RED FLAGS IDENTITY THEFT PREVENTION PROGRAM. For purposes of the Program, the following terms are defined as:

Similar documents
ALLINA HOSPITALS & CLINICS IDENTITY THEFT INVESTIGATION PROTOCOL CHECKLIST

Alabama Workforce Investment System

University of Wisconsin-Madison Policy and Procedure

Signature (Patient or Legal Guardian): Date:

SUPERSEDES: New CODE NO SECTION: Physician Services. SUBJECT: Disruptive Practitioner Behavior POLICY & PROCEDURE MANUAL POLICY:

Patient Access Education: Experiencing the Benefits of Patient Access Training and New Employee Onboarding

Occupational Safety and Health Council Hong Kong Safety and Health Certification Scheme

ALBUQUERQUE POLICE DEPARTMENT PROCEDURAL ORDERS. SOP 2-8 Effective:6/2/17 Review Due: 6/2/18 Replaces: 4/28/16

Clinical Compliance Program

MARYLAND LONG-TERM CARE OMBUDSMAN PROGRAM POLICY AND PROCEDURES MANUAL

PATIENT INFORMATION Please Print

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector. ANN CAVOUKIAN, Ph.D. COMMISSIONER

Please Note: Please send all documentation related to the credentialing portion of this documentation to:

U.S. Department of Education Office of Inspector General

Health Information Privacy Policies and Procedures

Understanding the MUI/UI Reporting System

DEPARTMENT OF HUMAN SERVICES AGING AND PEOPLE WITH DISABILITIES DIVISION OREGON ADMINISTRATIVE RULES CHAPTER 411 DIVISION 58

Affordable Concierge New Patient Registration

FINANCIAL AID POLICIES AND PROCEDURES

RULES AND REGULATIONS OF THE MAINE STATE BOARD OF NURSING CHAPTER 4

Present Address Telephone ( ) Street City State Zip. Permanent Address Telephone ( ) Social Security Number / / address

APPLICATION INSTRUCTIONS FOR INITIAL LICENSURE BY EXAMINATION FOR REGISTERED NURSES GENERAL INFORMATION

INVESTIGATION REPORT

REGISTERED DIETITIANS AND REGISTERED NUTRITIONISTS PROFESSION REGULATION

Biennial Audit of the Shakopee Police Department Automated License Plate Reader System Conducted by LEADS Consulting

PATIENT SAFETY & RISK SOLUTIONS. GUIDELINE Terminating a Provider Patient Relationship

Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL

Football & Cheerleading. Youth Sports Coaches Volunteer Application

APPLICATION CHECKLIST IMPORTANT

MAINE STATE BOARD OF NURSING

I. SUBJECT: PORTABLE VIDEO RECORDING SYSTEM

Cloning and Other Compliance Risks in Electronic Medical Records

State of Florida Department of Health. Board of Osteopathic Medicine. Application for Registration as an Osteopathic Physician in Training

Page 1 CHAPTER 31 SCREENING OUTREACH PROGRAM. 10: Screening process and procedures

Anti-Fraud Plan Scripps Health Plan Services, Inc.

PRIVACY BREACH MANAGEMENT POLICY

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

AUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director

REGISTERED DIETITIAN

NATIONAL CRIME INFORMATION CENTER (NCIC)

New Jersey Administrative Code _Title 10. Human Services _Chapter 126. Manual of Requirements for Family Child Care Registration

State Operations Manual. Appendix V Interpretive Guidelines Responsibilities of Medicare Participating Hospitals In Emergency Cases

USAccess Program Overview & Process Walk -Though

NORTH CAROLINA DEPARTMENT OF HEALTH AND HUMAN SERVICES DIVISION OF SOCIAL SERVICES CHILD WELFARE SERVICES

Go! Guide: Registration in the EHR

TIFT REGIONAL MEDICAL CENTER MEDICAL STAFF POLICIES & PROCEDURES

MAINE STATE BOARD OF NURSING

Current Status: Active PolicyStat ID: COPY CONTRACTOR, MEDICAL STAFF, REFERRAL SOURCE AND EMPLOYEE SCREENING POLICY

