Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”

Published byDerick Carter Modified over 9 years ago

Similar presentations

Presentation on theme: "Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”"— Presentation transcript:

1 Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”

2 2 Introduction  “What are the Red Flag Rules,” and What is a Red Flag  What do the Rules require, and Who Must Comply?  Consequences of Failure to Comply  Creation of an Identity Theft Detection Program  Health Care Specified Examples 9/12/2015 2 RATC Red Flag Information

3 3 What are the “Red Flag Rules”? Fair and Accurate Credit Transactions Act (“FACTA”) was passed by Congress in 2003 to protect consumers against identity theft Agencies published the final regulations under FACTA effective January 1, 2008 The good news: deadline for mandatory compliance with the Red Flag Rules was delayed for six months, from November 1, 2008 to May 1, 2009 3 RATC Red Flag Information 9/12/2015

4 4 What is a “Red Flag”?  A pattern, practice, or specific activity that indicates the possibility of identity theft 9/12/2015 4 RATC Red Flag Information

5 5 What Do the Red Flag Rules Require?  RATC must create a written program to detect, prevent, respond to, and mitigate identity theft in connection with new or exiting policies  Train the staff on the new guidelines.  And do audits 9/12/2015 5 RATC Red Flag Information

6 6 Who is Required to Comply?  A financial entity -i.e., a State or national bank, a State or Federal savings and loan association Or  A "creditor” who maintains “covered accounts” __The definition of “creditor” can include “lenders such as banks, finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies” 9/12/2015 6 RATC Red Flag Information

7 7 Are Health Care Providers  Yes, they can be.  Health care providers may be creditors if they “regularly” extend, renew or continue credit”  Credit simply means any deferral of payment  Note: the Federal Trade Commission (“FTC”) takes the position that “regular” probably includes “a few times a year” 9/12/2015 7 RATC Red Flag Information

8 8 Do you Maintain Covered Accounts?  What is a “covered account”?  Any account maintained “primarily for personal, family, or household purposes that involves or is designed to permit multiple payments and tranactions”  And any other account…for which there is a reasonably foreseeable risk to patients…for identity theft.” 9/12/2015 8 RATC Red Flag Information

9 9 Do you Maintain Covered Accounts?  Thus, any account that permits multiple payments (or an entity’s practice of permitting such payments) 9 RATC Red Flag Information 9/12/2015

10 10 Special Problem for Health Care Providers: Medical Identity Theft  Medical identity theft occurs when __someone uses a person’s name and sometimes other parts of their identity, including insurance info or SS# __without the victim’s knowledge or consent __to obtain medical goods or services __or to obtain money by falsifying claims for medical services and falsifying medical records to support claims 9/12/2015 10 RATC Red Flag Information

11 11 What Happens if You Fail to Comply?  The Federal Trade Commission (“FTC’) oversees creditors who are not financial institutions—such as health care providers  Even if your entity is a nonprofit organization, the FTC takes the position that such entities are subject to its jurisdiction  Failure to comply with the Red Flag Rules can lead to enforcement actions and penalties of up to $2,500 per violation 9/12/2015 11RATC Red Flag Information11

12 12 Four Essentials for a Red Flags Program  Identify Red Flags  Detect Red Flags  Respond appropriately to Red Flags detected  Update program to reflect changes in risk from identity theft to patients 9/12/2015 12 RATC Red Flag Information

13 13 Identify Red Flags  Health care providers should consider patterns, signals, activities or practices that would alert the provider to the possibility of identity theft, such as: ---ALERTS, notifications or warnings from any other providers (hospital,collection agency, referring physicians, etc) ---Suspicious documents ---Suspicious personal identifying information 9/12/2015 13RATC Red Flag Information

14 14 Identify Red Flags  Unusual use of, or suspicious activity related to, the covered account __Notice from a patient, theft victim, law enforcement or other business RATC Red Flag Information 9/12/2015

15 15 Detect Red Flags  Implement procedures to detect the identified red flags: ___Obtain information and verify identity of persons wanting to inquire about an account ___Verify change of address request for existing covered accounts. 9/12/2015 15 RATC Red Flag Information

16 16 Respond to Detected Red Flags  Develop appropriate policies to respond to detected Red Flags: ___Monitor patients account for evidence of identity theft (MMP)(duplicate SS#, same address different patient name) ___Contact a patient ___Change any passwords or security codes that permit access to patient accounts __Remove or modify incorrect medical records 9/12/2015 16 RATC Red Flag Information

17 17 Respond to Detected Red Flags ___ If patient has already an exiting account and his information was stolen, set up a new account ___Do not attempt to collect on a patient account ___Notify law enforcement 17 RATC Red Flag Information 9/12/2015

18 18 HIPAA and the Red Flags Rule  For most health care providers, HIPAA security policies and procedures go a long way toward compliance with the Red Flag Rules  However –unlike HIPAA—the Red Flags Rule’s requirement to mitigate may require notification of patients 9/12/2015 18 RATC Red Flag Information

19 19 HIPAA and the Red Flags Rule  It will be important for health care providers to review their existing HIPAA compliance effort ---Some policies will need to be updated based on the circumstances and situations that are unique to health care providers RATC Red Flag Information 9/12/2015

20 20 Examples of Red Flags in Health Care: How Patients Find Out  Patient receives EOB for services not received  Patient receives bill from facility which patient never visited  Patient receives bill for another person  Physician mentions inaccurate treatment history during patient’s office visit (referring physician) 9/12/2015 20 RATC Red Flag Information

21 21 Examples of Red Flags in Health Care: How Patients Find Out  Accounting for disclosure  Insurance company denies treatment for condition patient doesn’t have  Patient’s records shows treatment inconsistent with patient’s medical history or physical exam (age, blood type) RATC Red Flag Information 9/12/2015

22 22 Examples of Red Flags in Health Care: How Patients Find Out  Patients complains about receiving collection notice for services not received  Patient provides insurance number but cannot produce insurance card  Mail sent to patient’s is returned repeatedly but transactions continue to occur on patient’s account 9/12/2015 22 RATC Red Flag Information

23 23 Examples of Red Flags in Health Care: How Patients Find Out  ID appears to have been altered or forged  Picture or signature on file does not match that of person presenting for treatment RATC Red Flag Information 9/12/2015

24 24 The Good News  Many health care providers have extensive compliance programs in place to safeguard protected health information under HIPAA  The Red Flags Rule imposes a separate, independent duty on health care providers to help victims mitigate the consequences of identity theft 9/12/2015 24 RATC Red Flag Information

25 25 The Good News  RATC has to have a program to safeguard patient health and financial information RATC Red Flag Information 9/12/2015

26 26 Don’t Panic  The programs are risk-based and flexible  Consider the bigger picture preventing medical identity theft can save Patients’ lives 9/12/2015 26 RATC Red Flag Information

Download ppt "Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”"

Similar presentations

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.

© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
WELCOME Iowa State University Identity Theft Prevention Program

WELCOME Iowa State University Identity Theft Prevention Program
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.

1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
© Chery F. Kendrick & Kendrick Technical Services.

© Chery F. Kendrick & Kendrick Technical Services.
Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.

Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.

STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.

Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A. 2618 Centennial.

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
©2012 CliftonLarsonAllen LLP 1 111 Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

Similar presentations

Ads by Google