Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Chery F. Kendrick & Kendrick Technical Services.

Published byKristopher Randall Modified over 8 years ago

Similar presentations

Presentation on theme: "© Chery F. Kendrick & Kendrick Technical Services."— Presentation transcript:

1 © Chery F. Kendrick & Kendrick Technical Services

2 Presented by: Dr. Chery F. Kendrick Kendrick Technical Services www.DocChery.com 865-405-4255 © Chery F. Kendrick & Kendrick Technical Services

3  Define the Red Flag Rule  Identify who must comply and why  Identify risks for and ways to prevent, detect or minimize the effects of identity theft  Discuss a compliance program to address risks and respond to flags © Chery F. Kendrick & Kendrick Technical Services

4  Identifies Risk Factors  Discusses Protective Measures  Discusses Fraud Alerts  Presents Simplified RFR Form Packages © Chery F. Kendrick & Kendrick Technical Services

5 The Red Flag Rule is a relatively new rule developed by the FTC (Federal Trade Commission) to help prevent identify theft and credit card fraud © Chery F. Kendrick & Kendrick Technical Services

6 Could this apply to you? YES! The FTR ruled veterinarians must comply © Chery F. Kendrick & Kendrick Technical Services

7  And always paid in full at the time of service ◦ Your practice likely extends credit and has covered accounts ◦ You must comply with the Red Flag Rule © Chery F. Kendrick & Kendrick Technical Services

8  We are considered “Creditors” when we allow clients to pay over time or accept credit applications on their behalf, for example, through CareCredit  As Creditors we must develop a program to reduce and respond to potential risks of identity theft, train employees and update that program at least annually © Chery F. Kendrick & Kendrick Technical Services

9  It’s not HIPAA- the RFR protects financial information not medical info  Specifically for protection of consumers (that would be our clients) from identity theft  Many HIPAA policies overlap with the RFR in terms of identity protection (such as Social Security Numbers) © Chery F. Kendrick & Kendrick Technical Services

10 Grab The Bull By the Horns, not the Tail! © Chery F. Kendrick & Kendrick Technical Services

11  Appoint a compliance officer/program administrator (for example, your Safety Officer or Practice Manager)  Determine potential risks in your front office, billing and record keeping procedures (use checklist)  Adopt a written program with policies to detect, prevent and mitigate identity theft © Chery F. Kendrick & Kendrick Technical Services

12  Detecting risks and protecting client information involves everyone (front and back office, billing and collection services, IT support/vendors)  Your final plan must be reviewed and approved by your Board/Senior Management (Owner in solo practice) © Chery F. Kendrick & Kendrick Technical Services

13  That’s where I come in ◦ As a veterinarian and a regulatory specialist I understand your time constraints and “one more government regulation” to follow ◦ I have a simplified process ◦ Enclosed forms ◦ Checklist ◦ This Employee Training Program ◦ It’s that simple © Chery F. Kendrick & Kendrick Technical Services

14  Go Through the Risk Assessment Checklist  Identify which Processes you need to incorporate to reduce identified risks  Look at the Plans to identify and respond to warning signs and notifications  Include Red Flag Compliance in business associate agreements  Implement training  Monitor and reassess at least annually © Chery F. Kendrick & Kendrick Technical Services

15  Has the practice had any experience with identity theft?  How do you identify callers before providing information or services?  How do you exchange account information with other entities  Paper?  Electronically?  Other? © Chery F. Kendrick & Kendrick Technical Services

16  Can you track and verify who has printed or transmitted electronic reports of account information?  Do the processes for collecting client payments create any risks of identity theft?  Who handles complaints from clients or payers who identify a service as billed to the wrong party?  How do the practice’s HIPAA privacy and security policies and processes support Red Flag compliance? © Chery F. Kendrick & Kendrick Technical Services

17  Which business partners and vendors have access to account information?  What can you do if a client’s identification is questionable?  Do you work with a collection service that may have tips and resources for verifying client information?  Who ultimately determines that an identity theft incident has occurred and the appropriate response ? © Chery F. Kendrick & Kendrick Technical Services

