Red Flag Identity Theft Prevention Program: Difference between revisions

no edit summary
(Created page with "POLICY NO: '''6011'''<br /> EFFECTIVE DATE: '''01/13/10'''<br /> REVISED DATE:<br /> REVIEWED DATE:<br /> == Basis for Policy == Regents Policy 6.6.12, Red Flag Identit...")
 
No edit summary
Line 1: Line 1:
[[Human Resources]] | [[Safety/Security]] | [[Research Compliance]] | '''[[Compliance]]''' | [[Privacy/Information Security]] | [[Business Operations]] | [[Intellectual Property]]
<br /><br />
[[Compliance Program]] | [[Compliance Hotline]] | [[Investigations by Third Parties]] | [[Research Integrity]] | [[Copyright]] | [[Export Control]] | [[Code of Conduct]] | [[Use of Human Anatomical Material]] | [[Clinical Trial Fee Billing Procedures]] | [[Contracts Policy]] | [[Conflict of Interest]] | [[Red Flag Identity Theft Prevention Program]] | [[Principles of Financial Stewardship]] | [[Human Tissue Use & Transfer]]
<br /><br />
POLICY NO: '''6011'''<br />
POLICY NO: '''6011'''<br />
EFFECTIVE DATE: '''01/13/10'''<br />
EFFECTIVE DATE: '''01/13/10'''<br />
REVISED DATE:<br />
REVISED DATE:<br />
REVIEWED DATE:<br />
REVIEWED DATE:<br />
 
<br /><br />
   
<big>Red Flag Identity Theft Prevention Program</big> 
== Basis for Policy ==
== Basis for Policy ==
Regents Policy 6.6.12, Red Flag Identity Theft Prevention Program; UNMC Policy No. 6055, Fraud.
Regents Policy 6.6.12, Red Flag Identity Theft Prevention Program; UNMC Policy No. 6055, Fraud.
      
      
== Purpose ==
== Purpose ==
The University of Nebraska Medical Center Red Flag Identity Theft Prevention Program is designed to reduce the risk of identity theft through detection, prevention and mitigation of patterns, practices or activities related to covered accounts ("Red Flags") that could be indicative of potential identity theft. The Fair and Accurate Credit Transactions Act (FACTA) contains program requirements at 16 CFR 681.<br /><br />
The University of Nebraska Medical Center Red Flag Identity Theft Prevention Program is designed to reduce the risk of identity theft through detection, prevention and mitigation of patterns, practices or activities related to covered accounts ("Red Flags") that could be indicative of potential identity theft. The Fair and Accurate Credit Transactions Act (FACTA) contains program requirements at 16 CFR 681.<br /><br />


Line 19: Line 21:
              
              
* an account that UNMC offers or maintains primarily for personal, family or household purposes, that involves or is designed to permit multiple payments or transactions and
* an account that UNMC offers or maintains primarily for personal, family or household purposes, that involves or is designed to permit multiple payments or transactions and
*             any other account that UNMC offers or maintains for which there is a reasonably foreseeable risk of identity theft to the customer (i.e. students and/or patients).<br />
* any other account that UNMC offers or maintains for which there is a reasonably foreseeable risk of identity theft to the customer (i.e. students and/or patients).<br />
''Creditor'' means any person or organization that extends, renews, or continues credit, including UNMC, who accepts multiple payments over time for services rendered.<br />
''Creditor'' means any person or organization that extends, renews, or continues credit, including UNMC, who accepts multiple payments over time for services rendered.<br />
''Customer'' means a student, patient or other individual receiving UNMC services.<br />
''Customer'' means a student, patient or other individual receiving UNMC services.<br />
Line 32: Line 34:
          
          
* Student loans
* Student loans
*         Student accounts
* Student accounts
*         Patient accounts
* Patient accounts
    
    
== Identifying Red Flags ==
== Identifying Red Flags ==
Line 40: Line 42:
          
          
* Alerts, notifications or warnings from a consumer reporting agency, including notices of credit freezes, notices of address discrepancies, and receipts of consumer reports showing patterns of activities that are inconsistent with the history and usual pattern of activity of the account holder.
* Alerts, notifications or warnings from a consumer reporting agency, including notices of credit freezes, notices of address discrepancies, and receipts of consumer reports showing patterns of activities that are inconsistent with the history and usual pattern of activity of the account holder.
*         Address discrepancies that cannot be explained.
* Address discrepancies that cannot be explained.
*         Suspicious documents, including:
* Suspicious documents, including:
              
              
::photographs or physical descriptions that are inconsistent with the individual presenting the document;
::photographs or physical descriptions that are inconsistent with the individual presenting the document;
::           incomplete, altered, forged, or inauthentic documents; or
::incomplete, altered, forged, or inauthentic documents; or
::           other personal identifying information that is inconsistent with information on file with the University.
::other personal identifying information that is inconsistent with information on file with the University.  
          
