Layton City   search site  
Home Do Business Live & Work Play Departments Services & Payments Contact Us Follow Layton City Twitter Like Us on Facebook
   
  Skip Navigation Links Home Departments Management Services Human Resources City Policy
  Management Services
 

Layton City Policy

Personnel Policy Manual

Back To Title List | Chapter List | Section List

1004 - Red Flags Identity Theft Prevention Program

Identity Theft Prevention Program

This Program was developed in order to comply with the Federal Trade Commission’s Identity Theft Prevention Red Flags Rule (16 CFR § 681.2).  This Program has been created in consultation with the City’s Legal, Fire, and Finance Departments, after conducting an assessment of risk of Identity Theft associated with certain Covered Accounts (as defined below) offered by the City.

I.          Definitions

For purposes of the Program, the following terms are defined as:

  1. "Covered Account" means (i) any account the City offers or maintains primarily for personal, family, or household purposes, that involves multiple payments or transactions, including one or more deferred payments; and (ii) any other account the City identifies as having a reasonably foreseeable risk to customers or to the safety and soundness of the City from Identity Theft.  The City has identified the following three (3) types of accounts as Covered Accounts:

                a.         Utility billing;

                b.         Patient billing for ambulance service; and

                c.         Fire and medical standby service billing.

  2. "Identity Theft" means fraud committed using the identifying information of another person.
  3. "Red Flag" means a pattern, practice, or specific activity that indicates the possible existence of Identity Theft.

II.         Program Purposes

The purposes of the Program are to:

  1. Identify the relevant Red Flags based on the risk factors associated with the City’s   Covered Accounts;
  2. Institute policies and procedures for detecting Red Flags;
  3. Identify steps the City will take to prevent and mitigate Identity Theft; and
  4. Create a system for regular updates and administrative oversight to the Program.

III.        Identification of Red Flags

The Identity Theft Red Flags Mitigation and Resolution Procedures (Attachment "A") identifies the Red Flags that would be most relevant to the City.  The Red Flags generally fall within one of the following four (4) general types of Red Flags:

  1. Suspicious documents;
  2. Suspicious personal identifying information;
  3. Suspicious or unusual use of Covered Account; and
  4. Alerts from others (e.g. customer, Identity Theft victim, or law enforcement).

IV.        Detection of Red Flags

In order to facilitate detection of the Red Flags identified in Attachment "A", City staff, involved in the administration of the utility accounts and ambulance/paramedic/standby billing accounts, will take the following steps to obtain and verify the identity of the person.

  1. New accounts.

    a.         Require identifying information (e.g., full name, date of birth, address, valid license or other official, picture identification, etc.).

    b.         When available, for patients using the City’s ambulance/paramedic services, verify information with insurance company’s information.

  2. Existing accounts.

a.         Verify validity of requests for changes of billing address.

b.         Verify identification of customers before giving out any personal information.

V.         Preventing and Mitigating Identity Theft

In order to prevent and mitigate the effects of Identity Theft, staff will follow the appropriate steps identified in the attached Identity Theft Red Flags Mitigation and Resolution Procedures (Attachment "A"). 

VI.        Program Administration

The City’s Finance Director, for all utility accounts, the City’s Fire Chief, for all ambulance/paramedic/standby, patient, and customer accounts, shall be responsible for developing, implementing, administering, and updating the Program.  Each respective Department Director, will be responsible for developing a training program for staff identified by the Director, as responsible for or having a role in implementing the Program.

VII.       Service Provider Arrangements

The City will require, by contract, that service providers performing activities in connection with Covered Accounts, have policies and procedures in place designed to detect, prevent, and mitigate the risk of Identity Theft with regard to the Covered Accounts.  

VIII.      Updating of Program

Each respective Department Director will periodically review the effectiveness of the Program and update the Program to reflect the addition or removal of Covered Accounts, and changes in risks to patients/covered account holders from Identity Theft.


ATTACHMENT "A"

Relevant Identity Theft Red Flags Mitigation and Resolution Procedures

IDENTITY THEFT RED FLAG

PREVENTION/MITIGATION PROCEDURE

RESOLUTION OF RED FLAG

Documents provided for identification appear to have been altered or forged.

Stop the billing process and require applicant to provide additional satisfactory information to verify identity.

Additional documentation must be provided to resolve discrepancy and continue billing process.

Personal identifying information provided by the customer is not consistent with other personal identifying information previously provided by the customer. 

Stop the billing process and require applicant to provide additional satisfactory information to verify identity.

Additional documentation must be provided to resolve discrepancy and continue billing process.

Personal information submitted is the same as that submitted by other persons opening an account or other customers.

Stop the billing process and require applicant to provide additional satisfactory information to verify identity.

Additional documentation must be provided to resolve discrepancy and continue billing process.

Patient has an insurance number but never produces an insurance card or other physical documentation of insurance.

Require applicant to provide additional satisfactory information to verify identity.

Additional documentation must be provided to resolve discrepancy and continue billing process.  Contact insurance company as necessary.

If the results of the investigation do not indicate fraud, all contact and identifying information is re-verified with patient.

Complaint/inquiry from an individual based on receipt of:

- a bill for another individual;

- a bill for a product or service that the patient denies receiving; or

- a notice of insurance benefits (or Explanation of Benefits) for health services never received.

Investigate complaint, interview individuals as appropriate.

Flag patient or customer until identity has been accurately resolved; temporarily suspend attempting to collect on the account until identity has been resolved. 

Notify law enforcement as appropriate. 

If the results of the investigation do not indicate fraud, all contact and identifying information is re-verified with the customer/patient


 

Complaint/inquiry from a customer/patient about information added to a credit report by the City or a health care provider or insurer involving ambulance or paramedic care.

Investigate complaint, interview individuals as appropriate.

Temporarily suspend continued collection efforts on the account until identity has been resolved.

Notify law enforcement as appropriate. 

If the results of the investigation do not indicate fraud, all contact and identifying information is re-verified with the customer/patient.

Complaint or question from a customer/patient about the receipt of a collection notice from a bill collector.

Investigate complaint, interview individuals as appropriate.

Temporarily suspend continued collection efforts on the account until identity has been resolved.

Notify law enforcement as appropriate. 

If the results of the investigation do not indicate fraud, all contact and identifying information is re-verified with the customer/patient.

Mail sent to the customer/patient is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer’s/patient's Covered Account.

Investigation to determine if billing was made fraudulently.

Additional documentation must be provided to resolve discrepancy and continue admissions/billing process. 

Notify law enforcement as appropriate. 

City is notified by a customer/patient, a victim of identity theft, a law enforcement authority, or any other person that it has opened a fraudulent account for a person engaged in identity theft.

Investigation to determine if billing was made fraudulently.

Additional documentation must be provided to resolve discrepancy and continue billing process.  Contact insurance company or other parties as necessary. 

Notify law enforcement as appropriate. 

Enacted, 6/16/2009, Previous Policy 04
 




 
 
Index Contact Us Site Credits Privacy and Security Statement
Top