A Guide for Students

Department of Defense DIRECTIVE

MARATHON COUNTY DEPARTMENT OF SOCIAL SERVICES REQUEST FOR PROPOSALS RESTORATIVE JUSTICE PROGRAMS

Investigation Report H2017-IR-02 Investigation into multiple alleged unauthorized accesses of health information at South Health Campus

Office of Inspector General

Compliance Program Code of Conduct

Access to Health Records Procedure

PATIENT BILL OF RIGHTS & NOTICE OF PRIVACY PRACTICES

We want to thank you for your interest in the Orion Weight Loss Program. We are looking forward to helping you reach your weight loss goal.

SECTION A PERSONAL INFORMATION

A general review of HIPAA standards and privacy practices 2016

PAROLE DIVISION TEXAS DEPARTMENT OF CRIMINAL JUSTICE NUMBER: PD/POP DATE: 12/04/17. PAGE: 1 of 10 POLICY AND OPERATING PROCEDURE

The Health Insurance Portability and Accountability Act (HIPAA) Implementation via Case Law

Standard Operating Procedure. References Physician Guideline: Chronic Pain, Management of

Section VII Provider Dispute/Appeal Procedures; Member Complaints, Grievances, and Fair Hearings

For detailed information regarding the programs and services, as well as information about the Department itself, please visit

For detailed information regarding the programs and services, as well as information about the Department itself, please visit

ILAC Leadership Scholarships for Hispanic Women

Chapter 9 Legal Aspects of Health Information Management

Sign and return included forms. (Authorization to Release Information Form, Background Check Form and Vehicle Use Agreement)

GUIDE TO SERVICES Service Coordination

HEALTH HISTORY QUESTIONNAIRE

MADISONVILLE COMMUNITY COLLEGE Nursing Division Student Background Policy and Procedure

Section 2 Sponsor Eligibility & Responsibilities

HIPAA Education Program

An Interview With. Thomas P. Lenox. Supervisory Special Agent, Drug Enforcement Administration. Interview by Roneet Lev, MD

BOARD POLICY UTILIZATION REVIEW PLAN OF THE UNIVERSITY HOSPITAL. As a result of the discussion, the following standards were established:

INSTRUCTIONS FOR REINSTATEMENT, REACTIVATION AND RESUMPTION OF PRACTICE APPLICATION OF A NEW JERSEY LICENSE

Network Participant Credentialing Application

7. Self-Assessment for Healthcare Facilities

Department of Defense DIRECTIVE

Medicare Program; Announcement of the Reapproval of the Joint Commission as an

Inmate Visits. June 8, 2006 June 26, 2006 Robert D. Hofmann, Commissioner Date Signed Date Effective

Applicable To: Central Records Unit employees, Records Section Communications, and SSD commander. Signature: Signed by GNT Date Signed: 11/18/13

PHILADELPHIA COLLEGE OF OSTEOPATHIC MEDICINE COMPLIANCE AND ETHICS PROGRAM MANUAL

CITY OF BRANDON POLICE DEPARTMENT APPLICATION FOR EMPLOYMENT. ALL applicants MUST attach items 1, 2, 3, 4 I. PERSONAL HISTORY

THE PAYCHEX SEARCH FOR AMERICA S MOST UNIQUE SMALL BUSINESS OFFICIAL RULES

MEDICINES FOR HUMAN USE (CLINICAL TRIALS) REGULATIONS Memorandum of understanding between MHRA, COREC and GTAC

Defense Biometric Identification System (DBIDS) Overview

Basic Information. Date: Patient s Name: Address:

FAFSA & Application Update

Application for Reactivation of a Licence in Nova Scotia

Filer Police Department 300 Main Street Office: P.O. Box 140 Dispatch: Filer, Idaho Fax:

