Thank you to the Medical Community

When I was 11 years old my grandfather had both his legs amputated.   When I was 27 years old my grandmother had one leg amputated.  When I was 30 years old my father had both his legs amputated.  On May 4, 2009 my Mother’s leg was amputated and on August 11 she had a heart attack and double by-pass.  On June 18, 2009 my twin brother had a heart attack. He had by-pass surgery on July 11 and his second leg amputated two days later.  On September 24, 2009 my older brother had his leg amputated.  They were or are all diabetic. In my family of origin, I am the sole surviving member that is neither diabetic, has heart disease, nor any amputations.  I am healthy.

It occurs to me that my role in this journey is not only to stand as a witness to what Diabetes creates even for the most disciplined of patients, but I am also here to tell the story about the incredible blessings received from the medical community.   I must tell you how lucky our family is to have hundreds of you working on our behalf. 

The mere fact that a decision was made to work in the medical field in what ever capacity chosen contributed to giving this family a chance it would not have gotten had you not made that decision. The commitment to help us overcome life threatening set backs that dramatically changed the course of 3 generations gave us, and continues to give us, an ability to thrive. The miracle is in helping us to successfully meet the changing dimensions that disease sometimes creates. 

What others take for granted, I do not.  Whether it is the orderlies that cleaned the rooms in any one of 20 hospitals my family stayed at; the chefs that fed them for a minimum of 80 weeks of hospitalizations; the customer service people from multiple insurance carriers that guided us;  the billers that processed the mountain of claims they created;  the practice managers that worked with me on behalf of each family member;  the recommendations given by industry insiders or the myriad of incredible doctors, nurses, medical assistants, and many more who provided care or supported it - your roles were not insignificant.  The admissions clerks, the coder, the social worker, the telephone, IT,  and television guy may not fully understand why their efforts make a difference, but I do.  Had any one of you decided not to work in medicine, and more importantly not given it your very best, my family would have perished and I would have found myself today without one.

There is no question in the minds of anyone that works in medicine on a daily basis that the system is broken.  Yet even in a broken system we commit every day to support the challenges that many families like mine face.  Most of the time, it works.  Sometimes it doesn’t.  As a contributing member of this incredible community, I am here to testify on behalf of my family to say to you that the next time you think what you do doesn’t make a difference and doesn’t matter remember my family story, because it does.  Every single piece of the process matters.  Every spoken word matters.  Every human touch matters.  We matter and what we give matters not just for a single minute but for generations.

We are a community of individuals that collectively contribute to what matters most and that is to touch the lives of the people we come in contact with.  But understand that the difference we make is not just for a limited number of people we meet during the course of our career. What we do actually transcends to changing the course of lives in future generations too.  Do not for one moment underestimate that.    

Washington will tinker, stumble, and maybe even blunder with the medical system in an attempt to change it for the better, but what they can’t touch is our dedication, determination, and most of all the things we do that change the course of generations one moment at a time and one patient at a time. 

So today I stand up for my family to honor all of you for giving us an immense amount of blessings.   We are indebted to you and we thank you on behalf of the generations past, the generations here, and the ones yet to come.  With God’s grace I will be the first to go forward ending this insidious disease in our family, leading our children, and grandchildren down the same path.  My family understands that I will not be able to accomplish the goal without you, but they are immensely grateful that you give us a fighting chance.

Ester Horowitz

 

Are Our Children at Risk for Identity Theft?

Governments around the world are addressing identity theft by passing laws and regulations as part of the effort to slow down illegal trade and terrorism. In most cases the efforts only addresses the use of adult identities.  Children under the age of 18, however, have a much higher risk of identity theft than is commonly realized. 

Because children have no credit histories, they are a perfect target.  Thieves can often get away with the crime for years since children aren’t old enough to establish credit.  In most cases identity theft is not realized until a child attempts to obtain college loans.

There are two basic types of identity theft - financial and non financial. Thieves start with the non financial information first in order to gain access to the financial opportunities. As soon as your child receives a social security number he or she is at risk.  According to the Federal Trade Commission more than 20,000 children and teens were victims of identity theft in 2008 alone.  But understand that the number represents only those cases that were reported.  Many more are not even aware that their children’s identities have been compromised.   

We live in a technologically advanced world in which information flows easily.  Though this world makes our lives easier and more efficient it also comes with new responsibilities.  Identity theft is easy to do and it is lucrative.  If a four year old is capable of performing advanced tasks in a P.C. commercial or a 16 year old child can loose his cell phone filled with personally identifiable information, how hard is it steal an identity for quick cash?  If new viruses can be created to replace the viruses we have learned to thwart, then we must also assume that identity theft cannot be stopped either for the same reason.         

Vigilance, education, early detection, and expert consultation can be a powerful package of tools to minimize the risk of becoming a victim of identity theft at any age.  For example, announcements in the paper, profiles on social networking sites, and sudden volumes of mail involving family events are fertile opportunities for identity thieves.  They scan papers and social networking sites as well as look through trash for discarded mail. It only takes knowing a name and one other piece of information to steal an identity. Don’t underestimate the fact that a lawn sign stating that “it’s a girl or boy” doesn’t alert someone that an identity is viable to steal. Remember a time when our children wore their names on their clothing and we stopped that practice once we learned it was use by predators to lure our children away.  This is no different. 

In addition be aware that 50% of identity theft occurs by someone you know. Do not underestimate the possibility that a relative decided to use your child’s identity for his own strategic purposes without your knowledge or that your child’s medical record was copied by someone in the emergency room and they then sold it.  Medical identity theft is increasingly common and dangerous both among adults and children.

