Download presentation
Presentation is loading. Please wait.
Published byClemence Murphy Modified over 9 years ago
1
© Chery F. Kendrick & Kendrick Technical Services
2
Presented by: Dr. Chery F. Kendrick Kendrick Technical Services www.DocChery.com 865-405-4255 © Chery F. Kendrick & Kendrick Technical Services
3
Define the Red Flag Rule Identify who must comply and why Identify risks for and ways to prevent, detect or minimize the effects of identity theft Discuss a compliance program to address risks and respond to flags © Chery F. Kendrick & Kendrick Technical Services
4
Identifies Risk Factors Discusses Protective Measures Discusses Fraud Alerts Presents Simplified RFR Form Packages © Chery F. Kendrick & Kendrick Technical Services
5
The Red Flag Rule is a relatively new rule developed by the FTC (Federal Trade Commission) to help prevent identify theft and credit card fraud © Chery F. Kendrick & Kendrick Technical Services
6
Could this apply to you? YES! The FTC ruled veterinarians must comply © Chery F. Kendrick & Kendrick Technical Services
7
… and all clients pay in full at time of service, you likely will not have any Red Flag Rule issues. However, if you extend credit, bill clients, set up payment plans, or file insurance claims the RFR does apply to your practice. © Chery F. Kendrick & Kendrick Technical Services
8
We are considered creditors when we allow clients to pay over time or accept credit applications on their behalf, for example, through CareCredit Thus, we must have a program to address the risk of identity theft, and train employees. © Chery F. Kendrick & Kendrick Technical Services
9
It’s not HIPAA- the RFR protects financial information not medical info Specifically for protection of consumers (that would be our clients) from identity theft HIPAA policies can overlap with the RFR in terms of identity protection (such as Social Security Numbers) © Chery F. Kendrick & Kendrick Technical Services
11
Designate a Privacy Officer, (for example, your Safety Officer or Practice Manager) Determine potential risks in your front office, billing and record keeping procedures (use checklist) Have a written protocol on file (use RFR policy) © Chery F. Kendrick & Kendrick Technical Services
12
Protecting the clinic and its clients is everyone’s concern from the front desk to the exam rooms to treatment areas and wards. All areas,all personnel need to be made aware. The Red Flag Rule also requires that we notify all suppliers, tech support, cleaning crew, et al that their adherence to the Red Flag Rule compliance program is required © Chery F. Kendrick & Kendrick Technical Services
13
That’s where I come in ◦ As a veterinarian and a regulatory specialist I understand your time constraints and “one more government regulation” to follow ◦ I have developed the tools you need ◦ RFR policy ◦ RFR Checklist ◦ RFR Training Programs ◦ It’s that simple © Chery F. Kendrick & Kendrick Technical Services
14
Go over the risk assessment checklist (next slide) Read the RFR policy Set up training for management and all employees Send notification to vendors and suppliers Review policy and training annually © Chery F. Kendrick & Kendrick Technical Services
15
Has the clinic ever had a case of identity theft? How do you protect client’s personal information when transmitting payments or dealing with outside service providers such as pet insurance or pharmacies? © Chery F. Kendrick & Kendrick Technical Services
16
New Client forms – what personal information do you collect? DL#? SS#? Credit Card#? When a client calls for refill of meds, how is that billed? Account info accessed? How is file and info protected? Secondary vendors: what information do they receive about client? Do vendors have own RFR protocol? © Chery F. Kendrick & Kendrick Technical Services
17
All employees should be trained on the RFR compliance policy As with all training there should be an annual review New employees should have RFR training © Chery F. Kendrick & Kendrick Technical Services
18
Employee records SSN Medical information Checking acct info for direct deposits Payroll information Clinic Information Medical license numbers Credit card numbers Bank records © Chery F. Kendrick & Kendrick Technical Services
19
Beware of what you put in the trash un-shredded. Thieves use contents of trash containers to steal identities. Shred all messages or notes with information about personal records such as addresses, and billing info. Don’t forget electronic media: shred discs, clear out files before disposing of computer. © Chery F. Kendrick & Kendrick Technical Services
20
Inspections would be conducted by a federal inspector with the FTC Front desk should be trained to follow the same inspection protocol as with any other government inspector Verification of inspector’s identity is rule #1 Verification is made by calling: 877-FTC- HELP (877-382-4357) © Chery F. Kendrick & Kendrick Technical Services
21
Inspectors will want to see the following: Training program and training records RFR Protocol RFR Checklist RFR Vendor notification May interview employees Will give exit briefing © Chery F. Kendrick & Kendrick Technical Services
22
NO inspector collects fines so any mention of money should in itself be a “Red Flag” that this is NOT a legitimate FTC inspector and you should immediately call the FTC Follow up report will be mailed to you summarizing findings and notifying you of any potential fines for missing documents or training © Chery F. Kendrick & Kendrick Technical Services
23
Red Flags Rule Investigations are separate. They are initiated by consumer fraud complaint which usually involves identity theft Your business may be investigated if the consumer conducted business with you and listed you as potential source of identify theft Investigator will review documents including how you handled that clients personal information © Chery F. Kendrick & Kendrick Technical Services
24
An investigation is NOT an accusation, But a fact finding process to determine where the identity breach may have occurred If however it is determined that the breach occurred at your practice which allowed the identify theft to occur then you may be held civilly liable Criminal liability is reserved for the actual thief © Chery F. Kendrick & Kendrick Technical Services
25
Remain calm, answer only questions asked Notify practice owner, regulatory consultant and practice attorneys Do Not allow documents to leave the practice Allow the professions (consultants and attorneys) to take over for you © Chery F. Kendrick & Kendrick Technical Services
26
It is unlikely there will be inspections however we are still required to have a program in place and train our team The protection of information is critical to all of us Stay calm, know you are trying your best to stay compliant and safeguard vital information © Chery F. Kendrick & Kendrick Technical Services
28
On completing your Red Flag Rule training Main Points: 1) Guard personal information collected 2) Be careful with credit applications 3) Be vigilant and report suspicious activity 4) Review Red Flag Rule Protocol 5) Train new employees on Red Flag Rule © Chery F. Kendrick & Kendrick Technical Services
29
Call “Doc Chery” Dr. Chery F. Kendrick Veterinarian & Regulatory Specialist Kendrick Technical Services 865-405-4255 DocChery@charter.net www.KendrickTechServices.com © Chery F. Kendrick & Kendrick Technical Services
30
Dr. Chery F. Kendrick Veterinary Regulatory Specialist 865-405-4255 Chery@KendrickTechServices.com www.KendrickTechServices.com © Chery F. Kendrick & Kendrick Technical Services
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.