idBUSINESS Red Flag Rules For Dentists

910 views

Published on

In our rapidly changing healthcare environment, dentists need to understand not only what compliance requirements they need to meet, but how to use that compliance to strengthen their practice and build trust with patients.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
910
On SlideShare
0
From Embeds
0
Number of Embeds
38
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

idBUSINESS Red Flag Rules For Dentists

  1. 1. Red Flag Compliance for Dental Practices May 17, 2009 1
  2. 2. Our goals today 2
  3. 3. Our goals today ‣ To give you the WHAT… 2
  4. 4. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules 2
  5. 5. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules ‣ ...review the HOW… 2
  6. 6. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules ‣ ...review the HOW… ‣ demo the idBUSINESS Red Flag Compliance Module 2
  7. 7. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules ‣ ...review the HOW… ‣ demo the idBUSINESS Red Flag Compliance Module ‣ but also give you the WHY 2
  8. 8. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules ‣ ...review the HOW… ‣ demo the idBUSINESS Red Flag Compliance Module ‣ but also give you the WHY ‣ Why information security should be a part of your business 2
  9. 9. An issue of PATIENT CARE “The possibility for medical identity theft gives rises to a duty to monitor for the potential that patients may be victims. The prudent provider will also monitor employee and vendor access to patient data.” - World Privacy Forum, 9/24/08 3
  10. 10. What this means 4
  11. 11. What this means ‣ Medical identity theft is on the rise ‣ Costs $192 per record to restore ‣ Often an inside job ‣ Organized crime is involved 4
  12. 12. What this means ‣ Medical identity theft is on the rise ‣ Costs $192 per record to restore ‣ Often an inside job ‣ Organized crime is involved ‣ Dental offices are unique ‣ Reliance on office manager to run operations ‣ No line between your brand and your name 4
  13. 13. The Opportunity ‣ There is a unique opportunity to grow a practice by leveraging strong information security policy and sharing it with patients ‣ Build trust with patients ‣ Strengthen employee relationships ‣ Tighten operations with vendors 5
  14. 14. The facts 30% 40% 60% 70% Business has suffered breach Thief is employee or knows employee Business has yet to incur a breach Thief is unknown • Since 2/15/05, over 251,000,000 Americans have had identities or other personal information compromised 6
  15. 15. The facts The average breach and its impact on customer confidence is growing. 58% of customers will lose confidence in your business after a breach. 31% of your customers will immediately cease doing business with you following a breach. Source: Ponemon Institute, 2008. 7
  16. 16. The Red Flag Rules 8
  17. 17. The Red Flag Rules ‣ Sections 114 & 315 of the Fair and Accurate Credit Transactions Act 8
  18. 18. The Red Flag Rules ‣ Sections 114 & 315 of the Fair and Accurate Credit Transactions Act ‣ Applies to you if: 8
  19. 19. The Red Flag Rules ‣ Sections 114 & 315 of the Fair and Accurate Credit Transactions Act ‣ Applies to you if: ‣ you hold “covered accounts” 8
  20. 20. The Red Flag Rules ‣ Sections 114 & 315 of the Fair and Accurate Credit Transactions Act ‣ Applies to you if: ‣ you hold “covered accounts” ‣ your customer records present a “reasonably foreseeable risk of identity theft” 8
  21. 21. Why are dentists COVERED ENTITIES? ‣ Accepting insurance ‣ Deferral of 100% of payment, you collect enough patient data to collect the remainder that insurance does not pay. ‣ Reasonably foreseeable risk ‣ Your patient files are a treasure trove ‣ Each record worth between $80-300 each* * Source: Black Market Identity Auction attended by Net Reaction mole, 2008. 9
  22. 22. Red Flag REQUIREMENTS 10
  23. 23. Red Flag REQUIREMENTS 1. A Written Information Security Program 10
  24. 24. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 10
  25. 25. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 10
  26. 26. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 4. Must deliver compliance report on at least an annual basis 10
  27. 27. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 4. Must deliver compliance report on at least an annual basis 5. Must contain mechanism to train employees 10
  28. 28. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 4. Must deliver compliance report on at least an annual basis 5. Must contain mechanism to train employees 6. Must contain an incident response capability 10
  29. 29. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 4. Must deliver compliance report on at least an annual basis 5. Must contain mechanism to train employees 6. Must contain an incident response capability 7. Must ensure that vendors and suppliers are also compliant 10
  30. 30. “What happens if I don’t comply?” • Noncompliance carries several penalties – Civil Liability – Class-Action Lawsuits – Federal Fines – State Fines 11
  31. 31. “Didn’t the ADA send me something?” • The ADA’s written template still leaves you vulnerable: – No vendor integrity assessment – No employee training, just signature line – No mitigation of damages in the event of an incident • Who will you call when you have a question? • No context of how Red Flag Policy fits into your business – What’s worth doing is worth doing right. – Missing an opportunity to GROW your practice 12
  32. 32. The solution ‣ The idBUSINESS Red Flag Compliance Module ‣ Built on real-world forensic fieldwork ‣ Includes tools & benefits that actively involve employees in your compliance efforts ‣ Transitions information security from a compliance issue into a competitive advantage 13
  33. 33. The Red Flag Compliance Module ‣ Secure online interface 14
  34. 34. The Red Flag Compliance Module ‣ Learning tools available as text or video webinar 15
  35. 35. The Red Flag Compliance Module ‣ Risk Assessment tool provides ranking of your company in 12 key focus areas 16
  36. 36. The Red Flag Compliance Module ‣ Customizable checklist of 26 Red Flags to meet requirements of FACT Act 17
  37. 37. The Red Flag Compliance Module ‣ Employee training automated & easy, integrates automatically with your compliance report 18
  38. 38. The Red Flag Compliance Module ‣ Ability to evaluate supplier compliance practices using 19
  39. 39. The Red Flag Compliance Module ‣ Access individual identity recovery protection using FraudStop and Restore from ID Experts ‣ Available as employee benefit, cafeteria-style add-on, customer blanket, or new revenue stream ‣ In the event of a breach, one-click access to best-in- breed data breach services and forensic services 20
  40. 40. So I’m compliant... ‣ NOW WHAT? ‣ Don’t let it sit on a shelf ‣ Talk to your employees ‣ Talk to your patients ‣ Use your policy as a practice-building tool 21
  41. 41. A final word ‣ “I understand the mindset of other dentists in practice for themselves, and that it is easy to minimize identity theft as a business threat or a patient care issue. It is low on their list of priorities, which is unfortunate because if and when a patient data breach occurs, we are by law responsible. I personally would recommend that dentists act with a sense of urgency to become compliant with the FTC ‘Red Flag Rules’ both to avoid penalty and to protect your patients from a life-wrenching identity theft experience. You’ll be protecting yourself as well, and as a result, will sleep better at night.” Dr. Miles Collett, DDS 22
  42. 42. Thank you! ‣ To learn more, please visit idBUSINESS.com ‣ Discounts are available for some dental associations - check with your association or call Carla Adams, 303-810-3091 23

×