Brimhall Puzzle Piece

Bullet Proof Your Practice Homecoming 2010 January 29-31, 2010

October 26, 2009

We are taking the first part of these weeks Puzzle Piece to give you the research Brandy, of TPR, has prepared for your insights and protection. These must not and can not be overlooked.
You can get all of her monthly insights for free by signing up for the SPOTLIGHT at: On this website you can gain access to very informative webinars. Many are free, including several she just posted e.g. Nutrition, Report of Findings, Adrenal Fatigue, and Electronic Claims Submission.

Upcoming Seminars
(Click Here to View Full Schedule)

October 30 - Nov. 1
Minneapolis, MN
Basic, Interm & Advanced
Dr. John Brimhall
Nutri-West Mid West

November 6-8
Tampa, FL
Basic, Interm & Advanced
Dr. John Brimhall
Nutri-West Florida

December 5th
Sacramento, CA
1 Day Nutrition
Dr. John Brimhall
Nutri-West N. California

The Red Flag Regulations apply to any company that provides goods or services without demanding payment up front.

I) Under the Red Flag Regulations, creditors must establish a comprehensive identity theft prevention program. The provider must be able to demonstrate that it has established reasonable policies and procedures to "detect, prevent and mitigate identity theft in connection with the opening of a Covered Account or any existing Covered Account. The program must be periodically updated to reflect changes in risks.

Before drafting the Program, a Provider may consider assembling a team to perform a risk assessment. The Risk Assessment Team (your entire staff) should review and determine risk in all
of your office departments; patient check in/out, verification of medical coverage, safeguarding patient information, billing for services, etc. The Risk Assessment Team should review how a patient's identity is verified when opening a new patient account, what information is gathered,
how that information is stored, and what steps could be taken to detect and prevent identity theft
in connection with existing accounts.

Assembling a Risk Assessment Team is not a regulatory requirement. If one employee is well-versed in all aspects of a Provider's operation, that employee could perform the risk assessment with the involvement of the owner(s)/doctor(s).

Next, the Risk Assessment Team should take the following steps to develop the identify theft Program:

Identify Covered Accounts -- The Risk Assessment Team should identify and list the Covered Accounts. The Team should think of every way a would-be identity thief could take advantage of the Provider's relationship with its residents or patients.

Identify Red Flags -- A Provider's written Program should list identity theft Red Flags. A Red Flag is a pattern, practice, or specific activity that indicates the possible existence of identity theft. For example, the following are common Red Flags: presentation of documents that look to be forged, altered, or fake; a suspicious address change; and a resident demanding services or access to health records with unusual urgency or frequency. Of course, any warning from law enforcement or a consumer reporting agency that a resident may be an imposter should be taken seriously. A Provider should include additional Red Flags from its own experiences with identity theft, as well as the applicable suggested Red Flags contained in the regulations.

Assess the Risk Level -- When the Risk Assessment Team develops a list of the hypothetical ways that identity theft or medical identity theft of patients could occur, the Team should then consider the real-life likelihood of each particular risk coming to pass. Some routes to identity theft are more likely than others.

Determine the Appropriate Response -- Taking into consideration the relevant Red Flags the Provider has identified and the potential risk level for identity theft, including medical identity theft, the Team must then determine the appropriate response to those Red Flags. Example: If the Red Flag is an address discrepancy, the response may be to ask for additional identification.

Document Results of the Risk Assessment -- For compliance purposes, it is important for the Provider to document the results of the risk assessment. A well-documented and thought-out risk assessment process will help satisfy regulators and may potentially save money by avoiding security breaches and compliance issues.

Prepare the Identity Theft Program -- The next step is to incorporate the findings from the risk assessment and prepare the written Program. Although some of the policies and procedures may already be documented in existing Information Security, HIPAA or other policies, it is a best practice to have a separate document that either sets out separately the Program, or points to the specific places in existing policies that comply with the Red Flag Regulations.

Required Approval -- A designated employee or administrator must review and approve as well as help develop, implement and oversee the Program. Be certain to assign responsibility for the Program's implementation and compliance, reviewing reports prepared by staff, training staff as necessary to effectively implement the Program, overseeing service provider arrangements as appropriate, and approving material changes to the Program.

Report Annually -- Provider or employee who has the designated responsibility of development, implementation, and administration of the Program must report to the Administrator at least annually regarding compliance with the Red Flag Regulations. The annual report should address such items as the policies and procedures of the Program, service provider arrangements, significant incidents of identity theft and the responses taken to same, as well as recommendations for material changes to the Program.

Assign Responsibility -- As with any 'blue prints', your written program for identity theft protection is only worthwhile if someone actually implements it. The Administrator may delegate responsibilities but ultimately is responsible for overseeing the Program. For example, the Administrator may delegate responsibility for training employees to a designated person, and oversight of service provider arrangements to another.

Train Staff -- All staff with access to Covered Accounts must be trained as necessary regarding the policies and procedures that are applicable to their job function. This would include training upon hiring, follow-up training as needed, and training on new policies or procedures when the Program is updated.

Review Service Provider Arrangements -- If a Provider engages service providers to perform services in connection with Covered Accounts (e.g., a billing agent or management company), the Provider must take steps to ensure that the service provider has reasonable policies in place to detect, prevent, and mitigate the risk of identity theft. This can be accomplished by requiring the provider via contract to have policies and procedures to detect relevant Red Flags that may arise in connection with the provision of services, and either to report the Red Flags to the Provider or take appropriate steps to prevent, detect and mitigate identity theft by setting up its own Program.

All Healthcare facilities should promptly take steps to establish their written identity theft program.

II) We just returned from the Chicago Seminar, where lives were changed and practices given a real shot in the arm. We were given an average of 9.5 out of 10 in all areas. Dr's John Brimhall, Brian Anderson, Thomas Jach and Luke Lovick taught all aspects of practice technique and Brandy taught implementation and profitability.

We got outstanding results with the Scalar Laser. The doctors were amazed at the results achieved and the favorable price. We need to clarify from last week that the basic scalar wave laser has 8 5mw red laser diodes, 8 5mw infrared diodes, and 20 violet 5mw spectrum Led diodes. Along with this basic unit, you can get one or all three 100 mw laser diodes in red, infrared and violet. The basic unit is only $3300. We are able to do all of the scans and treatment we teach with this unit. The diode attachments give us a whole new realm of treatment and results. The red and infra red 100mw diodes are $1500 each and the violet 100mw diode is $2900. Of course we have seminar specials and package prices. Call Dr Luke at 678-350-5914 or our office direct at 866-338-4883.
Be sure and get to a seminar real soon and mark the January 29-31 Homecoming seminar in Mesa, Arizona. CLICK HERE We listed some of the exciting topics and speakers last week.

Yours in Health and Wellness,

John W. Brimhall, DC and the Wellness Team

Brimhall Wellness Seminars
(866) 338-4883

Total Practice Resources
(303) 242-8901

Get your own Brimhall Wellness Website
Brimhall Puzzle Piece

Dr. Brimhall's Health Puzzle Piece is a weekly email newsletter distribution that has been brought to you by the collaborative efforts of the Brimhall Wellness Team. All newsletters are published and available at a division of Health Path Products, LLC.

The above statements have not been evaluated by the FDA. The nutritional information, suggestions, and research provided are not intended to diagnose, treat, cure, or prevent disease and should not be used as a substitute for sound medical advice. Please see your health care professional in all matters pertaining to your physical health.