Internet2 Health Network Initiative Security Group. Co-Chairs Bob Meeker Sean Lynch Internet2 Program Office Department of Veterans Affairs

Size: px
Start display at page:

Download "Internet2 Health Network Initiative Security Group. Co-Chairs Bob Meeker Sean Lynch Internet2 Program Office Department of Veterans Affairs"

Transcription

1 Internet2 Health Network Initiative Security Group Co-Chairs Bob Meeker Sean Lynch Internet2 Program Office Department of Veterans Affairs

2 1. Federal Security Regulations in RHCPP Partnerships Presentation & Discussion 2. 3 rd Party Security/Network Operations Center Support for RHCPPs A concept discussion 3. SEC-WG Action for the Future Round Table

3 1. Federal Security Regulations in RHCPP Partnerships Presentation & Discussion 2. 3 rd Party Security/Network Operations Center Support for RHCPPs A concept discussion 3. SEC-WG Action for the Future Round Table

4 The HIPAA Security Rule Confidentiality & Integrity Entities that manage patient data need to protect that data by making sure it stays confidential, that it isn't altered, and can't be accessed by those not authorized. FTC Red Flag Rule Confidentiality Requires financial institutions to implement a program to detect, prevent and mitigate instances of identity theft. SOX Confidentiality, Integrity & Availability Establishes a requirement for public corporations to install security controls on their system and report on the effectiveness of the controls annually. In the same report, their certified accounting firms must attest to the Corporation s statement and assessment. FISMA Confidentiality, Integrity & Availability Establishes a risk-based policy for cost-effective security in Federal government systems. It is probably the most thorough of the regulations in terms of identifying risk, the selection of required security controls, the assessment of the implementation of those controls, and reporting the status of the controls. 4

5 FISMA HIPAA Security Rule Sarbanes- Oxley (SOX) FTC Red Flag Rule 5

6 Deployment of a series of administrative, technical, and physical security procedures for use by covered entities to assure the confidentiality and integrity of electronic protected health information HIPAA Security Rule 6

7 Who is Subject to the Standard? Covered Health Care Providers Any provider of medical or other health care services or supplies who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard Health Plans Any individual or group plan that provides or pays the cost of health care (e.g., a health insurance issuer and the Medicare and Medicaid programs) Health Care Clearinghouses A public or private entity that processes another entity s health care transactions from a standard format to a non-standard format, or vice-versa HIPAA Security Rule 7

8 The Business Associate Escape Hatch Protected health information covered entities may be disclosed to a business associate to help the covered entity carry out its health care functions A covered entity must obtain satisfactory assurances in writing that the business associate will appropriately safeguard the protected health information it receives or creates on behalf of the covered entity The document may be a contract or other agreement between the covered entity and the business associate This is going away! HIPAA Security Rule 8

9 $100 for each violation The total amount imposed for all violations of an identical requirement or prohibition during a calendar year may not exceed $25,000 HIPAA Security Rule 9

10 Business Associates must now comply directly with the Security Rule Disclosure accounting requirements must be maintained for disclosure of an electronic health record for treatment, payment or healthcare operations. (Effective date between Jan. 1, 2011 and Jan. 1, 2014) Each individual affected by a security breach must be notified by the entity or business associate that had the breach HHS must issue, and annually update, guidance specifying the technologies and methodologies that will render EPHI secure General effective date is February 17, 2010 HIPAA Security Rule 10

11 Compliance with a patient restriction request is required if the disclosure is to a health plan for purposes of carrying out payment or health care operations (not treatment) and the PHI pertains solely to a health care item or service for which the health care provider has been paid in full Sale of Electronic Health Records, or PHI, is expressly prohibited without patient approval Vendors of personal health records are now subject to HIPAA Periodic audits" by HHS are required to ensure compliance by business associates and covered entities HIPAA Security Rule 11

12 Violations due to "reasonable cause and not to willful neglect Violations due to willful neglect Corrected violations Violations due to willful neglect Violations not corrected properly $1,000 for each violation $10,000 for each violation $50,000 for each violation $100,000 maximum penalty during a calendar year $250,000 maximum penalty during a calendar year $1,500,000 maximum penalty during a calendar year HIPAA Security Rule 12

13 State attorney generals can now bring a HIPAA enforcement action for rules violation States may not initiate action while a Federal action is in progress Individuals affected by a HIPAA violation will be able to receive a percentage of any civil monetary penalty or monetary settlement HIPAA Security Rule 13

14 FISMA HIPAA Security Rule Sarbanes- Oxley (SOX) FTC Red Flag Rule 14

15 Develop and implement a written Identity Theft Prevention Program (ITPP) to detect, prevent, and mitigate identity theft in connection with the opening of certain accounts or certain existing accounts FTC Red Flag Rule 15

16 The Program must include four elements as reasonable policies and procedures Identify relevant Red Flags for covered accounts and incorporate those Red Flags into the Program Detect Red Flags that have been incorporated into the Program Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft Ensure the Program is updated periodically, to reflect changes in risks to customers, or to the safety and soundness of the financial institution, or creditor from identity theft FTC Red Flag Rule 16

17 The initial written Program must be approved by the board of directors or a committee of the board The board or a senior executive must have oversight of the development, implementation and administration of the Program Staff must be trained in the Program Oversight authority includes the administration of service provider arrangements FTC Red Flag Rule 17

18 Creditors" with covered accounts A creditor is any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit Non-profit and government entities that defer payment for goods and services are considered creditors Accepting credit cards as a form of payment does not make you a creditor FTC Red Flag Rule 18

19 A covered account is An account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions Any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft FTC Red Flag Rule 19

20 Effectively, anyone that extends credit to consumers comes under the FTC's Red Flag Rule If you accept payment after services are rendered, it is very likely that Red Flag applies to you. Check with your legal department FTC Red Flag Rule 20

