© Chery F. Kendrick & Kendrick Technical Services, LLC.

Presented by:Dr. Chery F. Kendrick

Kendrick Technical Serviceswww.DocChery.com

865-405-4255


Define the Red Flags Rule Identify who must comply and why Identify risks for and ways to prevent,

detect or minimize the effects of identity theft

Discuss a compliance program to address risks and respond to flags


Identifies Risk Factors Discusses Protective Measures Discusses Fraud Alerts Presents Simplified RFR Form Package


The Red Flags Rule is a relatively new rule developed by the FTC (Federal Trade Commission) to help prevent identify theft and credit card fraud


Could this apply to you? YES!The FTC ruled veterinarians must comply


… and all clients pay in full at time of service, you likely will not have any Red Flags Rule issues.

However , if you extend credit, bill clients, set up payment plans, or file insurance claims the RFR does apply to your practice.


We are considered creditors when we allow clients to pay over time or accept credit applications on their behalf, for example, through CareCredit

Thus, we must have a program to address the risk of identity theft, and train employees.


It’s not HIPAA- the RFR protects financial information not medical info

Specifically for protection of consumers (that would be our clients) from identity theft

HIPAA policies can overlap with the RFR in terms of identity protection (such as Social Security Numbers)


Designate a Privacy Officer, (for example, your Safety Officer

or Practice Manager) Determine potential risks in

your front office, billing and record keeping procedures (use checklist)

Have a written protocol on file (use RFR policy)


Protecting the clinic and its clients is everyone’s concern from the front desk to the exam rooms to treatment areas and wards. All areas ,all personnel need to be made aware.

The Red Flags Rule also requires that we notify all suppliers, tech support,

cleaning crew, et al that their adherence to the Red Flags Rule compliance program is required


That’s where I come in

◦ As a veterinarian and a regulatory specialist I understand your time constraints and “one more government regulation” to follow

◦ I have developed the tools you need◦ RFR policy◦ RFR Checklist◦ RFR Training Programs◦ It’s that simple


Go over the risk assessment checklist (next slides)

Read the RFR policy Set up training for management

and all employees Send notification to vendors and

suppliers Review policy and training

annually


Has the clinic ever had a case of identity theft?

How do you protect client’s personal information when transmitting payments or dealing with outside service providers such as pet insurance or pharmacies?

© Chery F. Kendrick & Kendrick Technical Services

New Client forms – what personal information do you collect?

DL#? SS#? Credit Card#?

When a client calls for refill of meds, how is that billed? Account info accessed? How is file and info protected?

Secondary vendors: what information do they receive about client?

Do vendors have own RFR protocol?


All employees should be trained on the RFR compliance policy

As with all training there should be an annual review

New employees should have RFR training


The FTC tells us we need to prepare a “Risk Assessment Checklist”

Let’s work through the checklist I have developed as part of the RFR compliance package


CHECKLIST FOR RED FLAG RULE COMPLIANCE IDENTIFY THE POTENTIAL TO GATHER

PRIVATE INFO √ Offering programs/brochures that extend credit

for veterinary care. √ Client information for pet health insurance

forms. √ Accepting credit card payments by phone or

mail on written-in forms. √ Accepting credit card payments at the front

desk upon checkout.

√ Accepting checks and obtaining personal info, such as SSN and driver’s license number.

√ Forms completed by clients

for veterinary service. √ Forms completed by

employees with personal info, such as SSN and driver’s license number.

√ Employee medical records, employment records, pay records


INTERNAL ACTIONS APPLICABLE TO THE RED FLAG RULE

√ Communicate to staff the serious issue of identity theft and explain that the veterinary practice must be in compliance by federal law.

√ Ensure that all staff can recognize red flags, or potential red flags.

√ Assign a staff member to oversee compliance and determine how all red flag issues are handled. This member also should be assigned to determine what is or is not a red flag.

√ Have a written policy on the Red Flag Rule.

√ Periodically review detection procedures for red flags and update as needed.

