uams identity theft program—red flag rule computer based training (cbt) module prepared for uams...
TRANSCRIPT
UAMS Identity Theft Program—Red Flag Rule
Computer Based Training (CBT) Module Prepared for UAMS Registration and
Admissions Personnel
Each slide contains audio, so please adjust your volume and sound settings at this time.
Objectives Overview Red Flag Rule Definitions Identification of possible red flags UAMS Policy and Procedures Verification Assistant Adding Critical Alerts
Program Adoption Identity theft is the fastest growing crime
in the United States It affected more than 10 million Americans in
2008. A new victim every 2 seconds.
Federal Trade Commission Red Flag Rule
Fair and Accurate Credit Transactions Act of 2003: Section 113
Program Purpose To protect UAMS patients and students
from the risk of identity theft ID Theft/Red Flag Rule program contains
policies and procedures to:1. Identify relevant Red Flags for new and existing
covered accounts and incorporate those Red Flags into the Program;
2. Detect Red Flags that have been incorporated into the Program;
3. Respond appropriately to any Red Flags that are detected to prevent and mitigate Identity Theft; and
4. Ensure the Program is updated periodically, to reflect changes in risks to customers or to the safety and soundness of the creditor from Identity Theft.
Enforcement Deadline Program must be in place by June 1, 2010 Entities failing to comply with the Red Flag
Rule could face enforcement actions by the FTC, which is authorized to seek up to $2,500 in penalties for each independent violation of the rule
Enforcement actions by state attorneys general, which are authorized to recover up to $1,000 for each violation (plus attorney’s fees) on behalf of their residents
Definitions Identity Theft
Fraud committed using the identifying information of another person.
Medical Identity Theft Medical identity theft occurs when someone
uses a person’s name and sometimes other parts of their identity (e.g. insurance information or Social Security number) without the person’s consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods.
Definitions Covered Account
Any account UAMS offers or maintains that involves multiple payments or transactions, or for which there a foreseeable risk of Identity Theft.
Red Flag A pattern, practice, or specific activity that
indicates the possible existence of Identity Theft.
Identifying Information Any name or number that may be used, alone
or in conjunction with any other information, to identify a specific person.
Medical Identity Theft Healthcare effects
Medical record may be polluted with potentially life threatening misinformation
Patients may: Receive the wrong medical treatment or delayed
medical treatment from inaccurate diagnosis Find their health insurance exhausted Fail physical exams for employment due to erroneous
disease entries in their health record
Identifying Information name address telephone number social security
number date of birth government issued
driver’s license or ID number
alien registration number
government passport number
employer or taxpayer identification number
unique electronic identification number
computer’s Internet Protocol address or routing code
Detection of Red Flags Verify Patient’s Identity
UAMS Policy on identity theft states that registration personnel will obtain and verify the identity of all patients to the extent possible.
Pharmacy, clinical, billing, and Health Information Management (HIM) personnel also have specific patient verification processes.
Registration Procedure I and III. All adult patients will be asked for photo
identification.II. Minor patients’ parent/guardian will be
asked for photo identification. • Examples include state issued drivers
license, state issued ID card, military ID, passport, etc.
Registration Procedure IIIIII. The photo identification will be scanned
into the patient account.• An adult patient’s photo ID should be
scanned into EPF folder “Drivers License” even if it’s a state ID card.
• An adult guarantor’s photo ID should be scanned into EPF folder “Drivers License” their own CPI #, not the patient’s.
Registration Procedure IVIV. In the event the patient does not have a
photo ID, ask for two forms of non-photo ID, one of which has been issued by a state or federal agency.
• Examples include a Social Security Card, utility bill, or company/school ID.
• Scan the IDs into the “Drivers License” EPF folder.
Registration Procedure VV. Any patient who is unable to provide
photo identification will have their Social Security Number verified in the hospital electronic verification system.
• No one should be refused care because they do not have acceptable ID with them.
• The patient should be asked to bring appropriate ID to their next visit.
Responding to Questions Patient: “Why am I being asked for ID?”
Registration Personnel: “We ask for your photo ID to protect our patients from identity theft. Because of that, we are now using the same processes used in the community to cash a check, make a large credit card purchase, or board a plane.”
Responding to Red Flags If any employee believes potential identity theft
has occurred, the account should be flagged immediately and details should be documented in CPI comments.
The supervisor should be notified. Investigation and follow-up will be conducted by
the hospital privacy officer. Registration personnel may be contacted for additional
information during this period. Hospital bills will be suspended until investigation and
follow-up have been completed.
Registration Procedure VIVI. The appropriate identity theft flag in the ADT
system will be set as follows:a. DR—Duplicate Record—alert that records of two
patients may be co-mingled such as two patients with same identifying information.
b. ID—Identity Theft Victim – alert that this is a confirmed case of identity theft.
c. NA—Notice of Activity—alert that some source has notified UAMS of possible ID theft. The source may be the patient, the patient’s credit agency, law enforcement or any other source.
d. SA—Suspicious Activity—will alert that there are suspicious documents or clinical inconsistencies present.
Registration Policies VII and VIIIVII. Emergency care will not be delayed for
lack of ID VIII. Any unresolved Identity Theft Flags
noted at point of registration should be reported to supervisor or manager for follow up.
Signs of Possible Identity Theft Suspicious personally identifying
information: Patient appears and gives an identity that has
been flagged. Patient provides a photo ID that does not
match the patient Patient gives a SSN different than one used on
a previous visit or is the same as another patient account
Patient gives information that conflicts with information in his/her file
Family member/friend calls the patient by a different name than that provided at the time of registration.
Signs of Possible Identity Theft Suspicious documents
Identification documents appear to have been altered or forged
Other information is inconsistent with readily accessible information on file such as a signature mismatch
Unusual use of or suspicious activity related to a covered account For example mail sent to the customer is
returned repeatedly as undeliverable although recent business activity reflects the address in question
Signs of Possible Identity Theft Alerts, notifications, or warnings from a
patient, student, victim, law enforcement, consumer reporting agency, or other institution or business
Contact Information Revenue Integrity Specialist Team
Hotline: 686-5102 Email:
Vera Chenault, J.D., UAMS Identity Theft Prevention Program Administrator Office: 526-4817 Email: [email protected]