CHAPTER 63D-9 ASSESSMENT

INLAND EMPIRE HEALTH PLAN CODE OF BUSINESS CONDUCT AND ETHICS. Our shared commitment to honesty, integrity, transparency and accountability

St. Vincent s Health System Page 1 of 6. TITLE: PREVENTION OF AND RESPONSE TO INFANT/CHILD ABDUCTIONS CODE ADAM - INFANT or CHILD

NURSING HOME ADMINISTRATOR REQUIREMENTS AND INSTRUCTIONS

POLICY NO.: POLICY AND PROCEDURE Subject: Patient Identification and Wrist Bands SUPERSEDES: ORIGINAL DATE: PAGE: I. POLICY: II. DEFINITIONS: PC_01

Sign and return included forms. (Background Check Form, Authorization to Release Information Form, and Vehicle Use Agreement)

1. P U R P O S E 2. D E F I N I T I O N S. Policy Section: Supports and Services Title: Criminal Record Check Policy: Service Delivery

DEPARTMENT OF EMERGENCY MEDICINE RULES AND REGULATIONS Effective June 30, 2014 TABLE OF CONTENTS. Page ARTICLE I Statement of Purpose 2

REQUEST For QUALIFICATIONS (RFQ) REAL ESTATE PROFESSIONAL SERVICES

Transcription:

RED FLAGS IDENTITY THEFT PREVENTION PROGRAM The Board Directors of Springhill Hospitals, Inc. ( Hospital ) approved this Identity Theft Prevention Program ( Program ) at a duly held meeting on August 17, 2009. The Program was developed in order to comply with the Federal Trade Commission s Identity Theft Prevention Red Flags Rule (16 CFR 681.2). This Program has been created in consultation with after conducting an assessment of risk of Identity Theft associated with certain Covered Accounts (as defined below) offered by the Hospital. I. Definitions For purposes of the Program, the following terms are defined as: Covered Account means (i) any account Hospital offers or maintains primarily for personal family or household purposes, that involves multiple payments or transactions, including one or more deferred payments; and (ii) any other account the Hospital identifies as having a reasonably foreseeable risk to customers or to the safety and soundness of the Hospital from Identity Theft. As of January 1, 2009, the Hospital has identified the following types of accounts as Covered Accounts 1) non-emergency patient billing 2) patient payment plan Identity Theft means fraud committed using the identifying information of another person; Red Flag means a pattern, practice, or specific activity that indicates the possible existence of Identity Theft II. Program Purposes The purposes of the Program are to: 1) Identify the relevant Red Flags based on the risk factors associated with the Hospital s covered accounts; 2) Institute policies and procedures for detecting Red Flags; 3) Identify steps the institution will take to prevent and mitigate Identity Theft; and 4) Create a system for regular updates and administrative oversight to the Program. III. Identification of Red Flags The Identity Theft Red Flags Mitigation and Resolution Procedures (Appendix A) identifies the Red Flags that would be most relevant to the Hospital. The Red Flags generally fall within one of the following general types of Red Flags: 1) Suspicious Documents; 2) Suspicious Personal Identifying Information; 3) Suspicious or Unusual Use of Covered Account; and

