuss a compliance program to address risks and respond to flags © Chery F. Kendrick & Kendrick Technical Services, LLC

 Identifies Risk Factors  Discusses Protective Measures  Discusses Fraud Alerts  Presents Simplified RFR Form Package © Chery F. Kendrick & Kendrick Technical Services, LLC

The Red Flags Rule is a relatively new rule developed by the FTC (Federal Trade Commission) to help prevent identify theft and credit card fraud © Chery F. Kendrick & Kendrick Technical Services, LLC

Could this apply to you? YES! The FTC ruled veterinarians must comply © Chery F. Kendrick & Kendrick Technical Services, LLC

… and all clients pay in full at time of service, you likely will not have any Red Flags Rule issues. However, if you extend credit, bill clients, set up payment plans, or file insurance claims the RFR does apply to your practice. © Chery F. Kendrick & Kendrick Technical Services, LLC

 We are considered creditors when we allow clients to pay over time or accept credit applications on their behalf, for example, through CareCredit  Thus, we must have a program to address the risk of identity theft, and train employees. © Chery F. Kendrick & Kendrick Technical Services, LLC

 It’s not HIPAA- the RFR protects financial information not medical info  Specifically for protection of consumers (that would be our clients) from identity theft  HIPAA policies can overlap with the RFR in terms of identity protection (such as Social Security Numbers) © Chery F. Kendrick & Kendrick Technical Services, LLC

 Designate a Privacy Officer, (for example, your Safety Officer or Practice Manager)  Determine potential risks in your front office, billing and record keeping procedures (use checklist)  Have a written protocol on file (use RFR policy) © Chery F. Kendrick & Kendrick Technical Services, LLC

 Protecting the clinic and its clients is everyone’s concern from the front desk to the exam rooms to treatment areas and wards. All areas,all personnel need to be made aware.  The Red Flags Rule also requires that we notify all suppliers, tech support, cleaning crew, et al that their adherence to the Red Flags Rule compliance program is required © Chery F. Kendrick & Kendrick Technical Services, LLC

 That’s where I come in ◦ As a veterinarian and a regulatory specialist I understand your time constraints and “one more government regulation” to follow ◦ I have developed the tools you need ◦ RFR policy ◦ RFR Checklist ◦ RFR Training Programs ◦ It’s that simple © Chery F. Kendrick & Kendrick Technical Services, LLC

 Go over the risk assessment checklist (next slides)  Read the RFR policy  Set up training for management and all employees  Send notification to vendors and suppliers  Review policy and training annually © Chery F. Kendrick & Kendrick Technical Services, LLC

 Has the clinic ever had a case of identity theft?  How do you protect client’s personal information when transmitting payments or dealing with outside service providers such as pet insurance or pharmacies? © Chery F. Kendrick & Kendrick Technical Services

 New Client forms – what personal information do you collect?  DL#? SS#? Credit Card#?  When a client calls for refill of meds, how is that billed? Account info accessed? How is file and info protected?  Secondary vendors: what information do they receive about client?  Do vendors have own RFR protocol? © Chery F. Kendrick & Kendrick Technical Services, LLC

 All employees should be trained on the RFR compliance policy  As with all training there should be an annual review  New employees should have RFR training © Chery F. Kendrick & Kendrick Technical Services, LLC

 The FTC tells us we need to prepare a “Risk Assessment Checklist”  Let’s work through the checklist I have developed as part of the RFR compliance package © Chery F. Kendrick & Kendrick Technical Services, LLC

 CHECKLIST FOR RED FLAG RULE COMPLIANCE   IDENTIFY THE POTENTIAL TO GATHER PRIVATE INFO   √ Offering programs/brochures that extend credit for veterinary care.   √ Client information for pet health insurance forms.   √ Accepting credit card payments by phone or mail on written-in forms.   √ Accepting credit card payments at the front desk upon checkout.  √ Accepting checks and obtaining personal info, such as SSN and driver’s license number.   √ Forms completed by clients for veterinary service.  √ Forms completed by employees with personal info, such as SSN and driver’s license number.  √ Employee medical records, employment records, pay records © Chery F. Kendrick & Kendrick Technical Services, LLC

 INTERNAL ACTIONS APPLICABLE TO THE RED FLAG RULE  √ Communicate to staff the serious issue of identity theft and explain that the veterinary practice must be in compliance by federal law.  √ Ensure that all staff can recognize red flags, or potential red flags.  √ Assign a staff member to oversee compliance and determine how all red flag issues are handled. This member also should be assigned to determine what is or is not a red flag.  √ Have a written policy on the Red Flag Rule.  √ Periodically review detection procedures for red flags and update as needed.  √ Train existing staff on compliance with the rule.  √ Train new employees on compliance with the rule.  √ Expect compliance from vendors and service providers and document that compliance was sought.  √ Ensure customers and employees that the practice is in compliance and that all private information is safeguarded © Chery F. Kendrick & Kendrick Technical Services, LLC