          
* Complaints or questions from customers about charges to a covered account for goods/services they claim were never received.
* Complaints or questions from customers about charges to a covered account for goods/services they claim were never received.
*         Suspicious activity related to a Covered Account, including:
* Suspicious activity related to a Covered Account, including:
              
              
::unusual use of accounts that have been previously inactive for a lengthy period of time,
::unusual use of accounts that have been previously inactive for a lengthy period of time,
::           mail being returned as undeliverable although transactions continue to be conducted in connection with the covered account;
::mail being returned as undeliverable although transactions continue to be conducted in connection with the covered account;
::           unauthorized account changes or transactions.
::unauthorized account changes or transactions.
          
          
* Notice from customers, victims of identity theft, law enforcement authorities or other individuals regarding possible identity theft in connection with UNMC Covered Accounts.
* Notice from customers, victims of identity theft, law enforcement authorities or other individuals regarding possible identity theft in connection with UNMC Covered Accounts.  
      
      
== Detecting Red Flags ==
== Detecting Red Flags ==
Line 63: Line 63:
              
              
* Obtain appropriate personal identifying information (e.g. photo identification, date of birth, academic status, user name and password, address, etc.) prior to opening or allowing access to a covered account; or prior to issuing a new or replacement ID card.
* Obtain appropriate personal identifying information (e.g. photo identification, date of birth, academic status, user name and password, address, etc.) prior to opening or allowing access to a covered account; or prior to issuing a new or replacement ID card.
*             When certain changes are made to Covered Accounts online, the account holder shall receive notification to confirm the change is valid.
* When certain changes are made to Covered Accounts online, the account holder shall receive notification to confirm the change is valid.
*             Verify the accuracy of changes made to Covered Accounts that appear to be suspicious.<br /><br />
* Verify the accuracy of changes made to Covered Accounts that appear to be suspicious.<br /><br />
Information systems containing Covered Account information shall be monitored by the appointed information system custodian/administrator to detect any unusual user activity that could indicate improper access to and/or use of consumer information.  
Information systems containing Covered Account information shall be monitored by the appointed information system custodian/administrator to detect any unusual user activity that could indicate improper access to and/or use of consumer information.  
      
      
Line 74: Line 74:
          
          
* Notify campus security
* Notify campus security
*         Notify the Covered Account holder if the holder is the identity theft victim
* Notify the Covered Account holder if the holder is the identity theft victim
*         Notify the lending institution for student loans or the appropriate UNMC department that awards student aid loans to students/third party student loan service providers
* Notify the lending institution for student loans or the appropriate UNMC department that awards student aid loans to students/third party student loan service providers
*         Notify the campus billing office and third party payers for patient accounts
* Notify the campus billing office and third party payers for patient accounts
*         Notify consumer reporting agency about address discrepancies associated with credit reports received
* Notify consumer reporting agency about address discrepancies associated with credit reports received
*         Notify the State Patrol
* Notify the State Patrol
*         File a report with the local police department
* File a report with the local police department
*         Correct any erroneous information associated with the account. For patients, notify the Health Information Management Department Manager of Information Logistics so medical information can be adjusted if necessary.
* Correct any erroneous information associated with the account. For patients, notify the Health Information Management Department Manager of Information Logistics so medical information can be adjusted if necessary.
*         Establish Red Flag alerts to notify relevant employees of suspected identity theft (i.e. notes in Covered Account information systems or files, etc.)
* Establish Red Flag alerts to notify relevant employees of suspected identity theft (i.e. notes in Covered Account information systems or files, etc.)
*         Request additional information as required to verify identity
* Request additional information as required to verify identity
*         Change passwords and security codes as appropriate to further secure access to the account.
* Change passwords and security codes as appropriate to further secure access to the account.
*         Reopen a covered account with a new account number, close an existing account, and decline to open a new covered account as appropriate
* Reopen a covered account with a new account number, close an existing account, and decline to open a new covered account as appropriate
*         Attempt to identify the source of the Red Flag and take appropriate steps to prevent additional identity thefts.
* Attempt to identify the source of the Red Flag and take appropriate steps to prevent additional identity thefts.
      
      
== Oversight of Service Providers ==
== Oversight of Service Providers ==
Line 100: Line 100:
          
          
* a summary of Red Flag Rule monitoring activities;
* a summary of Red Flag Rule monitoring activities;
*         a description of any identity theft incidents that have occurred and the response to them; and
* a description of any identity theft incidents that have occurred and the response to them; and
*         any recommended Red Flag Identity Theft Program changes.<br /><br />
* any recommended Red Flag Identity Theft Program changes.<br /><br />  


The University of Nebraska Internal Audit Department shall report information from the administrative units to the Audit Committee of the Board of Regents annually as required by the FACTA regulations. The Board of Regents shall approve material changes to the Red Flag Identity Theft Prevention program. <br /><br />
The University of Nebraska Internal Audit Department shall report information from the administrative units to the Audit Committee of the Board of Regents annually as required by the FACTA regulations. The Board of Regents shall approve material changes to the Red Flag Identity Theft Prevention program. <br /><br />


For additional information, please contact Compliance Officer.<br /><br />
For additional information, please contact [mailto:swrobel@unmc.edu Compliance Officer].<br /><br />


This page maintained by dkp.
This page maintained by [mailto:dpanowic@unmc.edu dkp].