18  New Client forms – what personal information do you collect?  DL#? SS#? Credit Card#?  When a client calls for refill of meds, how is that billed? Account info accessed? How is file and info protected?  Secondary vendors: what information do they receive about client?  Do vendors have own RFR protocol? © Chery F. Kendrick & Kendrick Technical Services

19  You likely have HIPAA business associate agreements in place already  A similar agreement must be put in place with associates and vendors who may have access to client accounts  An addendum to the HIPAA business associate agreement may be an option for fulfilling this requirement © Chery F. Kendrick & Kendrick Technical Services

20  Once your program has been documented, staff should be trained under the direction of the compliance officer/program administrator  Training should be repeated each year following review/update of the program or as changes to the program are implemented © Chery F. Kendrick & Kendrick Technical Services

21  At least annually, the Red Flag Rule requires that the program be reviewed and updated to reflect changes in risks to clients and the soundness of the practice in protecting against ID theft  Must take into account practice’s experience with ID theft, changes in methods of how ID theft is perpetrated, changes in procedures and policies and changes in business associates © Chery F. Kendrick & Kendrick Technical Services

22  Protecting personnel records ◦ Employment applications ◦ Payroll tax forms ◦ Health/life insurance applications ◦ Paper and electronic  Protecting veterinarian information ◦ Necessary for credentialing ◦ Risk of ID theft for use as ordering/referring veterinarian © Chery F. Kendrick & Kendrick Technical Services

23  Dumpster diving leads to HIPAA violations and ID theft  Shred any phone message or other note containing personally identifiable information  Shred old computer discs containing personal or business information  Use a reputable source for disposal of old medical records such as a mobile shredding service © Chery F. Kendrick & Kendrick Technical Services

24  Any paper containing personally identifiable information or account data will be shredded prior to being put into the trash. This includes phone message notes.  All staff/veterinarians are responsible for the prompt shredding and disposal of sticky and/or other paper notes that may become lost or mixed into other papers.  If possible, use face-to-face and/or secure electronic intra-office communications to avoid use of sticky notes and temporary forms of written communication to relay messages or note information. © Chery F. Kendrick & Kendrick Technical Services

25  How are records transported from one location to another?  Do staff take medical or account records home?  The FBI website states: “Nationwide in 2007, there were an estimated 1.1 million (1,095,769) thefts of motor vehicles.”  What’s in your car? © Chery F. Kendrick & Kendrick Technical Services

26  Staff will not transport medical records, account records or reports containing patient information without permission from the practice manager. Only minimally necessary information will be transported. Staff will take precautions to protect records, such as not leaving records in automobile where possible. If records must be left in automobile, they should be locked in the trunk, not in the front of the vehicle. A locking briefcase is the preferable transport carrier. © Chery F. Kendrick & Kendrick Technical Services

27 You should be able to “tie up” the loose ends! © Chery F. Kendrick & Kendrick Technical Services

28  On completing your Red Flag Rule training  Main Points:  1) Guard personal information collected  2) Be careful with credit applications  3) Be vigilant and report suspicious activity  4) Review Red Flag Rule Protocol  5) Train new employees on Red Flag Rule © Chery F. Kendrick & Kendrick Technical Services

29 Call “Doc Chery” Dr. Chery F. Kendrick Veterinarian & Regulatory Specialist Kendrick Technical Services 865-405-4255 DocChery@charter.net www.KendrickTechServices.com © Chery F. Kendrick & Kendrick Technical Services

30 Dr. Chery F. Kendrick Veterinary Regulatory Specialist 865-405-4255 Chery@KendrickTechServices.com www.KendrickTechServices.com © Chery F. Kendrick & Kendrick Technical Services

Download ppt "© Chery F. Kendrick & Kendrick Technical Services."

Similar presentations

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
© Chery F. Kendrick & Kendrick Technical Services.

© Chery F. Kendrick & Kendrick Technical Services.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Fighting Back Against Identity Theft A Presentation for CSM564 – Dr. Price By Matt Poole.

Fighting Back Against Identity Theft A Presentation for CSM564 – Dr. Price By Matt Poole.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.

STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.

Similar presentations

Ads by Google