Fight Identity Theft » Flags

Compli Red Flags Presentation part 1

Tue, 24 May 2011 04:29:03 +0000

Lon Leneve, President & CFO of Compli, discussing the importance of Red Flags identity theft compliance

Red Flags Rap!

Thu, 18 Nov 2010 04:22:49 +0000

Beware of Feds like these! (Note: Feds might not actually rap in real life.) Heard of FACTA Red Flags? Your business might be affected by new FACTA Red Flags Regulations! Check out our website to learn more: www.microbilt.com The FACTA Red Flags are a series of federally-mandated precautions many businesses must take to protect themselves and their customers from crimes based on identity theft…and chances are…your business may have to comply! FACTA Red Flags Video and Song featuring Remy from GoRemy.com! Lyrics: Yo, watch your head, I’m a fed From the FTC Enacting rules for information handling So I’m going door to door all across the nation to anyone collecting credit information Yeah ‘cuz personal info we gotta protect Because you know we don’t want identity theft Knock knock. Hi. I’m from the FTC Been detecting red flags? You have to now, you see. When collecting information You better be protective “What? How so?” Well, it’s pretty subjective… Man, that place could have been so much finer So many red flags, man you’d think it was China. But I got to write a fine, Oh, what a great feeling Ah, looky here! Let’s go hassle car dealers! Did you check their ID’s? Did you look at their faces? Did you assess perceived risk on a reasonable basis!?!? “I’m just a car dealer… explain this, can ya?” “What do I need to do to comply– Am I on Candid Camera??? Well you could create a department for the risk to vanquish You could hire a lawyer to interpret our language A fraud …

?Red Flags? Rule: Medical Compliance

Wed, 28 Jul 2010 04:27:06 +0000

The August 1, 2009 deadline for complying with the FTC’s (Federal Trade Commission) “Red Flags” Rule is here. While the American Medical Association (AMA) continues to strive to convince the FTC that physicians are not creditors and should not be subject to the Red Flags Rule; in the meantime, they are encouraging physicians and practices to implement an identity theft and protection program.

In this article, you will find the basic information you need to know about the “Red Flags” Rule and resources that will help you efficiently implement an appropriate compliance plan.

The Basics

According to the FTC’s publication, “Fighting Fraud with the Red Flags Rule: A How-To Guide for Business,” the “Red Flags” Rule, in effect since January 2008, “requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations, take steps to prevent crime, and mitigate the damage it inflicts. By identifying red flags in advance, they will be better equipped to spot suspicious patterns when they arise and take steps to prevent a red flag from escalating into a costly episode of identity theft.”

From a healthcare perspective, medical identity theft happens when a person seeks health care using someone else’s name or insurance information. According to the FTC, almost 5 percent of identity theft victims have experienced some sort of medical identity theft resulting in significant costs to both the patient and the providers.

Are you a “Creditor?”

The “Red Flags” Rule only applies to you if you meet the criteria for being a creditor. According to Steven Toporoff, an attorney with the FTC’s Division of Privacy and Identity Protection, the law defines “creditor” as any entity that regularly defers payments for goods or services or arranges for the extension of credit. In a May article on the FTC website (http://www.ftc.gov/bcp/edu/pubs/articles/art11.shtm ) Toporoff states:

You are a creditor if you regularly bill patients after the completion of services including the remainder of medical fees not reimbursed by insurance; Health care providers who regularly allow patients to set up payment plans after services have been rendered are considered to be creditors; Healthcare providers are considered creditors if they help patients get credit from other sources (i.e. distribute and process applications for credit accounts tailored to the healthcare industry); Healthcare providers who require payment before or at the time of service are not creditors; If you accept only direct payment from Medicaid or similar programs where the patient has no responsibility for the fees, you are not considered to be a creditor.

Another term in addition to creditor that you must consider is “covered account.” The FTC defines a “covered account” as a consumer account that allows multiple payments or transactions or any other account with a reasonably foreseeable risk of identity theft. With that definition in mind, the accounts you establish for your patients are generally considered to be “covered accounts.”

Therefore, if you meet the criteria for a “creditor” and your patients have what are considered to be “covered accounts,” you must develop a written Identity Theft Prevention Program.

