IDENTITY THEFT PROTECTION POLICY
Purpose:
To establish a policy for preventing identity theft and to detect red flags of
identity theft in day-to-day operations of Jewish Family Service (JFS).
Policy:
Jewish Family Service has developed an Identity Theft Program in order
to comply with the Federal Trade Commissions (FTC) Identity Theft Prevention Red
Flags Rule (16 CFR - 681.2). This program has been created using FTC guidelines.
Based on FTC guidelines, JFS has determined that it is at a low risk for identity theft for
the following reasons:





JFS is not a financial institution nor does it extend credit as a regular course of
business;
JFS conducts face-to-face business with customers and clients and staff
members get to know them personally;
Many services provided to clients are not billable to either the client or an
insurance company;
Many services are provided in customer’s homes;
JFS has not experienced past instances of identify theft in the course of day-today operations.
I. Definitions:
For purposes of the program, the following terms are defined:
Identity Theft means fraud committed using the identifying information of another
person.
Red Flag means a pattern, practice, or specific activity that indicates the possible
existence of Identity Theft.
Covered Account means any client or customer billing account for services rendered
for which a third party is billed or a credit card is used. JFS has identified the
following types of accounts as covered accounts:
 Private pay client accounts using credit cards
 Third party billed client accounts such as medical insurance
 Customers of Shalom Denver using credit cards
II. Program Purposes
The purposes of the Program are to:
 Identify the relevant Red Flags based on the risk factors associated with JFS’s
covered accounts;
 Institute policies and procedures for detecting Red Flags;
 Identify steps JFS will take to prevent and mitigate Identity Theft; and
 Create a system for regular updates and administrative oversight of the Program.
III. Identification of Red Flags
The following Red Flags have been identified for JFS:
 Notice from a client, a victim of identity theft, a law enforcement agency
 Photo identification appears altered or forged;
 Photo identification does not look like the client or match information on the
insurance card;
 Client presents insurance number without an accompanying insurance card;
 Client mail is returned though their account remains active and they continue to
receive services; or
 Client changes address on account more than two (2) times during a twelve (12)
month period.
IV. Detection of Red Flags
In order to facilitate detection of the Red Flags identified above, JFS will take the
following steps to obtain and verify the identity of clients as follows:
New Accounts





For those new clients where JFS will be billing a credit card or a third party,
require photo identification as part of the intake function;
For SHALOM customers using credit cards, require photo identification;
Verify that the client/customer physically matches the photo and physical
description in the identification provided;
Verify that the photo identification matches the information on the insurance or
third party billing documentation provided;
Require physical documentation of medical insurance or other third party billing
information and maintain a copy of the documentation in the client file.
Existing Accounts


Verify validity of requests for changes of billing address;
Verify identification of clients/customers before discussing an account or giving
out any personal information (through photo identification, verification of account
number, last four digits of their social security number, or verification of their
insurance number.)
V. Response to Identified Red Flags
If any Red Flags are identified, the following actions should be taken:





If photo identification looks altered or forged, or does not match the individuals’
physical appearance, stop the intake process and require the applicant to provide
additional satisfactory information to verify identity before proceeding;
If client provides an insurance number but no card or other physical
documentation, stop the intake process and require other physical
documentation before proceeding with services and notify the appropriate staff
person and third party billing specialist;
If a notice is received from a client, victim of identify theft, or any law enforcement
agency that fraudulent activity has occurred, notify a supervisor and the Director
of Finance or the Controller so that an investigation may take place;
If a client changes his/her billing address more than two (2) times within a twelve
(12) month period, notify the client’s staff contact to speak with the client as to
why the address has changed frequently. If there appears to be concern that
identify fraud may be occurring, the staff contact should notify the Director of
Finance or Controller so that an investigation may take place; or
If a client’s mail continues to be returned though they are currently receiving
services, notify the client’s staff contact to obtain updated mailing address
information from the client. If updated information is not provided, notify the staff
contact that services may not continue until the address can be verified.
If investigation of a Red Flag indicates that identity theft (or attempted identity theft) is
likely, the following actions should be taken, as appropriate:
 Ensure that information relating to the identity theft is not comingled with
information relating to the victim (e.g. client records);
 Contact the insurance carrier to prevent the misuse of stolen information;
 Notify the client/customer of any potential fraud;
 Delay billing the affected individual until there is a determination that there is no
identity theft; and/or
 Notify law enforcement.
VI. Administering the Program
The JFS Identify Theft Program has been approved by the Board of Directors and
Senior Management. The Program will be administered by the Director of Finance and
Accounting. The Risk Management Committee is responsible for this policy and will
review it annually. The Risk Management Committee is comprised of the Director of
Finance, the Chief Operating Officer, the Director of Human Resources, the Director of
Administration, other staff and appointed community volunteers of the Agency.
The following individuals will be trained on the Identity Theft Program:






Executive Management Team
Reception and intake workers
Program staff
Accounts receivable specialist
Third party billing specialist
Mailing business staff
Training will be conducted for the above individuals on an annual basis. New
employees will receive training at orientation. Supervisors will be responsible for
ensuring that all staff is trained in the Identity Theft Program.
VII. Program Updates
The Risk Management Committee will review the Program annually to determine if any
changes need to be made. A report to the Audit Committee of any Identity Theft issues
will be submitted annually.
Approved by the Budget & Finance Committee: September 12, 2011
Approved by the Board of Directors: September 19, 2011