21 States may impose a $1,000 penalty if there is no Federal action Penalties imposed by the FTC for violations may not exceed $2,500 per infraction FTC Red Flag Rule 21

22 FISMA HIPAA Security Rule Sarbanes- Oxley (SOX) FTC Red Flag Rule 22

23 Corporations are required to publish information in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting The firm s registered accounting firm must, in the same report, attest to and report on the assessment of the effectiveness of the internal control structure and procedures for financial reporting The emphasis is on the accuracy and authenticity of the annual financial statements Sarbanes-Oxley (SOX) 23

24 Applies to all Public Companies Exceptions for Smaller Public Companies: Management assessment delayed until 2007 annual report (Last year) Auditor's attestation delayed until 2008 annual reports (This Year) If you are a public corporation, you are probably undergoing assessments and creating corrective action plans for your deficiencies under the watchful eye of your corporation s registered accounting firm Sarbanes-Oxley (SOX) 24

25 The Public Company Accounting Oversight Board (PCAOB) was created by the Act to: - Develop Standards and Related Rules - Certify Public Accounting Firms SOX is part of the federal code that empowers the FTC with regulatory and enforcement responsibilities Sarbanes-Oxley (SOX) 25

26 Fines and/or up to 20 years imprisonment for altering, destroying, mutilating, concealing, falsifying records, documents or tangible objects with the intent to obstruct, impede or influence a legal investigation Fines and/or imprisonment up to 10 years for any accountant who knowingly and willfully violates the requirements of maintenance of all audit or review papers for a period of 5 years Fines and/or imprisonment up to 10 years for anyone who knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any federal offense Sarbanes-Oxley (SOX) 26

27 FISMA HIPAA Security Rule Sarbanes- Oxley (SOX) FTC Red Flag Rule 27

28 Title III of the E-Government Act of 2002, the Federal Information Security Management Act (FISMA) Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources FISMA 28

29 Each federal agency must develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source FISMA 29

30 For each system: Develop a Plan for security Ensure that appropriate officials are assigned security responsibility Periodically review the security controls in their information systems Authorize system processing prior to operations and, periodically, thereafter Develop a Contingency Plan FISMA 30

31 Who is subject to the Standard? All non-classified Federal Civilian IT Systems including those provided or managed by another agency, contractor, or other source Each agency varies in how it applies FISMA to contractor systems In general, if it has a contract with a Federal agency and 1. Performs data processing for the agency or 2. Has an IT support system that is a repository for agency data or 3. Produces planning or engineering data for the agency You will be subject to FISMA in some form FISMA 31

32 Each agency is responsible for performing a Certification and Accreditation (C&A) on all systems at least once every three years or when significant changes are made to the system Financial systems have an annual C&A requirement For systems having a Moderate or High sensitivity, the assessment must be performed by an independent party Deficiencies are recorded and tracked in Corrective Action Plans (CAP) and reported to OMB, quarterly The Department IG reviews agency C&As to verify that defined process is followed to insure the Authorizing Official has a clear understanding of the risk associated with a system FISMA 32

33 Loss of authority to operate (for contractors possible termination of contract) Loss of system funding except to correct deficiencies In some cases, the opportunity to testify before Congress FISMA 33

34 34

35 All of the standards codify best practices in IT and security including: Documentation (Policy, Procedures, Product, etc.) Separation of duties Minimum privilege Change Management Access Control (Generally, RBAC) & Management Contingency Planning Prudence and due diligence Summary 35

36 All of the standards promote a risk management approach to security in their respective areas of interest All of the standards provide for cost benefit trade-offs in applying controls including consideration for company environment SOX and FISMA include controls that address the other standards Summary 36

37 The Application of these standards to a RHCPP will be determined by the services provided by the entity. If the RHCPP is a legal association of independent businesses to obtain telecommunications services for all, it may be that none of the standards apply. HIPAA No use, storage or visibility of EPHI Red Flag No credit to the public SOX A public corporation subject to FTC regulation? FISMA Carriers are not subject to FISMA, the RHCPP entity is equivalent to a carrier. The system owner is responsible for assuring security Summary 37

38 RHCPP services or characteristics which would be subject to security standards: Administrative, Billing, Payment HIPAA, Red Flag (?) HIE, Central Health Record Storage HIPAA Regional Health Information Organizations HIPAA In the unlikely event that a RHCPP is a public corporation subject to FTC regulation, do not forget SOX Summary 38

39 If the RHCPP entity provides SOC/NOC services, the services should be compliant with HIPPA and FISMA controls If the RHCPP entity provides telecommunications for disaster recovery, it should be designed for compliance with HIPAA and FISMA controls Summary 39

40 FTC Red Flag and HIPAA are the likely standards that will apply to members of an RHCPP consortium HIPAA is a sure thing FTC Red Flag is punishment for the good deed of payment plans for a patient SOX compliance is a benefit of going public (Corporate IPOs) FISMA compliance may stem from collaboration with a Federal Agency Summary 40

41 FISMA HIPAA Security Rule Sarbanes- Oxley (SOX) FTC Red Flag Rule 41

42 FISMA HIPAA Security Rule Sarbanes- Oxley (SOX) FTC Red Flag Rule 42

43 Detailed Standards are referenced in the following publication: Department of Health and Human Services Office of the Secretary 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule securityfinalrule.pdf HIPAA Security Rule 43

44 HIPAA Security Educational Paper Series (CMS) Seven papers providing guidance on the implementation of the standards developed by CMS The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (HHS OCR & ONC) Establishes the roles of individuals and the responsibilities of those who hold and exchange electronic individually identifiable health information through a network The Health IT Privacy and Security Toolkit (HHS ONC) Tools for implementing the Privacy and Security Framework HIPAA Security Rule 44

