BP - Health Care Compliance Association
BP - Health Care Compliance Association
BP - Health Care Compliance Association
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ASK<br />
LEADERSHIP<br />
<strong>Compliance</strong> Today<br />
Needs You!<br />
The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
(HCCA) is seeking authors for<br />
<strong>Compliance</strong> Today. Every month<br />
<strong>Compliance</strong> Today offers health care<br />
compliance professionals information<br />
on a wide-variety of enforcement, regulatory,<br />
legal, and compliance program<br />
development and management issues.<br />
To do this we need your help!<br />
We are particularly interested in articles<br />
covering compliance concerns involving<br />
all segments of the health care industry,<br />
including Behavioral <strong>Health</strong>, Rehabilitation,<br />
Physician practices, Long-Term<br />
<strong>Care</strong>, Homecare and hospice, Ambulatory<br />
Surgery Centers, etc.<br />
For Details: E-mail Margaret Dragon<br />
with your topic ideas, format questions,<br />
etc. at margaret.dragon@hcca-info.org or<br />
call her at 781/593-4924.<br />
Articles generally run between 1,250<br />
and 2,500 words; this is not a limit, just<br />
a guide. <strong>Compliance</strong> Today uses the<br />
Chicago Manual of Style. We require<br />
footnotes to be 10 or less. All references<br />
must appear at the end of the article.<br />
Please do not use the footnote feature in<br />
Word. The author’s contact information<br />
must be included in the article as well as<br />
the article title. Articles should be submitted<br />
as a Word document with very<br />
limited formatting. Anyone interested<br />
in submitting an article for publication<br />
in <strong>Compliance</strong> Today should send an<br />
email to margaret.dragon@hcca-info.<br />
org which includes the article topic and<br />
deadline selected from the list below.<br />
IMPORTANT: For those who are<br />
Certified In <strong>Health</strong>care <strong>Compliance</strong><br />
(CHC), please note that CCB awards<br />
2 CEUs to authors of articles<br />
published in <strong>Compliance</strong> Today.<br />
Upcoming <strong>Compliance</strong> Today Deadlines:<br />
n April 2<br />
n April 20<br />
n May 6<br />
n May 18<br />
n June 1<br />
n June 15<br />
John Falcetano<br />
John asks the leadership<br />
your questions<br />
Editor’s note: John Falcetano is Chief Audit/<strong>Compliance</strong><br />
Officer for University <strong>Health</strong> Systems of Eastern Carolina and<br />
a long-time member of HCCA. This column has been created<br />
to give members the opportunity to submit their questions by<br />
e-mail to jfalcetano@suddenlink.net and have John contact<br />
members of HCCA leadership for their response.<br />
QUESTION: What are Red Flag Identity Theft Rules and do they apply to health care<br />
organizations?<br />
Answer: provided by John C. Falcetano, MA, CHC, CIA, Chief Audit & <strong>Compliance</strong> Officer,<br />
University <strong>Health</strong> Systems of Eastern Carolina Greenville, NC<br />
The FDIC, along with the other federal financial institution regulatory agencies and the<br />
Federal Trade Commission, issued the Red Flags provision of the Fair and Accurate Credit<br />
Transactions Act in October 2007. The final rules and guidelines on identity theft red flags<br />
took effect on November 1, 2008, although enforcement has been suspended until May 2009.<br />
The rules require financial institutions to establish reasonable procedures for identifying and<br />
preventing identity theft.<br />
The rules apply to health care providers because they use consumer reports to check for<br />
criminal backgrounds and credit histories as part of their employment process. In addition,<br />
many health care providers are considered creditors, because they do not require payment when<br />
services are rendered. Creditors in the health care field must also watch for signs of medical<br />
identity theft (i.e., someone obtaining medical services or benefits by using stolen health insurance<br />
information).<br />
Although the rules allow organizations flexibility in establishing their own internal compliance<br />
programs, there are some mandatory requirements that must be included in order to comply<br />
with the rules. For example, the rules require:<br />
n Each financial institution or creditor to develop and implement a written identity theft<br />
prevention program to detect, prevent, and mitigate identity theft in connection with the<br />
opening of certain accounts or certain existing accounts.<br />
n Credit and debit card issuers to assess the validity of notifications of changes of address<br />
under certain circumstances.<br />
n If there is a conflict between information provided on applications and credit reports, financial<br />
institutions must review discrepancies.<br />
Examples of identity theft red flags that financial institutions should consider as part of their<br />
identity theft prevention programs are also included in the rules. Information about the rules<br />
can be found at: http://www.fdic.gov/news/news/financial/2007/fil07100.html n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
25<br />
March 2009