4) Alerts from Others (e.g. customer, Identity Theft victim, or law enforcement) IV. Detection of Red Flags In order to facilitate detection of the Red Flags identified in Appendix A, Admissions will take the following steps to obtain and verify the identity of the person. A. New Patients/Accounts 1) Require identifying information (e.g., full name, date of birth, address, government issued ID, insurance card, etc.) 2) When available, verify information with insurance company s information 3) Run an Accurint check to validate information given by the patient. B. Existing Accounts 1) Verify validity of requests for changes of billing address 2) Verify identification of customers before giving out any personal information V. Preventing and Mitigating Identity Theft In order to prevent and mitigate the effects of Identity Theft, staff will follow the appropriate steps identified in the attached Identity Theft Red Flags Mitigation and Resolution Procedures (Appendix A). VI. Program Administration The Identity Theft Committee is responsible for developing, implementing, administering and updating the Program. The Privacy Officer will be responsible for developing a training program for staff identified by Privacy Officer as responsible for or having a role in implementing the Program. VII. Service Provider Arrangements Hospital will require, by contract, that service providers that perform activities in connection with Covered Accounts have policies and procedures in place designed to detect, prevent and mitigate the risk of Identity Theft with regard to the Covered Accounts. VIII. Updating of Program The Identity Theft Committee will periodically review the effectiveness of the Program and update the Program to reflect the addition or removal of Covered Accounts, and changes in risks to patients/covered account holders from Identity Theft.. Page 1 of 8

Attachment A Relevant Identity Theft Red Flags Mitigation and Resolution Procedures IDENTITY THEFT RED FLAG Documents provided for identification appear to have been altered or forged. Personal identifying information provided by the customer is not consistent with other personal identifying information provided by the patient. For example, there is a lack of correlation between the Social Security Number (SSN) range and date of birth. The SSN provided is the same as that submitted by other persons opening an account or other customers. Patient provides an insurance number but identity associated with the insurance number does not match the information given by the patient. PREVENTION/MITIGATION PROCEDURE Stop the admissions/billing process and require applicant to provide additional satisfactory information to verify identity. Stop the admissions/billing process and require applicant to provide additional satisfactory information to verify identity. Stop the admissions/billing process and require applicant to provide additional satisfactory information to verify identity. Stop the admissions/billing process and require applicant to provide additional satisfactory information to verify identity. RESOLUTION OF RED FLAG process. process. process. process. Contact insurance company as necessary. Page 2 of 8

Records showing medical treatment that is inconsistent with a physical examination or with a medical history as reported by the patient (e.g., inconsistent blood type). Complaint/inquiry from an individual based on receipt of: -a bill for another individual -a bill for a product or service that the patient denies receiving -a bill from a health care provider that the patient never patronized - a notice of insurance benefits (or Explanation of Benefits ) for health services never received. Complaint/inquiry from a patient about information added to a credit report by a health care provider or insurer Complaint or question from a patient about the receipt of a collection notice from a bill collector. individuals as appropriate, review previous files for potential inaccurate records. Items to consider include: blood type, age, race, and other physical descriptions that may be evidence of medical identity theft. individuals as appropriate individuals as appropriate individuals as appropriate Page 3 of 8 Depending on the inconsistency and review of previous file, either delay/do not open a new covered account, or terminate services. Terminate treatment/credit until identity has been accurately resolved; refuse to continue attempting to collect on the account until identity has been resolved. Terminate treatment/credit until identity has been accurately resolved; refuse to continue attempting to collect on the account until identity has been resolved. Terminate treatment/credit until identity has been accurately resolved; refuse to continue attempting to collect on the account until identity has been resolved.

Mail sent to the patient is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the patient's covered account. Hospital is notified by a customer, a victim of identity theft, a law enforcement authority, or any other person that it has opened a fraudulent account for a person engaged in identity theft. Personal identifying information provided by the patient is associated with known fraudulent activity as indicated by internal or third-party sources used by the Hospital. For example: - The address on an application is the same as the address provided on a fraudulent application; or - The phone number on an application is the same as the number provided on a fraudulent application. Skip-tracing procedures are used to find the patient s current mailing address. Investigation to determine if billing was made fraudulently. individuals as Patient is found and contact information is updated. process. Contact insurance company as necessary. Terminate treatment/credit until identity has been accurately resolved; refuse to continue attempting to collect on the account until identity has been resolved. Page 4 of 8

