This draft analysis was provided by Healthcare Compliance Forum Council Chair, Rich Cohan.
Greetings,
I am sure that many of you are involved in implementing the FTC's Red Flag Rule to be implemented by Nov. 1, 2008. The following is current thinking on which red flags apply to healthcare. Agree, disagree, missing any? Your input is appreciated. Discuss it on the message board.
Rich
Red Flags that apply to Healthcare:
- Documents provided for identification appear altered or forged.
- Photograph or physical description on ID inconsistent with appearance of customer.
- Other information on ID inconsistent with information provided by person opening account.
- Information on ID, such as signature, inconsistent with information on file at creditor.
- Application appears forged or altered or destroyed and reassembled.
- Personal identifying information on ID inconsistent with external information sources: address in a consumer report, Social Security number has not been issued or appears on the Social Security Administration's Death Master File.
- Personal identifying information provided by the customer is inconsistent with other personal identifying information provided by the customer. For example, there is a lack of correlation between Social Security number range and date of birth.
- Personal identifying information (such as address or phone number) provided is associated with known fraud activity.
- Suspicious addresses supplied, such as a mail drop or prison, or phone numbers associated with pagers or answering service.
- Social Security number provided matches that submitted by another person opening an account or other customers.
- An address or phone number provided matches that supplied by a large number of applicants.
- The person opening the account fails to provide all identifying information in response to notification that the application is incomplete.
- Personal information provided is inconsistent with information already on file with creditor.
- Creditor is notified that customer is not receiving paper account statements.
- Creditor is notified of unauthorized charges or transactions on customer's account.
- Creditor is notified that it has opened a fraudulent account for a person engaged in identity theft.
Red Flags That May Apply to Healthcare
- Mail sent to customer repeatedly returned as undeliverable despite ongoing transactions on active account.
Red Flag Rules That Most Likely Do Not Apply to Healthcare
- A fraud alert is included with a consumer report.
- A consumer reporting agency provides notice of a credit freeze in response to a request for a consumer report.
- A consumer reporting agency provides a notice of address discrepancy.
- A consumer report indicates unusual credit activity, such as an increased number of accounts or inquiries.
- For financial institutions and creditors that use challenge questions, the person opening the covered account or the customer cannot provide authenticating information beyond what would be available from a wallet or consumer report.
- Shortly after change of address request, creditor receives request for new, additional or replacement card or cell phone or for the addition of authorized users on the account.
- A new revolving credit account is used in a manner commonly associated with known patterns of fraud patterns. For example, most of available credit is used for cash advances, jewelry or electronics, plus customer fails to make first payment.
- A covered account is used in a manner that is not consistent with established patterns of activity on the account. For example, nonpayment when there is no history of late or missed payments; a material increase in the use of available credit; a material change in purchasing or spending patterns; a material change in electronic fund transfer patterns; or a material change in telephone call patters for a cell phone.
- A covered account that has been inactive for a reasonably lengthy period of time is used (taking into consideration the type of account, the expected pattern of usage and other relevant factors.)