© Chery F. Kendrick & Kendrick Technical Services.

Red Flag Rule Training for the Medical Practice

Management Team

© Chery F. Kendrick & Kendrick Technical Services

What Is The Red Flag Rule?How Does It Apply to the Medical Practice?Now What Do We Do?

Presented by:Dr. Chery F. Kendrick

Kendrick Technical Serviceswww.DocChery.com

865-405-4255


http://www.docchery.com/

Define the Red Flag Rule Identify who must comply and why Identify risks for and ways to prevent,

detect or minimize the effects of identity theft

Discuss a compliance program to address risks and respond to flags

This Presentation Will:


Identifies Risk Factors Discusses Protective Measures Discusses Fraud Alerts Presents Simplified RFR Form Packages


How Does It Do That?

What is the Red Flag Rule?

The Red Flag Rule is a relatively new rule developed by the FTC (Federal Trade Commission) to help prevent identify theft and credit card fraud


Could this apply to you? YES!The FTC ruled medical practitioners must comply

The Red Flag Rule


If you are cash only …

… and all patients pay in full at time of service, you likely will not have any Red Flag Rule issues.

However , if you extend credit, bill patients, set up payment plans, or file insurance claims the RFR does apply to your practice.


We are considered creditors when we allow patients to pay over time or accept credit applications on their behalf, for example, through CareCredit or through their insurance.

Thus, we must have a program to address the risk of identity theft, and train employees.

Applicability to the Medical Practice


It’s not HIPAA- the RFR protects financial information not medical info

Specifically for protection of consumers (that would be our patients) from identity theft

HIPAA policies can overlap with the RFR in terms of identity protection (such as Social Security Numbers)

Isn’t This The HIPAA Rule??No, this is a cat of different stripes


So, let’s get started


How? What? Who? Designate a Privacy Officer, (for example, your Safety

Officer or Practice Manager) Determine potential risks in

your front office, billing and record keeping procedures (use checklist)

Have a written protocol on file

(use RFR policy)


Protecting the practice and its patient’s information is everyone’s concern from the front desk to the exam rooms to treatment areas and labs. All areas ,all personnel need to be made aware.

The Red Flag Rule also requires that we notify all suppliers, tech support,

cleaning crew, et al that their adherence to the Red Flag Rule compliance program is required

Get everyone involved


That’s where I come in

◦ As a regulatory specialist I understand your time constraints and “one more government regulation” to follow

◦ I have developed the tools you need◦ RFR policy◦ RFR Checklist◦ RFR Training Programs◦ It’s that simple

This could get overwhelming


Go over the risk assessment checklist (next slide)

Read the RFR policy Set up training for management

and all employees Send notification to vendors and

suppliers Review policy and training

annually

How do we proceed?


Risk Assessment Checklist

Has the clinic ever had a case of identity theft?

How do you protect patient’s personal information when transmitting payments or dealing with outside service providers such as insurance companies or pharmacies?


Potential cracks in protection

New Patient forms – what personal information do you collect?

DL#? SS#? Credit Card#?

When a patient calls for refill of meds, how is that billed? Account info accessed? How is file and info protected?

Secondary vendors: what information do they receive about patient?

Do vendors have own RFR protocol?© Chery F. Kendrick & Kendrick Technical Services

Clinic Training

All employees should be trained on the RFR compliance policy

As with all training there should be an annual review

New employees should have RFR training


Don’t Forget Staff Protection

Employee recordsSSNMedical informationChecking acct info for direct depositsPayroll information

Clinic Information Medical license numbers Credit card numbers Bank records


Beware of what you put in the trash un-shredded. Thieves use contents of trash containers to steal identities.

Shred all messages or notes with information about personal records such as addresses, and billing info.

Don’t forget electronic media: shred discs , clear out files before disposing of computer.

The Importance of Shredding


Now you have a plan in place to stop identity theft


On completing your Red Flag Rule training Main Points: 1) Guard personal information collected 2) Be careful with credit applications 3) Be vigilant and report suspicious activity 4) Review Red Flag Rule Protocol 5) Train new employees on Red Flag Rule

Congratulations!


Call “Doc Chery”Dr. Chery F. Kendrick Regulatory Specialist

Kendrick Technical Services865-405-4255

[email protected]

Questions?


mailto:[email protected]

http://www.kendricktechservices.com/

Dr. Chery F. Kendrick Regulatory Specialist

[email protected]

www.KendrickTechServices.com

Kendrick Technical Services


mailto:[email protected]

http://www.kendricktechservices.com/

© Chery F. Kendrick & Kendrick Technical Services.

Documents

Transcript of © Chery F. Kendrick & Kendrick Technical Services.