45 Covered Entity Charts (CMS) CoveredEntitycharts.pdf An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (NIST SP Rev 1, Oct 2008) Revision1.pdf HIPAA Security Rule 45

46 1. A fraud alert included with a consumer report 2. Notice of a credit freeze in response to a request for a consumer report 3. A consumer-reporting agency providing a notice of address discrepancy 4. Unusual credit activity, such as an increased number of accounts or inquiries 5. Documents provided for identification appearing altered or forged 6. Photograph on ID inconsistent with appearance of customer 7. Information on ID inconsistent with information provided by person opening account 8. Information on ID, such as signature, inconsistent with information on file at financial institution FTC Red Flag Rule 46

47 9. Application appearing forged or altered or destroyed and reassembled 10. Information on ID not matching any address in the consumer report, Social Security number has not been issued or appears on the Social Security Administration's Death Master File, a file of information associated with Social Security numbers of those who are deceased 11. Lack of correlation between Social Security number range and date of birth 12. Personal identifying information associated with known fraud activity 17. Suspicious addresses supplied, such as a mail drop or prison, or phone numbers associated with pagers or answering service 18. Social Security number provided matching one submitted by another person opening an account or other customers FTC Red Flag Rule 47

48 15. An address or phone number matching one supplied by a large number of applicants 16. The person opening the account unable to supply identifying information in response to notification that the application is incomplete 17. Personal information inconsistent with information already on file at financial institution or creditor 18. Person opening account or customer unable to correctly answer challenge questions 19. Shortly after change of address, creditor receiving request for additional users of account 20. Most of available credit used for cash advances, jewelry or electronics, plus customer fails to make first payment FTC Red Flag Rule 48

49 21. Drastic change in payment patterns, use of available credit or spending patterns 23. An account that has been inactive for a lengthy time suddenly exhibiting unusual activity 24. Mail sent to customer repeatedly returned as undeliverable despite ongoing transactions on active account 25. Financial institution or creditor notified that customer is not receiving paper account statements 26. Financial institution or creditor notified of unauthorized charges or transactions on customer's account 27. Financial institution or creditor notified that it has opened a fraudulent account for a person engaged in identity theft FTC Red Flag Rule 49

50 ID Theft Red Flags EDUCAUSE CONNECT [Term View] The Red Flags Rule: What Heath Care Providers Need to Know About Complying with New Requirements for Fighting Identity Theft Agencies Issue Final Rules on Identity Theft Red Flags FTC's red flag rules cast wide identity theft net - Network World FTC Red Flag Rule 50

51 Auditing Standard No. 5: An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements Standards_and_Related_Rules/Auditing_Standard_No. 5.aspx Sarbanes-Oxley (SOX) 51

52 The Sarbanes-Oxley Act SOX Internal Control Reporting Provisions Spotlight on: Sarbanes-Oxley Rulemaking and Reports Sarbanes-Oxley Section 404: A Guide for Small Business NIST - RBAC & Sarbanes-Oxley Compliance The Public Company Accounting Oversight Board Sarbanes-Oxley (SOX) 52

53 FIPS Publication 199 (Security Categorization) FIPS Publication 200 (Minimum Security Controls) FISMA 53

54 NIST Special Publication (Security Plan Development) NIST Special Publication (Risk Assessment) NIST Special Publication (Contingency Plan Development) NIST Special Publication (Certification & Accreditation) NIST Special Publication , Draft (Risk Management Framework) NIST Special Publication (Recommended Security Controls) FISMA 54

55 NIST Special Publication A (Security Control Assessment) NIST Special Publication (National Security Systems) NIST Special Publication (Security Category Mapping) NIST Special Publication (Electronic Authentication Guideline) (Appendix A: Estimating Password Entropy and Strength) FISMA 55

56 1. Federal Security Regulations in RHCPP Partnerships. Presentation & Discussion 2. 3 rd Party Security/Network Operations Center Support for RHCPPs A concept discussion 3. SEC-WG Action for the Future Round Table

57 The RHCPP is an assembly of independent businesses and individuals to provide medical care to rural areas The contractual basis for associations vary (association, partnership, joint venture, etc), but must meet the requirements of the FCC RHCPP SOC/NOC Support 57

58 Undetermined organization hierarchy At best, a hazy management structure defined by the type of association agreement Multiple independent entities where the AMCs are the big fish in the pond Diverse physical environments with variable levels of physical security Data centers, store fronts, large and small clinics Guards and badge reader entries to open doors with simple locks SOC/NOC Support 58

59 Diverse systems with broad variations in equipment, staffing and IT security One or more workstations with limited, or no local networks Windows internal firewalls or small internal firewalls Limited, at best, IDS/IPS capability Broad variation in account and password management Minimal, or no IT staff to full organizations Training programs to did you read the manual or office meetings The potential for aged or even legacy technology SOC/NOC Support 59

60 How will the following functions be addressed in the RHCPP environment? - Incident Response - IDS/IPS - NOC/SOC To what level should individual organizations be responsible for local access controls and account management? Some will have very limited or no IT expertise? Can the larger organizations in the RHCPP assume this function? Can it be provided as a network service? SOC/NOC Support 60

61 The creation of a consortium by the RHCPPs to provide common network and security services to the RHCPPs was discussed by a group of attendees at the Fall 08 Internet2 Member Meeting. The services could include: Network Operations (Control & Monitoring) Security Operations (IDS/IPS, Malware Maintenance, Scanning, etc.) Incident Response Account Management SOC/NOC Support 61