 Gathering information on forms that extend credit for veterinary care.  Client information for pet health insurance forms.  Accepting credit card payments by phone or mail on written-in forms.  Accepting credit card payments at the front desk upon checkout. © Chery F. Kendrick & Kendrick Technical Services, LLC

 Accepting checks and obtaining personal info, such as SSN and driver’s license number.  Forms completed by clients for veterinary service. © Chery F. Kendrick & Kendrick Technical Services

 Don’t leave files on counters where public has access  Keep file cabinets secured © Chery F. Kendrick & Kendrick Technical Services, LLC

 Take private information by phone out of public’s earshot © Chery F. Kendrick & Kendrick Technical Services, LLC

 Secure client information by logging in/out before leaving terminal Protect Your Password!! © Chery F. Kendrick & Kendrick Technical Services, LLC

 Match name on credit card to driver’s license or other form of picture ID  Hand credit card back directly to the client you received it from  Do NOT lay credit cards down on desk or counter © Chery F. Kendrick & Kendrick Technical Services, LLC

 Match name on check to driver’s license or other form of picture ID  Immediately secure checks in locked drawer  When you are preparing deposit slips do so in private © Chery F. Kendrick & Kendrick Technical Services, LLC

 Employee records SSN Medical information Checking acct info for direct deposits Payroll information  Clinic Information Medical license numbers Credit card numbers Bank records © Chery F. Kendrick & Kendrick Technical Services, LLC

 Beware of what you put in the trash un-shredded. Thieves use contents of trash containers to steal identities.  Shred all messages or notes with information about personal records such as addresses, and billing info.  Don’t forget electronic media: shred discs, clear out files before disposing of computer. © Chery F. Kendrick & Kendrick Technical Services, LLC

 Inspections would be conducted by a federal inspector with the FTC  Front desk should be trained to follow the same inspection protocol as with any other government inspector  Verification of inspector’s identity is rule #1  Verification is made by calling: 877-FTC- HELP ( ) © Chery F. Kendrick & Kendrick Technical Services, LLC

 Inspectors will want to see the following:  Training program and training records  RFR Protocol  RFR Checklist  RFR Vendor notification  May interview employees  Will give exit briefing © Chery F. Kendrick & Kendrick Technical Services, LLC

 NO inspector collects fines so any mention of money should in itself be a “Red Flag” that this is NOT a legitimate FTC inspector and you should immediately call the FTC  Follow up report will be mailed to you summarizing findings and notifying you of any potential fines for missing documents or training © Chery F. Kendrick & Kendrick Technical Services, LLC

 Red Flags Rule Investigations are separate.  They are initiated by consumer fraud complaint which usually involves identity theft  Your business may be investigated if the consumer conducted business with you and listed you as potential source of identify theft  Investigator will review documents including how you handled that clients personal information © Chery F. Kendrick & Kendrick Technical Services, LLC

 An investigation is NOT an accusation, But a fact finding process to determine where the identity breach may have occurred  If however it is determined that the breach occurred at your practice which allowed the identify theft to occur then you may be held civilly liable  Criminal liability is reserved for the actual thief © Chery F. Kendrick & Kendrick Technical Services, LLC

 Remain calm, answer only questions asked  Notify practice owner, regulatory consultant and practice attorneys  Do Not allow documents to leave the practice  Allow the professionals (consultants and attorneys) to take over for you © Chery F. Kendrick & Kendrick Technical Services, LLC

 It is unlikely there will be inspections however we are still required to have a program in place and train our team  The protection of information is critical to all of us  Stay calm, know you are trying your best to stay compliant and safeguard vital information © Chery F. Kendrick & Kendrick Technical Services, LLC

 On completing your Red Flags Rule training  Main Points:  1) Guard personal information collected  2) Be careful with credit applications  3) Be vigilant and report suspicious activity  4) Review Red Flags Rule Protocol  5) Train new employees on Red Flags Rule © Chery F. Kendrick & Kendrick Technical Services, LLC

Call “Doc Chery” Dr. Chery F. Kendrick Veterinarian & Regulatory Specialist Kendrick Technical Services Knoxville, TN © Chery F. Kendrick & Kendrick Technical Services, LLC

 Red Flags Rule Compliance Program  Includes All Required Forms- Ready To Use!  Checklist  Policy  Confidentiality Form  Management AND Employee Training  Special Seminar Price*: Only $159  pick up your CD here today  Or go to  click on “Seminars” to order * offer good through April 5, 2010 © Chery F. Kendrick & Kendrick Technical Services, LLC

Dr. Chery F. Kendrick Veterinary Regulatory Specialist © Chery F. Kendrick & Kendrick Technical Services, LLC