 It’s important to educate yourself and your children as early as possible about what is private information and the need to safeguard it.  It is also vital that a child’s credit be monitored throughout childhood the same as adults. 

Many companies offer to monitor adult credit histories and alert consumers when an inquiry is made for a nominal monthly fee. Only one company extends the service to children as well.  When you consider that restoring identities costs adults an average of $92,500 and up to 1600 hours attempting to clear it up, imagine how much more it could cost to restore the damage from a child's perfect credit score. 

As we learn to make it harder for thieves to steal identities from adults, efforts will shift to children because it’s easy to do.  Governments around the world are addressing identity theft for serious international threats that every adult should understand.  But for now it doesn’t include our children and they will  remain  a greater risk until mounting evidence demonstrates they need to be included in future regulations.

 

Red Flag Rule: What Do You Do?

 

Many medical practices have been asking about what it is that they need to do in order to comply with the FTC regulation nicknamed “The Red Flag Rule” due November 1st.  More importantly the real request is how to comply in the most cost effective, efficacious, and time efficient way possible.

 

The Federal Trade Commission passed this regulation known as FACTA and nicknamed “Red Flag” on January 1^st 2008.  The compliance date was set for November 1, 2008 and then delayed till November 1^st 2009.  The medical industry lobbies have been demanding that health care be exempt from the ruling but as of February, 2009 the FTC stated it will not.  Since the FTC is not the same as CMS, HHS, or the OIG, the assumption that they may offer up an eleventh hour delay is not likely because it involves more than just the health care industry. 

 

To assist and get started, I offer the following suggestions broken down into three basic “buckets”. The first is the gap analysis or following the flow of information.  The second is the written documentation and the third is staff education.   The process we are required to follow is the same as it was for HIPAA. It is the information that is different.

 

To begin, most practices and health enterprises performed a gap analysis to comply with HIPAA.  The process was not long ago and this regulation encourages us to revisit that process in order to look for the “red flags” involving identity theft.  First, it would be a prudent idea to update any changes that may have occurred to the practice since the last gap analysis was performed for HIPAA.  Once updated, you then can include the criteria involving identities.  This will complete and close the circle so to speak about any individual the organization render care to.

 

However, I must warn you that the FTC is not stopping at identity theft as it relates to patients and business associates or vendors who are in contact with that information.  There is a small but very important paragraph which does not seems to be discussed well among the medical industry relative to the identities of others.  This paragraph can be found in the FTC brochure which I would be happy to provide by request. It is my opinion that this paragraph also includes the identities of our employees because we collect identity information for insurance, payroll, and taxes.

 

 

          The second kind of “covered account” is “any other account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.” Examples include small business accounts, sole proprietorship accounts, or single transaction consumer accounts that may be vulnerable to identity theft. Unlike consumer accounts designed to permit multiple payments or transactions – they always are “covered accounts” under the Rule – other types of accounts are “covered accounts” only if the risk of identity theft is reasonably foreseeable.

 

 

None of us are exempt from getting our CEOs, boards, and senior staff members committed to the project. Nor are we exempt from selecting a compliance officer to implement and over see the process or perform a gap analysis.  However the good news is that it was done previously under HIPAA and is useful for “Red Flag”.  In that way we maximize the time and effort invested without duplicating the process again. Instead we simply update and add identity criteria.  For most that will be an investment of hours rather than weeks or months, manpower you don’t have, or hiring attorneys and accountants again.

 

The second two “buckets” involved creating proper documentation and employee education.  Those two buckets were the bane of existence for HIPAA and are also for Red Flag as well.  There are many documents now being shared among list serves at no cost and you are welcome to use those but I suggest that you have an attorney or risk manager approve the use of them.  While many health organizations have similar infrastructures there are no two enterprises alike the same way there are no two sets of fingerprints alike.

 

In anticipation of the need to better fulfill the second and third “bucket”, an investigation was performed to see if a solution was viable or one had to be made.   An investigation was made out in and out of the medical industry simply because the FTC Red Flag Rule is not specific to health care but affects every industry. Therefore the possibility of finding a solution in another industry was very real.  To my delight I did.

 

I found a very reputable and notable organization that will provide Red Flag compliance which includes the proper documentation and employee education at no cost.  It is a viable solution that has already been tested and accepted by many medical organizations as a reasonable choice.  To learn more about how it works email me with your contact information including your telephone number. 

 

January 1, 2008 the Federal Trade Commission passed an identity theft regulation. The original date to comply was set for November 1, 2008 and then delayed to May 1, 2009. 

 

The regulation focuses on requiring all employers, regardless of their industry, to make a good faith effort to thwart identity theft of employees, customers, and anyone they involve in business transactions.   The compliance requirement applies to any business or individual who maintains or otherwise possesses consumer information for a business purpose.

 

The health care industry has expressed confusion relative to the difference between HIPAA and identity theft.  What is similar is the method in which every employer must comply.  What is different is the information the regulation focuses upon. 

 

HIPAA focuses on patient health information.  Red Flag focuses on the identity of individuals used for business purposes.  They include, but are not limited to, employee applications, payroll data, W-2, social security numbers, drivers licenses, and credit cards, military records, birth certificates, to name a few.

 

Employee or Customer information lost under the wrong set of circumstances may cost a company or practice:

 

• Federal and State Fines of $2500 per occurrence
• Civil Liability of $1000 per occurrence
• Class action Lawsuits with no statutory limitation
• Responsible for actual losses of Individual ($92,893 Avg.)

 

While the fines may pale in comparison to HIPAA or Graham, Leach, Biley, what glares out is the class action lawsuits that have no statutory limitation and the financial liabilities we will be held accountable for.

 

To learn more request a PDF on the topic or go to askleslie.net for the full article.