62 Is the underlying assumption valid (i.e. the RHCPP entities have a need for this type of service)? How should the stated services be ranked for need? Are other services needed? Are the FCC rules which could limit the ability to obtain services in this fashion? There are multiple approaches for defining a provider. What do the RHCPPs favor? Consortium Independent Third Party Commercial SOC/NOC Support 62

63 SOC/NOC Support 63

64 1. Federal Security Regulations in RHCPP Partnerships. Presentation & Discussion 2. 3 rd Party Security/Network Operations Center Support for RHCPPs A concept discussion 3. SEC-WG Action for the Future Round Table

65 What topics do you believe the HNI Security Working Group should address for the Fall Member Meeting? SEC-WG Action for the Future 65

Identity Theft Prevention Policy. Effective Date: January 1, 2011. Policy Statement

Identity Theft Prevention Policy. Effective Date: January 1, 2011. Policy Statement Identity Theft Prevention Policy Effective Date: January 1, 2011 Policy Statement Identity Theft is a crime in which an individual wrongfully obtains and uses another person's personal data, usually for

More information

Red Flag Rules and Aging Services: What You Need to Know

Red Flag Rules and Aging Services: What You Need to Know Red Flag Rules and Aging Services: What You Need to Know Late in 2007, six federal agencies, including the Federal Trade Commission ( FTC ), jointly issued final rules and accompanying guidelines to implement

More information

Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation

Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation Guidelines to FTC Red Flag Rule(reformatted) Appendix A to Part 681 Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation Section 681.2 of this part requires each financial institution

More information

policy All terms used in this policy that are defined in 16 C.F.R. 681.2 shall have the same meaning provided in that section.

policy All terms used in this policy that are defined in 16 C.F.R. 681.2 shall have the same meaning provided in that section. Name of Policy: Identity theft detection, prevention, and mitigation. Policy Number: 3364-15-12 Approving Officer: President Responsible Agent: Compliance Officer Scope: All University of Toledo Campuses

More information

Administrative Procedure 5800 Prevention of Identity Theft in Student Financial Transactions

Administrative Procedure 5800 Prevention of Identity Theft in Student Financial Transactions Reference: Fair and Accurate Credit Transactions Act, ( Pub. L. 108-159) The purpose of the Identity Theft Prevention Program (ITPP) is to control reasonably foreseeable risks to students from identity

More information

Wholesale Broker Red Flag/Identity Theft Prevention Program Certification

Wholesale Broker Red Flag/Identity Theft Prevention Program Certification Wholesale Broker Red Flag/Identity Theft Prevention Program Certification Federal regulations require that all financial institutions and their affiliates create an identity theft prevention program in

More information

Identity Theft Prevention Program

Identity Theft Prevention Program The University of North Carolina at Chapel Hill Identity Theft Prevention Program The Board of Trustees of The University of North Carolina at Chapel Hill (the University ) adopts this Identity Theft Prevention

More information

Central Oregon Community College. Identity Theft Prevention Program

Central Oregon Community College. Identity Theft Prevention Program Central Oregon Community College Identity Theft Prevention Program Effective beginning May 1, 2009 I. PROGRAM ADOPTION This program has been created to put COCC in compliance with Section 41.90 under the

More information

EXHIBIT A Identity Theft Protection Program. Definitions. For purposes of the Policy, the following definitions apply (1);

EXHIBIT A Identity Theft Protection Program. Definitions. For purposes of the Policy, the following definitions apply (1); EXHIBIT A Identity Theft Protection Program Definitions. For purposes of the Policy, the following definitions apply (1); A. City means: the City of Troy, Montana B. Covered Account means: An account that

More information

Physician Office Compliance with the Red Flag Rule

Physician Office Compliance with the Red Flag Rule Physician Office Compliance with the Red Flag Rule The Red Flag Rule, implemented by the Federal Trade Commission (FTC) on May 1, 2009, requires all financial institutions and creditors, including physician

More information

RESOLUTION TO ADOPT IDENTITY THEFT POLICY

RESOLUTION TO ADOPT IDENTITY THEFT POLICY RESOLUTION TO ADOPT IDENTITY THEFT POLICY WHEREAS, in late 2008 the Federal Trade Commission (FTC) and federal banking agencies issued a regulation known as the Red Flag Rule under sections 114 and 315

More information

Identity Theft Policy Created: June 10, 2009 Author: Financial Services and Information Technology Services Version: 1.0

Identity Theft Policy Created: June 10, 2009 Author: Financial Services and Information Technology Services Version: 1.0 Identity Theft Policy Created: June 10, 2009 Author: Financial Services and Information Technology Services Version: 1.0 Scope: The risk to Loyola University Chicago and its faculty, staff and students

More information

California State University, Chico. Identity Theft Prevention Red Flags Program

California State University, Chico. Identity Theft Prevention Red Flags Program Identity Theft Prevention Red Flags Program Version 1.0 November 16, 2010 REVIEW/APPROVAL HISTORY Document Title: Author: Brooke F. Banks, Information Security Officer Date By Action Pages 10/30/2009 Bill

More information

Detecting, Preventing, and Mitigating Identity Theft

Detecting, Preventing, and Mitigating Identity Theft THE RED FLAGS RULE Detecting, Preventing, and Mitigating Identity Theft Training for Ball State University s Identity Theft Protection Program What is the Red Flag Rule? Congress passed the Fair and Accurate

More information

University Identity Theft and Detection Program (NEW) All Campuses and All Service Providers Subject to the Red Flags Rule

University Identity Theft and Detection Program (NEW) All Campuses and All Service Providers Subject to the Red Flags Rule NUMBER: BUSF 4.12 SECTION: SUBJECT: Finance and Planning University Identity Theft and Detection Program (NEW) DATE: March 3, 2011 Policy for: Procedure for: Authorized by: Issued by: All Campuses and