√ Train existing staff on compliance with the rule.

√ Train new employees on compliance with the rule.

√ Expect compliance from vendors and service providers and document that compliance was sought.

√ Ensure customers and employees that the practice is in compliance and that all private information is safeguarded


Gathering information on forms that extend credit for veterinary care.

Client information for pet health insurance forms.

Accepting credit card payments by phone or mail on written-in forms.

Accepting credit card payments at the front desk upon checkout.


Accepting checks and obtaining personal info, such as SSN and driver’s license number.

Forms completed by clients for veterinary service.

© Chery F. Kendrick & Kendrick Technical Services

Don’t leave files on counters where public has access

Keep file cabinets secured


Take private information by phone out of public’s earshot


Secure client information by

logging in/out before leaving terminal

Protect Your Password!!


Match name on credit card to driver’s license or other form of picture ID

Hand credit card back directly to the client you received it from

Do NOT lay credit cards down on desk or counter


Match name on check to driver’s license or other form of picture ID

Immediately secure checks in locked drawer

When you are preparing deposit slips

do so in private


Employee recordsSSNMedical informationChecking acct info for direct depositsPayroll information

Clinic Information Medical license numbers Credit card numbers Bank records


Beware of what you put in the trash un-shredded. Thieves use contents of trash containers to steal identities.

Shred all messages or notes with information about personal records such as addresses, and billing info.

Don’t forget electronic media: shred discs , clear out files before disposing of computer.


Inspections would be conducted by a federal inspector with the FTC

Front desk should be trained to follow the same inspection protocol as with any other government inspector

Verification of inspector’s identity is rule #1

Verification is made by calling: 877-FTC-HELP (877-382-4357)


Inspectors will want to see the following: Training program and training records RFR Protocol RFR Checklist RFR Vendor notification May interview employees Will give exit briefing


NO inspector collects fines so any mention of money should in itself be a “Red Flag” that this is NOT a legitimate FTC inspector and you should immediately call the FTC

Follow up report will be mailed to you summarizing findings and notifying you of any potential fines for missing documents or training


Red Flags Rule Investigations are separate. They are initiated by consumer fraud

complaint which usually involves identity theft Your business may be investigated if the

consumer conducted business with you and listed you as potential source of identify theft

Investigator will review documents including how you handled that clients personal information


An investigation is NOT an accusation, But a fact finding process to determine where the identity breach may have occurred

If however it is determined that the breach occurred at your practice which allowed the identify theft to occur then you may be held civilly liable

Criminal liability is reserved for the actual thief


Remain calm, answer only questions asked Notify practice owner, regulatory consultant

and practice attorneys Do Not allow documents to leave the

practice Allow the professionals (consultants and

attorneys) to take over for you


It is unlikely there will be inspections however we are still required to have a program in place and train our team

The protection of information is critical to all of us

Stay calm, know you are trying your best to stay compliant and safeguard vital information


On completing your Red Flags Rule training Main Points: 1) Guard personal information collected 2) Be careful with credit applications 3) Be vigilant and report suspicious activity 4) Review Red Flags Rule Protocol 5) Train new employees on Red Flags Rule


Call “Doc Chery”Dr. Chery F. Kendrick

Veterinarian & Regulatory SpecialistKendrick Technical Services

Knoxville, TN865-405-4255

[email protected]


Red Flags Rule Compliance Program Includes All Required Forms- Ready To Use! Checklist Policy Confidentiality Form Management AND Employee Training Special Seminar Price*: Only $159 pick up your CD here today Or go to www.DocChery.com click on “Seminars” to order *offer good through April 5, 2010


Dr. Chery F. KendrickVeterinary Regulatory Specialist

865-405-4255Chery@KendrickTechServices.comwww.KendrickTechServices.com


© Chery F. Kendrick & Kendrick Technical Services, LLC.

Documents

Transcript of © Chery F. Kendrick & Kendrick Technical Services, LLC.