In our rapidly changing healthcare environment, dentists need to understand not only what compliance requirements they need to meet, but how to use that compliance to strengthen their practice and build trust with patients.
4. Our goals today
⣠To give you the WHATâŠ
⣠The FTCâs Red Flag Rules
2
5. Our goals today
⣠To give you the WHATâŠ
⣠The FTCâs Red Flag Rules
⣠...review the HOWâŠ
2
6. Our goals today
⣠To give you the WHATâŠ
⣠The FTCâs Red Flag Rules
⣠...review the HOWâŠ
⣠demo the idBUSINESS Red Flag Compliance
Module
2
7. Our goals today
⣠To give you the WHATâŠ
⣠The FTCâs Red Flag Rules
⣠...review the HOWâŠ
⣠demo the idBUSINESS Red Flag Compliance
Module
⣠but also give you the WHY
2
8. Our goals today
⣠To give you the WHATâŠ
⣠The FTCâs Red Flag Rules
⣠...review the HOWâŠ
⣠demo the idBUSINESS Red Flag Compliance
Module
⣠but also give you the WHY
⣠Why information security should be a part of
your business
2
9. An issue of
PATIENT CARE
âThe possibility for medical identity theft
gives rises to a duty to monitor for the
potential that patients may be victims. The
prudent provider will also monitor employee
and vendor access to patient data.â
- World Privacy Forum, 9/24/08
3
11. What this means
⣠Medical identity theft is on the rise
⣠Costs $192 per record to restore
⣠Often an inside job
⣠Organized crime is involved
4
12. What this means
⣠Medical identity theft is on the rise
⣠Costs $192 per record to restore
⣠Often an inside job
⣠Organized crime is involved
⣠Dental offices are unique
⣠Reliance on office manager to run operations
⣠No line between your brand and your name
4
13. The Opportunity
⣠There is a unique opportunity to grow a
practice by leveraging strong information
security policy and sharing it with patients
⣠Build trust with patients
⣠Strengthen employee relationships
⣠Tighten operations with vendors
5
14. The facts
30%
40%
60%
70%
Business has suffered breach Thief is employee or knows employee
Business has yet to incur a breach Thief is unknown
âą Since 2/15/05, over 251,000,000 Americans have had
identities or other personal information compromised
6
15. The facts
The average breach and its impact on customer confidence is growing.
58% of customers will
lose conïŹdence in your
business after a breach.
31% of your customers
will immediately cease
doing business with
you following a breach.
Source: Ponemon Institute, 2008.
7
17. The Red Flag Rules
⣠Sections 114 & 315 of the Fair and Accurate
Credit Transactions Act
8
18. The Red Flag Rules
⣠Sections 114 & 315 of the Fair and Accurate
Credit Transactions Act
⣠Applies to you if:
8
19. The Red Flag Rules
⣠Sections 114 & 315 of the Fair and Accurate
Credit Transactions Act
⣠Applies to you if:
⣠you hold âcovered accountsâ
8
20. The Red Flag Rules
⣠Sections 114 & 315 of the Fair and Accurate
Credit Transactions Act
⣠Applies to you if:
⣠you hold âcovered accountsâ
⣠your customer records present a âreasonably
foreseeable risk of identity theftâ
8
21. Why are dentists
COVERED ENTITIES?
⣠Accepting insurance
⣠Deferral of 100% of payment, you collect
enough patient data to collect the remainder
that insurance does not pay.
⣠Reasonably foreseeable risk
⣠Your patient files are a treasure trove
⣠Each record worth between $80-300 each*
* Source: Black Market Identity Auction attended by Net Reaction mole, 2008.
9
24. Red Flag
REQUIREMENTS
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
10
25. Red Flag
REQUIREMENTS
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
10
26. Red Flag
REQUIREMENTS
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
4. Must deliver compliance report on at least an annual basis
10
27. Red Flag
REQUIREMENTS
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
4. Must deliver compliance report on at least an annual basis
5. Must contain mechanism to train employees
10
28. Red Flag
REQUIREMENTS
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
4. Must deliver compliance report on at least an annual basis
5. Must contain mechanism to train employees
6. Must contain an incident response capability
10
29. Red Flag
REQUIREMENTS
1. A Written Information Security Program
2. Controls to prevent and mitigate the risks associated with
identity theft
3. Must be administered by a board of directors or a member
of senior management
4. Must deliver compliance report on at least an annual basis
5. Must contain mechanism to train employees
6. Must contain an incident response capability
7. Must ensure that vendors and suppliers are also compliant
10
30. âWhat happens
if I donât comply?â
âą Noncompliance carries several penalties
â Civil Liability
â Class-Action Lawsuits
â Federal Fines
â State Fines
11
31. âDidnât the ADA
send me something?â
âą The ADAâs written template still leaves you
vulnerable:
â No vendor integrity assessment
â No employee training, just signature line
â No mitigation of damages in the event of an incident
âą Who will you call when you have a question?
âą No context of how Red Flag Policy fits into your business
â Whatâs worth doing is worth doing right.
â Missing an opportunity to GROW your practice
12
32. The solution
⣠The idBUSINESS Red Flag Compliance Module
⣠Built on real-world forensic fieldwork
⣠Includes tools & benefits that actively involve
employees in your compliance efforts
⣠Transitions information security from a
compliance issue into a competitive advantage
13
35. The Red Flag
Compliance Module
⣠Risk Assessment tool provides ranking of your
company in 12 key focus areas
16
36. The Red Flag
Compliance Module
⣠Customizable checklist of 26 Red Flags to meet
requirements of FACT Act
17
37. The Red Flag
Compliance Module
⣠Employee training automated & easy, integrates
automatically with your compliance report
18
38. The Red Flag
Compliance Module
⣠Ability to evaluate supplier compliance practices using
19
39. The Red Flag
Compliance Module
⣠Access individual identity recovery protection using
FraudStop and Restore from ID Experts
⣠Available as employee benefit, cafeteria-style add-on,
customer blanket, or new revenue stream
⣠In the event of a breach, one-click access to best-in-
breed data breach services and forensic services
20
40. So Iâm compliant...
⣠NOW WHAT?
⣠Donât let it sit on a shelf
⣠Talk to your employees
⣠Talk to your patients
⣠Use your policy as a practice-building tool
21
41. A final word
⣠âI understand the mindset of other dentists in practice for themselves, and that it is easy
to minimize identity theft as a business threat or a patient care issue. It is low on their
list of priorities, which is unfortunate because if and when a patient data breach occurs,
we are by law responsible. I personally would recommend that dentists act with a sense
of urgency to become compliant with the FTC âRed Flag Rulesâ both to avoid penalty
and to protect your patients from a life-wrenching identity theft experience. Youâll be
protecting yourself as well, and as a result, will sleep better at night.â
Dr. Miles Collett, DDS
22
42. Thank you!
⣠To learn more, please visit idBUSINESS.com
⣠Discounts are available for some dental
associations - check with your association or call
Carla Adams, 303-810-3091
23