More information

NORTHEAST COMMUNITY COLLEGE ADMINISTRATIVE PROCEDURE NUMBER: AP-3250.0 FOR POLICY NUMBER: BP 3250 IDENITY THEFT PREVENTION PROGRAM PROCEDURES

NORTHEAST COMMUNITY COLLEGE ADMINISTRATIVE PROCEDURE NUMBER: AP-3250.0 FOR POLICY NUMBER: BP 3250 IDENITY THEFT PREVENTION PROGRAM PROCEDURES NORTHEAST COMMUNITY COLLEGE ADMINISTRATIVE PROCEDURE NUMBER: AP-3250.0 FOR POLICY NUMBER: BP 3250 IDENITY THEFT PREVENTION PROGRAM PROCEDURES 1. PROCEDURE SUMMARY STATMENT The purpose of this procedure

More information

IDENTITY THEFT PREVENTION PROGRAM COUNTY OF DUPLIN, NORTH CAROLINA

IDENTITY THEFT PREVENTION PROGRAM COUNTY OF DUPLIN, NORTH CAROLINA IDENTITY THEFT PREVENTION PROGRAM COUNTY OF DUPLIN, NORTH CAROLINA TO ESTABLISH AN IDENTIFY THEFT PREVENTION PROGRAM; TO COMPLY WITH FEDERAL REGULATIONS RELATING TO ADDRESS DISCREPANCIES; TO COMPLY WITH

More information

The National Association of Community Health Centers, Inc. ISSUE BRIEF

The National Association of Community Health Centers, Inc. ISSUE BRIEF The National Association of Community Health Centers, Inc. ISSUE BRIEF FTC Red Flag Rule Considerations in Developing an Identity Theft Prevention Program April 2009 Prepared for NACHC by: Carrie Bill

More information

Identity Theft Prevention Program

Identity Theft Prevention Program Identity Theft Prevention Program Illinois College of Optometry Illinois Eye Institute Effective Date: May 2009 Revised: Review Dates: IDENTITY THEFT PREVENTION POLICY STATEMENT The Illinois College of

More information

WHEREAS the Federal Trade Commission regulations include utility companies in the definition of creditor;

WHEREAS the Federal Trade Commission regulations include utility companies in the definition of creditor; CITY OF STATE OF GEORGIA ORDINANCE NO: AN ORDINANCE TO AMEND THE CODE OF ORDINANCES, CITY OF, GEORGIA TO PROVIDE A NEW ARTICLE, IDENTITY THEFT PREVENTION PROGRAM; TO COMPLY WITH FEDERAL REGULATIONS RELATING

More information

ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.

ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg. ACCG Identity Theft Prevention Program ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.org July 2009 Contents Summary of ACCG Identity Theft Prevention Program...

More information

University of Nebraska - Lincoln Identity Theft Prevention Program

University of Nebraska - Lincoln Identity Theft Prevention Program I. Purpose & Scope This program was developed pursuant to the Federal Trade Commission s (FTC) Red Flag Rules promulgated pursuant to the Fair and Accurate Credit Transactions Act (the FACT Act). The University

More information

UNION COUNTY S IDENTITY THEFT PREVENTION PROGRAM

UNION COUNTY S IDENTITY THEFT PREVENTION PROGRAM UNION COUNTY S IDENTITY THEFT PREVENTION PROGRAM This program shall become effective November 1, 2008. Adopted this the 20 th day of October, 2008. I. PREFACE The purpose of this program is to detect,

More information

These rules became effective August 1, 2009, and require certain agencies to implement an identity theft program and policy.

These rules became effective August 1, 2009, and require certain agencies to implement an identity theft program and policy. Red Flag Policy Protecting your privacy is of paramount importance at Missouri Southern State University, and we are dedicated to the responsible handling of your personal information. We are very committed

More information

DSU Identity Theft Prevention Policy No. DSU 802.7.001

DSU Identity Theft Prevention Policy No. DSU 802.7.001 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 IDENTITY THEFT PREVENTION DSU Policy No. 802.7.001 SOURCE: Fair and Accurate

More information

Northeast Technology Center Board Policy 2110 Page 1 IDENTITY THEFT PREVENTION (MANY COVERED ACCOUNTS)

Northeast Technology Center Board Policy 2110 Page 1 IDENTITY THEFT PREVENTION (MANY COVERED ACCOUNTS) Page 1 IDENTITY THEFT PREVENTION (MANY COVERED ACCOUNTS) This Policy is adopted to ensure compliance with the Fair and Accurate Credit Transaction Act, 15 U.S.C. 1601 et seq. and the Federal Trade Commission

More information

COUNTY OF SONOMA AND SONOMA COUNTY COMMUNITY DEVELOPMENT COMMISSION IDENTITY THEFT PREVENTION PROGRAM

COUNTY OF SONOMA AND SONOMA COUNTY COMMUNITY DEVELOPMENT COMMISSION IDENTITY THEFT PREVENTION PROGRAM COUNTY OF SONOMA AND SONOMA COUNTY COMMUNITY DEVELOPMENT COMMISSION IDENTITY THEFT PREVENTION PROGRAM In Accordance with the Fair and Accurate Credit Transactions Act of 2003 And 16 CFR 681.1 and 16 CFR

More information

Red Flag Identity Theft Financial Policy 1.10

Red Flag Identity Theft Financial Policy 1.10 Issued: 05/16/2014 Revised: Policy and College ( Seminary ) developed this Identity Theft Prevention Program ("Program") pursuant to the Federal Trade Commission's ( FTC ) Red Flags Rule, which implements

More information

University Policy: Identity Theft Prevention Policy

University Policy: Identity Theft Prevention Policy University Policy: Identity Theft Prevention Policy Policy Category: Ethics, Integrity and Legal Compliance Policies Subject: Detection, prevention and mitigation of identity theft Office Responsible for

