|
|
|
 FAQs
Frequently asked questions about the FTC's "Red Flags" Rule and veterinary practices Q:Why should I be worried about identity theft? A:We should ALL be worried about identity theft. It's growing, and it's a very lucrative crime. Unlike stolen cash, stereos or drugs, identities can be sold over and over again. People whose identities are stolen spend countless hours and dollars trying to fix their credit rating and reestablishing their reputations. Often, irreparable damage is done to the victim's identity. Many people believe identity theft is only financial in nature, but this is not true. It actually can include any aspect of your identity, including your medical, driver's license, Social Security, professional, criminal and financial identities. As a respected member of the veterinary profession and a business owner, you have ethical and legal responsibilities to protect your clients' and employees' personal information as much as possible. You don't want it to happen to you, and you certainly don't want to be blamed for the theft of a client's identity. Q:What is the "Red Flags" Rule? A:The "Red Flags" Rule is basically a regulation issued by the Federal Trade Commission (FTC) under the Fair and Accurate Credit Transactions Act (FACTA), a federal law passed in 2003 to strengthen protection against identity theft. Q:What are the basic aspects of the "Red Flags" Rule? A:Simply put, the "Red Flags" Rule requires you to develop and implement a written identity theft prevention program which is updated as needed; train all employees to implement the program; and oversee your vendors and service providers to ensure they also provide sufficient precautions to prevent, detect and mitigate identity theft. The rule also identifies 26 "Red Flags" that are indicators of the risk of identity theft. Not all of the red flags will apply to your practice, and you may identify additional red flags as you evaluate your practice. The 26 identified "Red Flags" fall into 5 categories:
Q:How is my practice affected by the "Red Flags" Rule? A:Any veterinary practice that receives payment after services are provided, even if it's collected in full after the animal is discharged from the hospital, is considered a "creditor" under the law. On the other hand, requiring payment before or at the time of service, or simply accepting credit cards as a form of payment at the time of service, do not make you a creditor under the rule. The "Red Flags" Rule establishes new protocols for creditors to take additional steps to prevent, detect and mitigate identity theft. Q:Will I need to drastically change the operation of my practice to comply with the "Red Flags" Rule? A:Not likely. Odds are you're already taking many of the recommended measures, so the training and documentation will be the main things you'll need to do. Q:When does the "Red Flags" Rule take effect? A:The FTC has announced that enforcement will begin on April 1, 2010. Q:How do I comply with the "Red Flags" Rule? A:Compliance with the Rule means developing a written document that thoroughly details the measures your practice will take to protect the personal identifying information of its employees and clients. As always, a written plan is worthless unless all of the staff understand and implement the plan; therefore, all staff must be trained and sign documents that confirm they have been trained. Last, but not least, all vendors and service providers who have physical or electronic access to sensitive information (e.g., insurance agents, accountants, copier companies, cleaning services, etc.) should be contacted and notified that you also expect them to comply with the Rule and take all reasonable measures to protect the practice's information as well as those of the clients. Documentation in writing of your program is critical; not just the policy and its updates, but also the training and notifications. A:There are a couple of certified risk management specialist organizations that have partnered with the AVMA to provide online training. Accurate Data Partners and PrivacyEdge provide fee-based training programs that help bring parctices into compliance. You may also consult your own attorney or hire a consultant knowledgeable about risk management, identity theft and the "Red Flags" Rule to help you develop your compliance plan. Or, you can try it on your own. The third option comes with a fair amount of risk and a potentially significant investment of your time. Q:Is there a template I can use for my practice's plan? A:There isn't really a "one size fits all" template that is applicable to all veterinary practices, because the red flags may vary from practice to practice, depending on the business practices used. Q:Is there a step-by-step guide that will help me develop my practice's plan? A:Yes. The AVMA has developed a guide with examples, and the FTC has recently released a "Do-It-Yourself Program for Businesses at Low Risk for Identity Theft" document to provide guidance. Q:What does it mean if I'm not ready by November 1? What will the FTC do? A: No, the FTC's not going to come knocking on your door on April 2 to take you to jail or impose fines. In fact, very little is likely to happen...unless an identity theft incident occurs that may involve your practice. As the FTC investigates the incident, they will evaluate your practice for compliance with the Rule. If you are not in compliance, it is too late to develop and implement a program, and you will likely open up your liability to law suits in addition to government sanctions. Q:What are the consequences of noncompliance with the "Red Flags" Rule? A: If an incident occurs and the FTC's investigation reveals your practice did not act reasonably to prevent the identity theft, you will be in violation of federal law. You may be subject to civil liability, business-to-business liability, government civil liability, and state and federal criminal liability suits. Fines and jail time may be involved. In addition, don't overlook the potential damage to your business and your reputation. Some of this damage may be irreparable.
|