1,707
edits
Line 65: | Line 65: | ||
The Compliance Officer shall further investigate the matter, implementing the Information Security Incident Reporting and Response and/or the Privacy Incident Response Plan Procedures as appropriate. If identity theft is confirmed, the following actions will be taken in coordination with the department managing the Covered Account to mitigate harm, as appropriate, based on the individual circumstances:<br /><br /> | The Compliance Officer shall further investigate the matter, implementing the Information Security Incident Reporting and Response and/or the Privacy Incident Response Plan Procedures as appropriate. If identity theft is confirmed, the following actions will be taken in coordination with the department managing the Covered Account to mitigate harm, as appropriate, based on the individual circumstances:<br /><br /> | ||
# Notify campus security | |||
# Notify the Covered Account holder if the holder is the identity theft victim | |||
# Notify the lending institution for student loans or the appropriate UNMC department that awards student aid loans to students/third party student loan service providers | |||
# Notify the campus billing office and third party payers for patient accounts | |||
# Notify consumer reporting agency about address discrepancies associated with credit reports received | |||
# Notify the State Patrol | |||
# File a report with the local police department | |||
# Correct any erroneous information associated with the account. For patients, notify the Health Information Management Department Manager of Information Logistics so medical information can be adjusted if necessary. | |||
# Establish Red Flag alerts to notify relevant employees of suspected identity theft (i.e. notes in Covered Account information systems or files, etc.) | |||
# Request additional information as required to verify identity | |||
# Change passwords and security codes as appropriate to further secure access to the account. | |||
# Reopen a covered account with a new account number, close an existing account, and decline to open a new covered account as appropriate | |||
# Attempt to identify the source of the Red Flag and take appropriate steps to prevent additional identity thefts. | |||
== Oversight of Service Providers == | == Oversight of Service Providers == | ||