IDENTITY THEFTIDENTITY THEFT

RHONDA L. ANDERSON, RHIA, PRESIDENT

ANDERSON HEALTH INFORMATION SYSTEMS, INC.

Facility will: Have a ”Red Flag” identity theft

prevention and compliance program to prevent and mitigate identity theft

Identify and monitor red flags that may indicate theft of information about a resident that could be used for medical identity theft

Respond to any red flags that may indicate possible identity theft on a case by case basis

Facility will: Have a system for the Administrator and

the Quality Assurance/Continuous Quality Improvement Committee to approve the identity theft prevention and compliance program;

Periodically but no less than annually, review compliance, effectiveness, incidents, actions and recommendations for revisions of the program.

Staff involved in the identity theft prevention program will be trained on identification and detection of “red flags” during orientation and job specific training as applicable.

The facility will include red flag procedures in training of all applicable personnel.

Best practice for electronic records The facility may have flag or alert when changes

that are a warning and “flashes – red flag warning or similar statement” that alerts to the data that would be considered as high risk for medical theft and integrity. This “Red Flag” warning will alert the user of the need for further authentication.

Identify facility employees who are authorized to make changes to residents demographic information; these individuals will be responsible for the identifying “red flags” Business office Medical records Social services

Facility staff will forward any requested changes to employees authorized to make changes, i.e., anyone bringing a change of address to nursing staff or other key identification information will be referred to employees who are charged with assuring identification, insurance information, etc. are confirmed.

Five types of “red flags” personnel for oversight of the identity theft program should be familiar with: Alerts or warnings received from consumer

reporting agencies Presentation of suspicious documents Presentation of any suspicious

personal identifying information Suspicious activity related to covered

accounts

Five types of “red flags” personnel for oversight of the identity theft program should be familiar with: Any notices received from identify theft

victims, law enforcement agencies, or other parties containing information related to identity theft as to covered accounts

Authenticate the following information: Suspicious documents Name changes Social Security number changes Medicare/Medicaid number changes Health Maintenance Organizations (HMOs),

Insurances, MediCal/Medicare, Prescription Drug Program (PDP) and Name of PDP changes

Identity theft report by victims, law enforcement agencies or other parties.

In the event of any of the above, the facility will request further verification of information such as verification with appropriate identification documents drivers license, other verification information, addresses, Social Security Administration, HMO company etc.

A person or entity that performs an activity in connection with a covered account on behalf of the facility. Examples: collection agencies, billing

companies is considered a service provider

Service providers will be contractually obligated to take reasonable steps to detect, prevent, and mitigate the risk of identity theft of covered accounts.

Any identified Red Flags will be reported to the facility for further appropriate action as per facility policy.