Fortunately, the AMA and several other healthcare organizations have done most of the work for you by creating template-based compliance guidelines/programs. Here are some links to these resources. Use them to efficiently, effectively and easily comply with the “Red Flags” Rule.

Go to the Resource page on the Efficiency in Practice website for:

AMA Red Flags Rule Guidance Document:

AMA: Sample Policy

(Note: AMA member’s can access the Word version of the Sample Policy (Word) and adapt it to their individual practice.)

The MGMA has many “Red Flags” resources available (some only to MGMA members including a 30-minute Red Flags Rule Webinar).

Additionally, if you have a specific question about the “Red Flags” Rule, you can email redflags@ftc.gov.

Sue Kay, Senior Consultant at InHealth, is the editor of Efficiency in Practice, the free eNewsletter for medical practice managers who want to save time, money and reduce risk. For more information and to access your FREE report, The 8 Things You MUST Know About CMS? RAC Program, visit www.efficiencyinpractice.com or check out our blog at www.efficiencyinpractice.blogspot.com

This article can be reprinted freely online, as long as the entire article and this resource box are included.

Create a list of Red Flags today and avoid identity theft

Sun, 04 Jul 2010 04:24:53 +0000

As part of your facility’s or practice’s compliance with the FTCs Red Flag Rules, which are slated to take effect in June 2010, you need to come up with a list of “red flags” that represent risk factors for identity theft in health care.

Duane Abbey, whose recent audio conference, “Achieve Red Flag Compliance,” gave medical professionals a hold on this new federal compliance requirement said, “To do this, use a risk assessment process, review prior experiences, and investigate the Federal Register.

First, assess these common risk factors of health care for identity theft: the types of accounts that have been established by the patients with you; verification of patient’s identity by the insurance company; and the steps you take when opening an account for a patient.

Review prior experiences that your facility or practice might have had regarding identity theft issues. Look at the details whether you got paid or not, or if you had to make any adjustments in medical records regarding such issues.

Abbey cited few examples related to issues that could be red flags for identity thefts, from the Federal Register Supplement A to Appendix J:

Alerts, warnings or notifications from a consumer reporting agency
Suspicious personal identifying information and documents
Suspicious activity related to, the covered account
Notice from customers, law enforcement authorities, victims of identity theft or others.
Mail sent to your patient is returned repeatedly as undeliverable, even though transactions continue to take place on his or her accountAbbey also provided some examples of red flags specific to healthcare providers:
Thoroughly check insurance documents compared to drivers licenses and your records for address differences
Check for mismatch between the individual and his photograph.
Ensure that the address mentioned is true and it exists.
Make sure you have a working and existing telephone number for patients.
Check for medical record inconsistencies: sometimes there may be differences between the records you maintained and what the patients reports.
Make sure that the patients have a legitimate insurance card.
If your patient claims that he received a notice of an insurance payment for services that were not provided to him. Pay attention to it.

Michele Bowman, JD, MFA is a lawyer whose writing focuses on compliance, health information technology and HR. In the past, she has edited Managed Care Report and Managed Medicare Alert. She teaches college writing and freelances as a academic copy editor. she has also worked with law firms and law schools on their marketing and communications.

Identity Theft Red Flags Prevention Program

Sun, 18 Apr 2010 04:22:49 +0000

On March 20, 2008, CoNetrix launched the Identity Theft Prevention Program online tool designed to help organizations create an Identity Theft Prevention Program, making CoNetrix the first company to provide an online solution for the new Identity Theft Red Flags rules and guidelines. The online service includes an online tool that helps Financial Institutions create an Identity Theft Prevention Program document, and customized online Identity Theft Red Flags employee training. The service follows the Red Flag rules and guidelines, and through 4 simple steps, enables organizations to create a complete Identity Theft Prevention Program while saving them time and resources. Subscribers of the service can simply log-in, complete a series of questions and download a customized Program document in Microsoft Word or Adobe Acrobat format. The customized training course can be accessed by employees through the integrated, web-based Learning Management System (LMS) or by simply downloading it in Microsoft PowerPoint format.