AskMariaTodd

... AFFORDABLE. .. INNOVATIVE... FLEXIBLE

  • Increase font size
  • Default font size
  • Decrease font size
Practice Management It's a FACTA Life...Identify Theft Happens

It's a FACTA Life...Identify Theft Happens

Identity Theft Happens
Back in October, my debit card went to China without me and whooped it up at what VISA called a "Drinking and Dancing Establishment".  Wells Fargo decided that while my card was being used to complete a "card present" transaction, it was simultaneously being used at the local organic grocer.  They figured I was at the grocery store because of my spending profile, and that the other lifestyle was likely not me. How did they get through not one, but three transactions totalling over $2700 with a "card present" transaction? Not sure, but these days, one can take the number off a magnetic strip and simply make a new card. For this and other reasons, FACTA is now a necessity.

By August 1, 2009*, virtually all health care providers (including hospitals and physicians) throughout the United States will be required to comply with new privacy and security requirements to prevent identity theft. These new requirements are referred to as the Identity Theft Red Flags Rule (the "Rule") and it applies to any "Creditor" who maintains "Covered Accounts," as those terms are defined in the Rule.

For free templates and model policies

Applicability of the Rule

The American Medical Association ("AMA") and other associations including Medical Group Management Association, (MGMA) have recently corresponded with the FTC arguing, among other things, that the agency's interpretation that the Rule applies to physicians is overly broad. The definition of the term "Creditor" and whether health care providers fall under such a definition is at issue. The Rule defines the term "Creditor" as having the same meaning as in the FCRA, which was derived directly from the definition of "Creditor" in the Equal Credit Opportunity Act ("ECOA"). The ECOA defines the term to include, "any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit." The term "Credit" is defined in the ECOA as, "the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payments therefor."

The FTC maintains that anyone who defers payment for services provided beyond the date of service is a Creditor and a health care provider that bills a patient after having provided medical services clearly fits that definition. Makes perfect sense to me.

The second key definition of the Rule is "Covered Accounts." A "Covered Account" is defined as (i) an, "account that a ... creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account, and (ii) any other account that the ... creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the ... creditor from identity theft, including financial, operational, compliance, reputation or litigation risks."

Five Things To Do Now
  1. The Rule requires Creditors to develop and implement an Identity Theft Prevention Program ("Program") that identifies, detects, and responds to activities that could indicate identity theft. These Red Flag activities may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents.
  2. The second element is the development and implementation of policies and procedures designed to detect Red Flags.
  3. The third element of the Rule requires the Program have appropriate responses to prevent and mitigate the crime.
  4. The fourth element is the development and implementation of policies and procedures to reassess and update the Program periodically. A Creditor should review the Program to determine if the list of Red Flags included in need to be amended as a result of changing risks of identity theft.
  5. Finally, the Program must be managed by a Creditor's board of directors or senior employee, include appropriate staff training, and provide for oversight of any service providers with whom the Creditor contracts.
It's not really hard to do and I have developed a sample compliance plan and monitoring templates.  For access to copies of these, click below:
Sample Policy and Procedure
Sample Monitoring Report
Sample Medical Group Identity Theft Program Desription

Although compliance with the Rule was technically mandatory as of November 1, 2008, the FTC has granted entities subject to its jurisdiction a six-month forbearance period (ending on May 1, 2009) before it will begin enforcement of the Rule. The FTC also recently announced that effective February 9, 2009, its civil monetary penalties for violations of the FCRA, including the Rule, have increased to $3,500 per violation.
 

Who's Online

We have 19 guests online

AskMariaTodd™


Healthcare Industry Consultants
Sign Up for Our Newsletter

Maria Todd is Innovative….
•    She's not afraid to ask questions
•    She's not afraid to ask the tough questions
•    She's not afraid to ask questions that make people uncomfortable
•    She's not afraid of challenging others to ask tough questions
•    She's not afraid to ask why it has become acceptable to not ask questions
•    She's not afraid to indicate that she doesn’t know the answer to the tough questions, but she's prepared to find out if she can
•    She's not afraid to suggest that maybe there have now been too many questions, and now something simply must be done

Contact:
(International) +1.718.250.0154
(Toll Free USA)  1.800.209.7263
Email us

Headquarters:
999 18th Street, Suite 3000
Denver, CO 80204 USA
 

Main Menu

Seminars & Training

Articles

In the News...

Propofol OK for use in Gastroenterology
Read the Article
 

Now available at Amazon.com!
THE MANAGED CARE CONTRACTING HANDBOOK 2nd ed., by Maria Todd

Maria has contracted with CRC Press, a Taylor and Francis Group, to author or edit five book manuscripts for release in 2009. 
Read more...
 
For HFMA AND HFMA Chapters...
With new technology Maria offers a total education solution for HFMA and MGMA local chapters that is cost effective, innovative and well-received by members.
Read more...
 
Maria Offers Low Cost Managed Care Contract Reviews
A flat fee charge includes contract review and analyis, commentary and private webinar-style debrief where she reviews the contract line-by-line, with you, your legal counsel, the revenue management leadership and the CFO, highlighting the problems and offering solutions.  Read more about it...
 

Search

TRAINING AND SEMINARS


Training and professional development designed to your exact specifications, or, choose from our current catalog of developed topics. All are available on-site at your chosen location or online as a private webinar for your company or association. Interactive audience response technology is available for live and web-based programs.
To schedule training or request a speaker for keynotes, breakouts, webinars, hands-on training, panel moderator, panelist, or learning-intensive workshops,  call 800.209.7263 today.
Check out these Cost Saving Opportunities Save Money... Piggyback onto a date that Maria will already be in your area

Compliance
HIPAA for New Hires
HIPAA Privacy and Security Refresher
Compliance with Red Flag Rules

Managed Care
Revenue Management
Managed Care for New Hires
Managed Care Contract Analysis
Managed Care Contract Renegotiation
Overturning Denied Claims
Successful Claim Appeals
Front-end Revenue Improvement
Motor Vehicle Accident Claims
Troubleshooting Self-insured Payer Problems
Troubleshooting International Payer Denials
Developing Payer Report Cards
Medicare Advantage Contracting
Get Paid for Performance

Physician Practice Management
Social Networking for  Physician Groups
Concierge Medicine Practice Development
Medical Home Practice Development
Physician Integration
Physician Employment Contracting
Customer Service Training for Physician Groups
Billing and Collections Improvement

Bottom Line Improvement
Orthopaedics
Cardiology
Bariatrics
Plastic Surgery
Oncology
Gastroenterology
General Surgery

Integrated Health Delivery
IPA  Rejuvenation
IPA Contract Management
Network Credentialing and Privileging Procedures
Creating Quality Management and Metrics Programs
How to build an Accountable Care Organization (ACO)
Recalibrate Your MSO NOW!
Refocusing the Lens: Physician Integration  v2.0
What to Do with Your Dormant PHO

*Speaker Travel Expense and Fees Vary by Program Location/Duration

Take Their Word For It...

“Maria is an expert in her field. She has a thorough understanding of health care reimbursement and managed care, as well as an in-depth market knowledge of healthcare in the United States and in other countries. She pays great attention to detail. She is also easy to work with, and has an engaging teaching style when presenting at seminars. I've worked with her for years, and hope to continue to do so.”   Marla Durben Hirsch, JD, fomer Editor with Brownstone Publishing [August 18, 2008]