2. Mary Louisa L’Hommedieu is experienced in a wide variety of corporate, health care, and employment matters. She devotes a substantial portion of her practice to the resolution of business and regulatory disputes in the health care, long-term care and pharmacy industries. She has litigated numerous cases in state and federal courts and before administrative bodies, and has authored articles and presented seminars on corporate, health care, employment and real estate topics. Prior to joining the firm, Mary Louisa served as a judicial attorney for the Honorable William B. Hoffman of the Fifth District Court of Appeals, and as judicial attorney for the Honorable Patricia A. Cosgrove of the Summit County Court of Common Pleas. She graduated cum laude from the University of Akron School of Law in 1996, where she was a member and an Associate Editor of the Akron Law Review. Mary Louisa is a member of the Cleveland and Ohio Bar Associations, as well as a member of the American Health Lawyers Association, OHCA (where she serves on the Facility Standards Committee), and AOPHA. She lives in Hudson, Ohio with her husband and two children.
3. The Red Flags Rule: Overview What is the Red Flags Rule? Who must comply? What you have to do: Implement a written Identity Theft Prevention Program Steps to a compliant plan Penalties for failure to comply Questions and Answers
4. The Red Flags Rule: What is it? What is the Red Flags Rule? Requires all financial institutions and creditors to implement written programs to detect, prevent and mitigate identity theft Rule has been in effect since January 1, 2008, with enforcement scheduled to begin November 1, 2009.
5. Who must comply? Financial Institutions “Financial Institutions” include: All banks, saving associations, and credit unions (even if they do not hold transaction accounts belonging to a consumer) Any other person or business that directly or indirectly holds a transaction account belonging to a consumer
6. Who must comply? Creditors “Creditors” include: Definition is broad Any business or organization that regularly defers payment for goods or services: Utility companies Health care providers Telecommunications companies Professional service providers
7. Who must comply? Creditors “Creditors” include: One who regularly grants loans, arranges for loans or the extension of credit or makes credit decisions Finance companies Mortgage brokers Real estate agents Automobile dealers Retailers offering financing
8. Who must comply? Creditors “Creditors” include: Anyone who regularly participates in the decision to extend, renew or continue credit Third-Party debt collectors
9.
10.
11. Who must comply? Covered Accounts Two kinds of “Covered Accounts” Consumer Account Primarily for personal family or household purpose Involves or is Designed to permit multiple payments Credit card account Mortgage loan Automobile loan Margin account Cell phone account Utility account
12.
13. Who must comply? Covered Accounts “Covered Accounts” Also consider how the account is opened: Remote access? Higher potential for Identity Theft
14. How to Comply: The Written Plan Identity Theft Prevention Program Written Plan Four Elements: Reasonable policies to identify the “red flags” of identity theft Program must be designed to detect the red flags Spell out appropriate actions Planned re-evaluation
15. How to Comply: The Written Plan Identity Theft Prevention Program Reasonable policies to identify the “red flags” of identity theft Red Flags defined Analysis of red flags applicable to your operation
16. How to Comply: The Written Plan Identity Theft Prevention Program Program must be designed to detect the red flags Once red flags identified, develop specific policies and procedures to detect Example: Fake Id Policy to detect possible forgeries
17. How to Comply: The Written Plan Identity Theft Prevention Program Spell out appropriate actions Develop specific policies to deal with red flags when they appear Reporting Safety
18. How to Comply: The Written Plan Identity Theft Prevention Program Planned Re-evaluation Time frame for re-evaluation fluid “Periodically”
19. How to Comply: Steps to a Compliant Plan Incorporation of the Rules Board of Directors must approve Plan If no Board, must be approved by President, COO, or Senior Level employee Plan must specifically state who is responsible for implementation and administration Plan must provide for adequate staff to implement and administer If outsourced, must demonstrate who in company will monitor compliance of outside contractors
20. Penalties for failure to comply Enforcement begins November 1, 2009 Previous delays $2,500 per violation What is a violation?
21. Mary Louisa L’Hommedieu, Esq. 28601 Chagrin Boulevard, Suite 500 Woodmere, Ohio 44122 216-831-0042 216-831-0542 (fax) mlhommedieu@meyersroman.com