Protecting the Identity of the "ambulatory patients".

^{We cannot be mistaken for the amount of damage that can be done in little to no time at all when it comes to the identity of our patients should someone knowingly steal or take from their identity. We have developed a Plan and a Policy with procedures and measures you and your staff must go through in order to safeguard your patient as much as humanly possible. It is one of their rights in expecting this of us, and we must give it our all and our best shot. Take a look at the below and see if u can agree with me?}

POLICY:

To detect, prevent and mitigate instances of identity theft which could impact the Center’s operations, as well as affect the health and safety of the patients.

PURPOSE:

Effective May 1, 2009, the Federal Trade Commission extended their “Red Flag Rules” to apply to hospitals, physicians and other health care providers.

Under the Red Flag Rules health care providers must develop and implement a written identity theft prevention program that is designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Surgery Center’s medical and billing records contain patient’s name, address and other personal and financial identifying information and are therefore under FTC guidelines considered a covered account.

DETECTION:

The Surgery Center is required to identify relevant red flags for covered accounts. The following are examples of possible Red Flags:

• Registration Process
o The patient’s identification is inconsistent with the patient’s name (e.g. driver’s license has different last name than provided by patient).
o The patient provides suspicious documents such as fraudulent ID or insurance card.
o Patient refuses to present or has no identification or insurance card with them.
o Information obtained during verification of benefits by insurance company is inconsistent with surgeon’s intake sheet.
o Insurance company’s verification of annual and lifetime accumulated benefits are materially different from the patient’s representations.

• Clinical Processes
o Records showing medical treatment that is inconsistent with a physical examination or with a medical history as reported by the patient.
o Instance or pattern of unusual medical care that appears on the patient’s medical chart.


• Billing and Collection Process
o Patient complains that they received an explanation of benefits or bill for services not rendered.
o Patient complains or questions information added to their credit report by the Surgery Center.
o A dispute of a bill by a patient who claims to be a victim of identity theft.
o Insurance benefits are denied or reduced because the lifetime cap has been reached.
o Patient received a bill for another individual
o The Surgery Center receives a note or inquiry from an insurance fraud investigator for a private insurance company or a law enforcement agency.

PREVENTION

The Surgery Center believes that they have a fiduciary responsibility to make patient privacy and security of personal information a priority and has implemented the following policies:

• All patients must present a valid photo id (or positive identification) upon registration.
• Restricted access to all patient records to appropriate personnel.
• Secured and proper destruction of all printed patient information.
• Password protection on all patient related software.
• Removal of all personal information or password protection on e-mails.
• Removal of patient’s credit card numbers from mail in payment vouchers before scanning in medical records.
• Periodic updates of authorized users on patient software.
• Verification of insurance benefits for all new patients with third party payers.
• Complete review of patient’s medical records and history by qualified medical personnel looking for any inconsistencies.
• Requiring that all service providers develop there own or adopt the Centers Red Flag policy.

MITIGATION

• Center employees are to immediately report any suspected or detected Red Flags to the Executive Director or the Director of Operations in his/her absence. The Executive Director or designee will immediate review and monitoring the covered account for evidence of identity theft.

The following are the steps that may need to be taken if deemed appropriate in the event of a suspected or detected Red Flag:

• Contacting the patient to discuss the suspicious activity.
• Restricting access and/or closing the covered account.
• Notifying appropriate law enforcement or third party payer fraud control units.
• Performing audit on staffs’ access to patient personal information.
• Contacting referring surgeon’s office to compare and contrast patient health and personal information.
• Refunding amounts collected by third party payers on fraudulent covered account.
• Suspend collection activities on covered account.
• Modify the medical record on the covered account to expunge the fraudulent portions.
• Other as deemed appropriate.

ADMINISTRATION

The Surgery Center’s Red Flag policy needs to be approved by the Board of Managers and is overseen by the Executive Director.

The Executive Director is responsible for the following items:

• Training of existing and new employees on Red Flag policy and procedures
• Program Implementation
• Compliance of Red Flag Program
• Periodic review and changes to Red Flag Policy
• Annual reporting to Board of Managers of Red Flag program to include:
o Center compliance with program
o Programs effectiveness
o Material matters relating to service provider arrangements
o Significant incidents of identity theft
o Recommended changes to program.