We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byXander Errett
Modified about 1 year ago
© Chery F. Kendrick & Kendrick Technical Services
Presented by: Dr. Chery F. Kendrick Kendrick Technical Services © Chery F. Kendrick & Kendrick Technical Services
Define the Red Flag Rule Identify who must comply and why Identify risks for and ways to prevent, detect or minimize the effects of identity theft Discuss a compliance program to address risks and respond to flags © Chery F. Kendrick & Kendrick Technical Services
Identifies Risk Factors Discusses Protective Measures Discusses Fraud Alerts Presents Simplified RFR Form Packages © Chery F. Kendrick & Kendrick Technical Services
The Red Flag Rule is a relatively new rule developed by the FTC (Federal Trade Commission) to help prevent identify theft and credit card fraud © Chery F. Kendrick & Kendrick Technical Services
Could this apply to you? YES! The FTC ruled medical practitioners must comply © Chery F. Kendrick & Kendrick Technical Services
… and all patients pay in full at time of service, you likely will not have any Red Flag Rule issues. However, if you extend credit, bill patients, set up payment plans, or file insurance claims the RFR does apply to your practice. © Chery F. Kendrick & Kendrick Technical Services
We are considered creditors when we allow patients to pay over time or accept credit applications on their behalf, for example, through CareCredit or through their insurance. Thus, we must have a program to address the risk of identity theft, and train employees. © Chery F. Kendrick & Kendrick Technical Services
It’s not HIPAA- the RFR protects financial information not medical info Specifically for protection of consumers (that would be our patients) from identity theft HIPAA policies can overlap with the RFR in terms of identity protection (such as Social Security Numbers) © Chery F. Kendrick & Kendrick Technical Services
Designate a Privacy Officer, (for example, your Safety Officer or Practice Manager) Determine potential risks in your front office, billing and record keeping procedures (use checklist) Have a written protocol on file (use RFR policy) © Chery F. Kendrick & Kendrick Technical Services
Protecting the practice and its patient’s information is everyone’s concern from the front desk to the exam rooms to treatment areas and labs. All areas,all personnel need to be made aware. The Red Flag Rule also requires that we notify all suppliers, tech support, cleaning crew, et al that their adherence to the Red Flag Rule compliance program is required © Chery F. Kendrick & Kendrick Technical Services
That’s where I come in ◦ As a regulatory specialist I understand your time constraints and “one more government regulation” to follow ◦ I have developed the tools you need ◦ RFR policy ◦ RFR Checklist ◦ RFR Training Programs ◦ It’s that simple © Chery F. Kendrick & Kendrick Technical Services
Go over the risk assessment checklist (next slide) Read the RFR policy Set up training for management and all employees Send notification to vendors and suppliers Review policy and training annually © Chery F. Kendrick & Kendrick Technical Services
Has the clinic ever had a case of identity theft? How do you protect patient’s personal information when transmitting payments or dealing with outside service providers such as insurance companies or pharmacies? © Chery F. Kendrick & Kendrick Technical Services
New Patient forms – what personal information do you collect? DL#? SS#? Credit Card#? When a patient calls for refill of meds, how is that billed? Account info accessed? How is file and info protected? Secondary vendors: what information do they receive about patient? Do vendors have own RFR protocol? © Chery F. Kendrick & Kendrick Technical Services
All employees should be trained on the RFR compliance policy As with all training there should be an annual review New employees should have RFR training © Chery F. Kendrick & Kendrick Technical Services
Employee records SSN Medical information Checking acct info for direct deposits Payroll information Clinic Information Medical license numbers Credit card numbers Bank records © Chery F. Kendrick & Kendrick Technical Services
Beware of what you put in the trash un-shredded. Thieves use contents of trash containers to steal identities. Shred all messages or notes with information about personal records such as addresses, and billing info. Don’t forget electronic media: shred discs, clear out files before disposing of computer. © Chery F. Kendrick & Kendrick Technical Services
On completing your Red Flag Rule training Main Points: 1) Guard personal information collected 2) Be careful with credit applications 3) Be vigilant and report suspicious activity 4) Review Red Flag Rule Protocol 5) Train new employees on Red Flag Rule © Chery F. Kendrick & Kendrick Technical Services
Call “Doc Chery” Dr. Chery F. Kendrick Regulatory Specialist Kendrick Technical Services © Chery F. Kendrick & Kendrick Technical Services
Dr. Chery F. Kendrick Regulatory Specialist © Chery F. Kendrick & Kendrick Technical Services
Red Flag Rules WELCOME Iowa State University Identity Theft Prevention Program.
1 Red Flag Rules: What they are? & What you need to do Employee Training for Identity Theft : “RED FLAG RULES” February 2010.
1 Gramm-Leach-Bliley Act (GLBA) Implementation of the Safeguards Rule Information Security Program University of Minnesota (Adapted from the Federal Trade.
Compliance with Federal Trade Commission’s “Red Flag Rule”
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Learning Module #2 HIPAA and Compliance For Clinical Students and Instructors FVHCA Member Clinical Sites Reviewed
1 ON- LINE TRAINING EVENT HIPAA (Health Insurance Portability & Accountability Act) ENTER.
Protecting Patient Privacy: HIPAA Guidelines for Health Care Providers.
HIPAA Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members about the.
Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
HIPAA Security Awareness What You Need To Know. Training Overview This course will discuss the following subject areas: How this training relates to you.
HIPAA Training: Ensuring Privacy for our Patients Privacy Training for Harvard Medical Students.
2011 Health Insurance Portability and Accountability Act (HIPAA) Volunteer Training 2011 Privacy & Security Protection of Public Health Patients Information.
Privacy and Information Security Training ( ) Privacy and Information Security Training Vanderbilt University Medical Center Information.
Mount Auburn Hospital Information Security Awareness Training How to protect electronic information at work and at home.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
Identity Theft …It could be you But This Presentation is by me, Michelle Richards.
1 Data Handling at Purdue. Section I The Importance of Data Security (slides 4 – 5) Laws and Policies (Slides 7 – 18) - Federal - State - Purdue Section.
Anatomy of a HIPAA Breach Maureen DAgostino SVP, Quality, Service and Performance Excellence Colleen McClorey Associate General Counsel, University of.
Company LOGO Data Protection Fundamentals Sensitisation MQA By : Mrs. Pravina DODAH Mr. Hemrajsingh BHUGOWON Date : 09 Nov 2012.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
Slide 1 Information Protection Policies Training for MGH/MGPO Protecting Our Patients Privacy is EVERYONES responsibility Massachusetts General Hospital.
Internal Audit Internal Controls What are they? Why should I care?
TRAINING FOR ALL MEDICAL SERVICE PROVIDERS HIPAA H ealth I nsurance P ortability and A ccountability A ct.
UNIVERSITY OF ALABAMA V HIPAA Privacy and Security Training For Employees Compliance is Everyones Job 1 INTERNAL USE ONLY For UA Health Care Components,
Agency E&O Considerations when Social Networking ACT Webinar Presented By: David Hulcher, Assistant Vice President, Agency E&O Risk Management, Big I Advantage.
Personal Information Security Workshop Williams College Office for Information Technology (OIT) Winter 2010.
Copyright 2008 The Regents of the University of California All Rights Reserved The Regents of the University of California accepts no liability for any.
Screening Topics Larry Newcomer Director Domin-8 Value Added Services This session is designed for current Domin-8 Background Screening Users © 2009 Domin-8.
Personal Information Security and Malware Awareness Workshop Bard College at Simons Rock Information Technology Services (ITS) Summer 2012 (Please sign.
© 2016 SlidePlayer.com Inc. All rights reserved.