More information

31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY. WHEREAS, The Fair and Accurate Credit Transactions Act of 2003,

31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY. WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, 5/23/2011 31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159, requires municipalities to promulgate

More information

Identity Theft Prevention Program Compliance Model

Identity Theft Prevention Program Compliance Model September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All

More information

DHHS POLICIES AND PROCEDURES

DHHS POLICIES AND PROCEDURES DHHS POLICIES AND PROCEDURES Section VIII: Privacy and Security Identity Theft Policies, Identity Theft Red Flags and Address Discrepancy Identity Theft Policies Current Effective 2/1/16, 10/1/15 Date:

More information

IDENTITY THEFT PREVENTION PROGRAM

IDENTITY THEFT PREVENTION PROGRAM IDENTITY THEFT PREVENTION PROGRAM The risk to Benedictine College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only through

More information

Policies and Procedures: IDENTITY THEFT PREVENTION

Policies and Procedures: IDENTITY THEFT PREVENTION Policies and Procedures: IDENTITY THEFT PREVENTION Section: Chapter: Policy: Compliance Administration Identity Theft Prevention I. PURPOSE The purpose of this policy is to protect patients and West Virginia

More information

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009 Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program

More information

Identity Theft Prevention Program. Approved by the Arizona Board of Regents on May 1, 2009

Identity Theft Prevention Program. Approved by the Arizona Board of Regents on May 1, 2009 Identity Theft Prevention Program Approved by the Arizona Board of Regents on May 1, 2009 I. Purpose & Scope This Program was developed pursuant to the Federal Trade Commission s ( FTC ) Red Flag Rules

More information

University of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response)

University of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response) University of St. Thomas Identity Theft Prevention Program (Red Flags Regulation Response) Revised: January 10, 2013 Program Adoption and Administration The University of St. Thomas ( University ) established

More information

POLICY NO. 449 IDENTITY THEFT PREVENTION POLICY

POLICY NO. 449 IDENTITY THEFT PREVENTION POLICY POLICY NO. 449 IDENTITY THEFT PREVENTION POLICY I. POLICY SUMMARY It shall be the policy of Polk County Rural Public Power District (PCRPPD) to take all reasonable steps to identify, detect, and prevent

More information

Wisconsin Rural Water Association Identity Theft Prevention Program Compliance Model

Wisconsin Rural Water Association Identity Theft Prevention Program Compliance Model Wisconsin Rural Water Association Identity Theft Prevention Program Compliance Model All utilities are required to comply with this regulation. The Red Flag Rule requires any entity where there is a risk

More information

ELKHORN RURAL PUBLIC POWER DISTRICT POLICY #1230. Identity Theft Prevention Policy

ELKHORN RURAL PUBLIC POWER DISTRICT POLICY #1230. Identity Theft Prevention Policy ELKHORN RURAL PUBLIC POWER DISTRICT 1230-1 I. POLICY SUMMARY POLICY #1230 Identity Theft Prevention Policy It shall be the policy of Elkhorn Rural Public Power District ( District ) to take all reasonable

More information

DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED:

DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED: DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED: I. Adoption of Identity Theft Prevention Program Doylestown Family Medicine, P.C.

More information

Number: 0-109 Identity Theft Program Procedures and Protocol Responsible Office: Business and Finance

Number: 0-109 Identity Theft Program Procedures and Protocol Responsible Office: Business and Finance POLICY USF System USF USFSP USFSM Number: 0-109 Subject: Identity Theft Program Procedures and Protocol Responsible Office: Business and Finance Date of Origin: 1-11-11 Date Last Amended: Date Last Reviewed:

More information

Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements

Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements 1.0 Introduction In 2003, Congress enacted the Fair and Accurate Credit Transactions Act of 2003, 15 U.S.C. Section 1681,

More information

Identity Theft Policy

Identity Theft Policy Identity Theft Policy Policy/Procedure Section 1: Background The risk to Dickinson College (the College ), its employees and students from data loss and identity theft is of significant concern to the

More information

RANDOLPH COUNTY EMERGENCY SERVICES & TAX DEPARTMENT. Identity Theft Prevention Program. Adopted August 3, 2009 Effective beginning August 1, 2009

RANDOLPH COUNTY EMERGENCY SERVICES & TAX DEPARTMENT. Identity Theft Prevention Program. Adopted August 3, 2009 Effective beginning August 1, 2009 RANDOLPH COUNTY EMERGENCY SERVICES & TAX DEPARTMENT Identity Theft Prevention Program Adopted August 3, 2009 Effective beginning August 1, 2009 I. PROGRAM ADOPTION The Randolph County Emergency Services

More information

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper Spotting ID Theft Red Flags A Guide for FACTA Compliance An IDology, Inc. Whitepaper With a November 1 st deadline looming for financial companies and creditors to comply with Sections 114 and 315 of the

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

RANDOLPH COUNTY PUBLIC WORKS. Identity Theft Prevention Program. Adopted September 1, 2009 Effective beginning September 1, 2009

RANDOLPH COUNTY PUBLIC WORKS. Identity Theft Prevention Program. Adopted September 1, 2009 Effective beginning September 1, 2009 RANDOLPH COUNTY PUBLIC WORKS Identity Theft Prevention Program Adopted September 1, 2009 Effective beginning September 1, 2009 I. PROGRAM ADOPTION The Randolph County Public Works Department ( the Department

More information

ORDINANCE NUMBER 644 AN ORDINANCE ESTABLISHING THE TOWN OF YORKTOWN IDENTITY THEFT PREVENTION PROGRAM

ORDINANCE NUMBER 644 AN ORDINANCE ESTABLISHING THE TOWN OF YORKTOWN IDENTITY THEFT PREVENTION PROGRAM ORDINANCE NUMBER 644 AN ORDINANCE ESTABLISHING THE TOWN OF YORKTOWN IDENTITY THEFT PREVENTION PROGRAM WHEREAS, the Federal Trade Commission, through 16 C.F.R. Part 681.1, adopted Identity Theft Rules requiring

More information

IDENTITY THEFT PREVENTION PROGRAM

IDENTITY THEFT PREVENTION PROGRAM IDENTITY THEFT PREVENTION PROGRAM This program is launched in response to the Federal Trade Commission Red Flag Rules and Address Discrepancy Rules in conjunction with the Fair and Accurate Credit Transaction

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)

NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES) NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES) Section 1. NSHE... 2 Section 2. UNR... 4 Section 3. WNC... 9 Chapter 13,

More information

Identity Theft Prevention Program

Identity Theft Prevention Program Smyth County Policy Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in

More information

UNC Asheville. Red Flag Rule and NC Identity Protection Act Information

UNC Asheville. Red Flag Rule and NC Identity Protection Act Information UNC Asheville Red Flag Rule and NC Identity Protection Act Information Why Should UNC Asheville be Concerned? The Federal Trade Commission (FTC) regulates financial transactions at UNC Asheville The FTC

More information

CENTENARY COLLEGE POLICIES UNDER THE FAIR & ACCURATE CREDIT TRANSACTION ACT S RED FLAG RULES

CENTENARY COLLEGE POLICIES UNDER THE FAIR & ACCURATE CREDIT TRANSACTION ACT S RED FLAG RULES (FACTA) April 30, 2009 Approved by: Audit Committee of the Board of Trustees CENTENARY COLLEGE POLICIES UNDER THE A RESOLUTION ADOPTING AN IDENTITY THEFT POLICE Centenary College ( College ) developed

More information

Board of Commissioners Policy. Town of Nags Head Identity Theft Protection Program. Adopted October 22, 2008

Board of Commissioners Policy. Town of Nags Head Identity Theft Protection Program. Adopted October 22, 2008 M. Renée Cahoon Mayor Anna D. Sadler Mayor Pro Tem Charlie Cameron Town Manager/ Public Safety Director Town of Nags Head Post Office Box 99 Nags Head, North Carolina 27959 Telephone 252-441-5508 Fax 252-441-0776

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

MCPHS IDENTITY THEFT POLICY

MCPHS IDENTITY THEFT POLICY SECTION 1: BACKGROUND MCPHS IDENTITY THEFT POLICY The risk to the College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only

More information

CHAPTER 99: IDENTITY THEFT PREVENTION PROGRAM

CHAPTER 99: IDENTITY THEFT PREVENTION PROGRAM CHAPTER 99: IDENTITY THEFT PREVENTION PROGRAM Section 99.01 Objective 99.02 Scope 99.03 Definitions 99.04 Policy 99.05 Program Management and Accountability 99.06 Responsibility 99.07 Identity Theft Prevention

More information

Ferris State University

Ferris State University Ferris State University BUSINESS POLICY TO: All Members of the University Community 2009:08 DATE: May 2009 I. BACKGROUND IDENTITY THEFT PREVENTION PROGRAM The risk to the University, and its students,

More information

RANDOLPH COUNTY HEALTH DEPARTMENT. Identity Theft Prevention Program. Adopted August 3, 2009 Effective beginning August 1, 2009

RANDOLPH COUNTY HEALTH DEPARTMENT. Identity Theft Prevention Program. Adopted August 3, 2009 Effective beginning August 1, 2009 RANDOLPH COUNTY HEALTH DEPARTMENT Identity Theft Prevention Program Adopted August 3, 2009 Effective beginning August 1, 2009 I. PROGRAM ADOPTION The Randolph County Health Department ( the Department

More information

FACTA Identity Theft Red Flags Program. www.chs.acfei.com

FACTA Identity Theft Red Flags Program. www.chs.acfei.com 1 FACTA Identity Theft Red Flags Program Module 1 Fair and Accurate Credit Transactions Act Overview Identity thieves use individual s personal identifiable information to open new accounts and misuse

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

DMACC IDENTITY THEFT- RED FLAGS PROCEDURES

DMACC IDENTITY THEFT- RED FLAGS PROCEDURES DMACC IDENTITY THEFT- RED FLAGS PROCEDURES This document contains identity theft red flag procedures for Des Moines Area Community College. Section Topic Page 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 XX PURPOSE

More information

IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009

IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009 IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009 Table of Contents Introduction to the Training Module.. i I. Introduction. 1 II. Definitions. 3 III. Recognizing Identity Theft.. 6 IV. Identifying

More information

Covered Areas: Those EVMS departments that have activities with Covered Accounts.

Covered Areas: Those EVMS departments that have activities with Covered Accounts. I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with

More information

PROVISIONS IDENTITY THEFT RED FLAG FAQS

PROVISIONS IDENTITY THEFT RED FLAG FAQS R E D F L A G PROVISIONS 2 0 0 9 IDENTITY THEFT RED FLAG FAQS Provided to you by P r e p a r e d b y Eduard Goodman, J.D.,LL.M. Chief Privacy Officer I d e n t i t y T h e f t 9 11, L L C FREQUENTLY ASKED

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

HIPAA Security Overview of the Regulations

HIPAA Security Overview of the Regulations HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.

More information

RADLEY ACURA RED FLAG IDENTITY THEFT PROTECTION PROGRAM and ADDRESS DISCREPANCY PROGRAM

RADLEY ACURA RED FLAG IDENTITY THEFT PROTECTION PROGRAM and ADDRESS DISCREPANCY PROGRAM RADLEY ACURA RED FLAG IDENTITY THEFT PROTECTION PROGRAM and ADDRESS DISCREPANCY PROGRAM SUMMARY OF OUR PROGRAM AND PROCESSES This dealership is committed to protecting its customers and itself from identity

More information

Model Identity Theft Policy and Adopting Resolution

Model Identity Theft Policy and Adopting Resolution Model Identity Theft Policy and Adopting Resolution, Tennessee RESOLUTION NO. A RESOLUTION ADOPTING AN IDENTITY THEFT POLICY WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, an amendment

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

David Coble Internal Control Officer

David Coble Internal Control Officer WESTERN WASHINGTON UNIVERSITY S RED FLAGS IDENTITY THEFT PREVENTION PROGRAM IMPLEMENTING SECTIONS 114 AND 315 OF THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT OF 2003 David Coble Internal Control Officer

More information

Identity Theft Prevention Program

Identity Theft Prevention Program Identity Theft Prevention Program I. PROGRAM PURPOSE AND DEFINITIONS The purpose of this Identity Theft Prevention Program ( Program ) is to detect, prevent and mitigate identity theft in connection with

More information

COUNCIL POLICY NO. C-13

COUNCIL POLICY NO. C-13 COUNCIL POLICY NO. C-13 TITLE: POLICY: Identity Theft Prevention Program See attachment. REFERENCE: Salem City Council Finance Committee Report dated November 7, 2011, Agenda Item No. 3 (a) Supplants Administrative

More information

Red Flag Policy and Procedures for Alexander Orthopaedic Associates

Red Flag Policy and Procedures for Alexander Orthopaedic Associates Red Flag Policy and Procedures for Alexander Orthopaedic Associates The Identify Theft Prevention Program developed by Alexander Medical Group LLC dba Alexander Orthopaedic Associates referred throughout

More information

MOTLOW STATE COMMUNITY COLLEGE

MOTLOW STATE COMMUNITY COLLEGE Page 1 of 5 MOTLOW STATE COMMUNITY COLLEGE SUBJECT: FACTA Red Flag Rule and Identity Theft Prevention Program I. BACKGROUND In late 2007 the Federal Trade Commission (FTC) and Federal banking agencies

More information

POLICY: Identity Theft Red Flag Prevention

POLICY: Identity Theft Red Flag Prevention POLICY SUBJECT: POLICY: Identity Theft Red Flag Prevention It shall be the policy of the Cooperative to take all reasonable steps to identify, detect, and prevent the theft of its members personal information

More information

IBN Financial Services, Inc. Identity Theft Prevention Program(ITPP) under the FTCFACTActRedFlagsRule

IBN Financial Services, Inc. Identity Theft Prevention Program(ITPP) under the FTCFACTActRedFlagsRule IBN Financial Services, Inc. Identity Theft Prevention Program(ITPP) under the FTCFACTActRedFlagsRule I. Firm Policy Our firm s policy is to protect our customers and their accounts from identity theft

More information

RESOLUTION NO. 0913 IDENTITY THEFT PREVENTION PROGRAM

RESOLUTION NO. 0913 IDENTITY THEFT PREVENTION PROGRAM RESOLUTION NO. 0913 IDENTITY THEFT PREVENTION PROGRAM WHEREAS, the Eugene Water & Electric Board (EWEB) recognizes the importance of establishing a Identity Theft Prevention Program (Program) and procedures

More information

[Utility Name] Identity Theft Prevention Program. Effective beginning, 2008

[Utility Name] Identity Theft Prevention Program. Effective beginning, 2008 [Utility Name] Identity Theft Prevention Program Effective beginning, 2008 I. PROGRAM ADOPTION The [Utility Name] ("Utility") developed this Identity Theft Prevention Program ("Program") pursuant to the

More information

UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM

UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM Doc. T08-109 Passed by the BoT 12/11/08 UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM The Board recognizes that some activities of the University are subject to the provisions of the Fair

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

City of Hercules Hercules Municipal Utility Identity Theft Prevention Program

City of Hercules Hercules Municipal Utility Identity Theft Prevention Program City of Hercules Hercules Municipal Utility Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate

More information

THE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM

THE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM THE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM SECTION 1: BACKGROUND The risk to Valparaiso University ("University"), its employees, students (in

More information

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such

More information

CHAPTER 12 IDENTITY PROTECTION AND IDENTITY THEFT PREVENTION POLICIES

CHAPTER 12 IDENTITY PROTECTION AND IDENTITY THEFT PREVENTION POLICIES CHAPTER 12 IDENTITY PROTECTION AND IDENTITY THEFT PREVENTION POLICIES Section 1-12-1: Purpose 1-12-2: Definitions 1-12-3: Scope 1-12-4: Identity Protection Policy 1-12-5: Identity Theft Prevention Policy

More information

Deer Park Independent School District. Identity Theft Policy and Board of Trustees Resolution

Deer Park Independent School District. Identity Theft Policy and Board of Trustees Resolution Deer Park Independent School District Identity Theft Policy and Board of Trustees Resolution Deer Park, Texas ORDINANCE AND RESOLUTION A RESOLUTION ADOPTING AN IDENTITY THEFT POLICY WHEREAS, The Fair and

More information

Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009

Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009 Wake Forest University Identity Theft Prevention Program Effective May 1, 2009 I. GENERAL It is the policy of Wake Forest University ( University ) to comply with the Federal Trade Commission's ( FTC )

More information

Identity Theft Prevention Program. Effective beginning April 14, 2010

Identity Theft Prevention Program. Effective beginning April 14, 2010 Identity Theft Prevention Program Effective beginning April 14, 2010 PROGRAM ADOPTION Cobalt Financial Corporation ( Broker ) developed this Identity Theft Program ( Program ) pursuant to the Federal Trade

More information