Suspicious patterns, practices or other activity of an employee or other system user revealed through an audit or any other proactive resource. Monitoring of system users accessing patient files and noting suspicious activity. Investigation under the direction of the Privacy Officer and Administration. Issue Sanctions as IX. Specific Departmental Procedures for Mitigating Identity Theft PROCEDURE: Emergency Room: 1) After the medical screening by the physician, patients in stable condition will be asked for photo identification. 2) The identification is scanned into POSC/SRM by the registration clerk. 3) If the patient does not have photo identification, a photo will be taken and scanned into POSC/SRM. This includes children without photo identification. The child s photo should be taken and scanned along with the parent s ID. 4) The clerk should ensure that the patient signs the consent with the same name as the name provided. 1) Patients will be asked for photo identification. Front Admissions: 2) The identification is scanned into POSC/SRM by the registration clerk. 3) If the patient does not have photo identification, a photo will be taken and scanned into POSC/SRM. This includes children without photo identification. The child s photo should be taken and scanned along with the parent s ID. Post-Discharge Reports of Identity Theft: 1) The victim will be required to complete the following steps, in order for the account balance to be removed from their name: a. Produce their ID and allow us to copy it for our records b. Sign a forgery affidavit Page 5 of 8

c. File a police report and provide a copy for our records. If the victim refuses to file a report, then SMH legal counsel should be consulted. 2) The above documentation is scanned in the medical record that is in question and the photo ID is scanned into SRM. 3) The following people are notified immediately when identity theft is alleged. Admissions Director, ER Admissions Supervisor, Business Office Director/Business Office Manager, Health Information Management Director or Assistant Director, The Privacy Officer should be notified of all alleged identity theft occurrences. The Privacy Officer will notify Homeland Security Office of Investigations (251)441-5739 when necessary. (Note: Medical records are not to be provided to the agents. Only the name of the victim, the name of the individual alleged to have stolen the victim s identity, if known, and the date of the occurrence are provided.) 4) The Admitting Office will place a note on the visit level, clearly detailing the allegation, and also add an alert to Registrar stating Alleged identity theft positive ID required to notify anyone attempting to register the patient, that the patient s identity is in question. 5) Once the victim s I.D, police report and forgery affidavit have been received, Identity Theft will be prominently noted on each document in the chart by adding an annotation on the image in SRM. 6) Billing is immediately suspended when identity theft is alleged. If, after 30 days, the requested paperwork has not been received, the account is taken off suspension and billing resumes. 7) Once the required paperwork has been received (police report, affidavit, and ID) the allegation will be considered substantiated. When it has been substantiated by the victim, the account balance is adjusted with the code designated for identity theft. 8) When the claim of identity theft has been confirmed, documentation is moved from the electronic record by performing the following steps. a. If the offender s identity is unproven, the patient s name is changed to Theft, Identity F with a medical record number of 299975 for females and Theft, Identity M with a medical record number of 299918 for males in AM_PFM in order to remove the electronically stored documentation from the record of the individual whose identity was used to obtain services. For future reference, the demographic data is to remain that of the individual whose identity was used to obtain services. b. If the offender s identity is proven, the patient s name is changed to that of the individual who received the treatment. If the patient has an existing MRN, the account is moved to the correct MRN for the patient. If the patient has not previously been to Springhill, a new MRN will be assigned. Each of the downstream systems must be verified to ensure the documentation is displayed under the correct MRN and name. Page 6 of 8

c. A note is placed at the account level in SRM, stating that this was a case of identity theft. The victim s name may be used in the note for future reference. d. Notify Eclipsys Sunrise Clinical Manager support that changes are being made. e. Each dictated report in emon updates automatically when the name is changed in AM_PFM. f. Sunrise Clinical Manager auto-updates as well, so no merging or moving of records is necessary. g. Notify Radiology, Electrodiagnostics and the Lab to ensure the patient name change updated their systems as well. 9) If payment has been received from a third party payor, payments will be refunded after it is determined that identity theft has occurred. 10) The Identity Theft Committee reserves the right to make further decisions on a case-by-case basis as necessary. Page 7 of 8

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback