Responding to Red Flags. USBFS will take the necessary and appropriate action to respond to any Red Flag that may be indicative of identity theft including, among other actions, not opening an account, closing an account and/or filing a suspicious activity report (SAR-SF) with the Financial Crimes Enforcement Network (FinCEN). The USBFS AML Officer, Identity Theft Prevention Program Coordinator or one of their designees may contact the Trust to alert them to potential identity theft activity and to involve the appropriate Trust personnel in the process as necessary.
Responding to Red Flags. If identity theft and fraudulent activity is suspected, or if a patient claims to be a victim of identity theft, the Compliance Department and Information Security Officer will respond and investigate the situation. ▪ Staff and employees should gather all documentation and report the Red Flag or situation to his or her supervisor, or directly to the Information Security Officer or Chief Compliance Officer. Third party experts can be consulted to assist in investigating, if warranted. ▪ MEHG security and compliance officials will assess the situation and determine if identity theft has occurred, and notify law enforcement if needed. • Informing the Patient about Identity Theft – MEHG and the Facilities should inform the patient, in writing, of possible unauthorized use of their personal identifying information. Efforts should also be made to directly contact the patient by telephone or in-person so they can take appropriate steps to protect their identity. Notice should only be delayed if law enforcement informs that disclosure of the identity theft or breach would impede a criminal investigation. The required notice should be provided without unreasonable delay after the law enforcement agency communicates its determination that notice will no longer impede the investigation. ▪ A formal letter should be mailed to the patient via certified postal mail, return receipt requested. The letter should state the reason the clinic feels the patient is a victim of identity theft and the recommended steps the patient should undertake. ▪ The patient should be given information on how to alert credit bureaus to the potential identity theft. • Mitigating Identity Theft Incidents – If following investigation, it appears that the patient has been a victim of identity theft; the following actions are recommended: ▪ MEHG and the affected facility or clinic should notify the appropriate law enforcement agency and cancel active transactions. A Red Flag “Alert” should be placed into the patient’s account and medical record. ▪ The impacted facility or clinic should cease collection on open accounts that resulted from identity theft. If accounts had been referred to collection agencies, the collection agencies will be instructed to cease collection activity. ▪ The patient should be encouraged to file a police report if not already done. ▪ The facility or clinic is expected to cooperate with any law enforcement investigation relating to the identity theft incident. ▪ If an advers...
