1 / 16

IMPLEMENTING IDENTITY THEFT CONTROLS

IMPLEMENTING IDENTITY THEFT CONTROLS. TTUHSC OP 52.10, Identity Theft Prevention, Detection and Mitigation Program http://www.ttuhsc.edu/hsc/op/op52/op5210.pdf http://www.ttuhsc.edu/hsc/op/op52/op5210a.pdf. Background – Where We Are. Federal Trade Commission (FTC)

ronald
Download Presentation

IMPLEMENTING IDENTITY THEFT CONTROLS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IMPLEMENTING IDENTITY THEFT CONTROLS TTUHSC OP 52.10, Identity Theft Prevention, Detection and Mitigation Program http://www.ttuhsc.edu/hsc/op/op52/op5210.pdf http://www.ttuhsc.edu/hsc/op/op52/op5210a.pdf

  2. Background – Where We Are • Federal Trade Commission (FTC) • Final Regulations issued November, 2007 • Effective 1/1/08 • Compliance and Enforcement Date 11/1/08 • Enforcement Delayed Twice to 8/1/09 • Creditors must implement written policies/procedures to prevent, detect and mitigate identity theft related to consumer accounts • TTUHSC OP 52.10 – 4/30/09

  3. How Does it Apply to TTUHSC? • TTUHSC is a Creditor • Regularly defers payment for goods or services or provides goods or services and bills later. • FTC stance: Physicians who accept insurance or payment plans are “creditors”. • TTUHSC has Consumer Accounts • Accounts permitting multiple payments • Accounts where there is a reasonable foreseeable risk of identity theft • BUT, WHAT ABOUT HIPAA?

  4. Common Terms • Identity Theft • Fraud committed or attempted by an individual using another person’s identifying information to obtain goods/services • Identifying Information • Name; SSN; birth date; phone number; government identity card (license, passport, visa); PHI, bank/credit/debit account numbers insurance information, biometric information; electronic identification information

  5. What is in the Policy • Identify relevant “Red Flags” • Those likely to encounter during business operations • Detect Red Flags • Establish procedures to detect red flags in day-to-day operations • Prevent & Mitigate Identity Theft • Respond to red flags found • Update the Program

  6. Two Oversight Areas • Electronic Data/Interchanges • External Security Breaches • Internal Security Breaches • Physical Points of Service • Setting up a New Patient • Patient Encounters – Medical Information • Account Collection Activity VERIFY VERIFY VERIFY

  7. Medical Identity Theft • Types • False Identity • Use another individual’s insurance information to obtain health care items/services • Risks • Non-payment/Refund to the Insurer • Inaccurate medical history for the insured • Inaccurate/False Medical Record • Inaccurate billing information

  8. Real Life Examples • Current OB Patient previously received OB care under a false identity. • Patient receives treatment using cousin’s insurance card • Patient does not use real name to receive treatment. • Patient denies having received treatment from the provider.

  9. What is a “Red Flag” • A RED FLAG • DOES NOT EQUAL IDENTITY THEFT • IS AN INDICATOR OF POSSIBLE IDENTITY THEFT • Categories of “Red Flags” – Attachment A • Credit Report Alerts • Suspicious Documents/Identity Information • Suspicious Activity • Patient Notices/Complaints

  10. Relevant Medical “Red Flags” • Patient Complains that items/services billed were not received by them • Patient’s medical histories are inconsistent • Patient uses various “aliases” to receive services • False/Forged Documentation Presented • Patient complaint/question about collections or entry on a credit report

  11. Relevant “Medical Red Flags” • Insurer denial of coverage for the service because patient previous received the service • Appendectomy; Hysterectomy; etc. • Insurance Information Does Not Match Patient Information • Patient Personal Information Does Not Match Information Presented or on File • Photo IDs, Insurance Card

  12. Procedures to Detect “Red Flags” • Educate Staff on Medical Identity Theft and Detecting Red Flags • What is a “red flag” – 52.10, Attachment “A” • Who to Contact? • Supervisor/Manager/Administrator • Institutional Privacy Officer • Institutional Security Officer (Identified security breach)

  13. Identity Verification & Authentication • New Patients: • Copy of current insurance cards • Over 16 years of age: Government-issued ID checked and copied for medical record • Under 16 years of age: Other government –issued documents • Copy of Birth Certificate for medical record • Copy of School Enrollment • Patient Refusal – Contact Supervisor

  14. Identity Verification & Authentication • Existing/Returning Patients • Verify patient matches photo ID – get copy if not already in the medical record • No photo ID – Verify patient using other individual identifying information, such as: • Address • Phone number • Last 4 of Social Security Number • Other unique information (last visit; insurer; etc.) • You may already be doing some or all of this

  15. Detection “After the Fact” • Patient Complaint/Notice • Unusual/Suspicious Activity/Information • Medical Record Information • Payment Denials • Insurer Inquiries related to a submitted claim • Name discrepancies • Number of children • Active patient with mail returned as undeliverable

  16. Resources • FTC Fighting Fraud with Red Flag Rules http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.pdf • AMA Publication http://www.ama-assn.org/ama1/pub/upload/mm/368/red-flags-rule-edu.pdf • FTC Website http://ftc.gov/bcp/edu/microsites/redflagsrule/publish-articles.shtm

More Related