Identity Theft Prevention Program (ITPP) Policy for _______________________
1. Purpose: To establish procedures and policies to protect patient medical and financial information in compliance with the Red Flags Rule issued by the Federal Trade Commission.
2. Policy: This policy will identify and detect any relevant patterns, practices, and activities that are Red Flags, indicating possible warnings of identity theft, to respond appropriately to those Red Flags, and to prevent and mitigate the harm suffered by any person whose information is used unlawfully.
3. Definitions: 3.1. Covered Accounts “An account primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions.” “Any other account … for which there is a reasonable, foreseeable risk to customers or to the safety and soundness of the creditor from identity theft.” 3.2. Personal Identifying Information The person’s first and last name in combination with any information that could be used to access a person’s financial resources, including but not limited to Social Security number, driver’s license, passport, California identification card, passwords, or debit/credit card numbers. 3.3. Red Flags Patterns, practices, and activities that indicate possible medical identity theft.
4. Procedures 4.1. Identify possible Red Flag warnings of identity theft. The following is a list of Red Flags to look for in the daytoday operations of the practice: 4.1.1.Alerts •
A fraud or active duty alert that is included in a patient’s consumer report.
•
A consumer reporting agency provides a notice of credit freeze in response to a request for a consumer report.
•
A consumer report agency provides a notice of address discrepancy.
•
A consumer report indicates a pattern of activity that is inconsistent with the history and usual pattern of activity of a patient (examples: increase in the volume of inquires, an unusual number of recently established credit relationships, a material change in the use of credit, or an account that was closed for cause or identified for abuse of account privileges by a creditor).
4.1.2.Suspicious Documents •
Documents provided for identification by a patient appear to have been altered or forged.
•
The photograph or physical description on identification presented by the patient is not consistent with the appearance of the patient.
•
Other information on the identification is not consistent with information provided by the patient.
•
Other information on the identification is not consistent with readily accessible information that is in our files, such as a signature or recent check.
•
An application appears to have been altered or forged, or gives the appearance of having been destroyed and reassembled.
Page 1 of 4, dated 22 April 2009