comanchepilot
En-Route
You are not providing any information to the FTC. Sorry- Doc, words mean things. I listen to what people say.
"appropriate proof of identity' also means that you use the information and not just collect it. What do you use the social security number for? Where do you obtain concurrent proof of my identity with my social security number? If you do not run a credit check, then obtaining my number does nothing for you other than 'paper' a file. You are not using the SSN to extend credit - you are using the SSN to collect later. Such is an improper use of the information at the time you obtain it - and is not subject to Dodd Frank at the time you are collecting it.
Once again - sequence, fact, reason are always important.
So - you collect SSN's? Why? What is your data security protocol to protect that information? Unlocked patient files? In a locked office? Behind one locked door? Right. You expend funds to shred documents when the patient files age out? Do you keep records of that? Do you ever verify destruction? So your patient files are compromised and because you have SSN's you get sued. It costs you tens of thousands of dollars a year for a decade for credit monitoring - likely more than you ever made from each patient in profit.
Why do you collect SSN's, DL's and similar information again? How is it going to help you collect? You can't threaten to ruin someone's credit anymore if they don't pay? I'm just trying to undertand here Doc. Whats the point? If they don't pay you, you drop them - end of story. Its so much easier than trying to collect $350 . . .
Moving on to your provider docs - interesting - everyone I have read in CT/MA and CA have the data collection language as well as spell out the required security if you do. Insurance companies and the Blues are not stupid. They understand their liability if they have a provider contract with you and you get hacked.
Honestly - to this day I don't understand why hackers bother with banks and other sources for identity theft - doctors offices are such easy targets. Just walk in steal the files - bring them back next week - you have known good current information.
"appropriate proof of identity' also means that you use the information and not just collect it. What do you use the social security number for? Where do you obtain concurrent proof of my identity with my social security number? If you do not run a credit check, then obtaining my number does nothing for you other than 'paper' a file. You are not using the SSN to extend credit - you are using the SSN to collect later. Such is an improper use of the information at the time you obtain it - and is not subject to Dodd Frank at the time you are collecting it.
Once again - sequence, fact, reason are always important.
So - you collect SSN's? Why? What is your data security protocol to protect that information? Unlocked patient files? In a locked office? Behind one locked door? Right. You expend funds to shred documents when the patient files age out? Do you keep records of that? Do you ever verify destruction? So your patient files are compromised and because you have SSN's you get sued. It costs you tens of thousands of dollars a year for a decade for credit monitoring - likely more than you ever made from each patient in profit.
Why do you collect SSN's, DL's and similar information again? How is it going to help you collect? You can't threaten to ruin someone's credit anymore if they don't pay? I'm just trying to undertand here Doc. Whats the point? If they don't pay you, you drop them - end of story. Its so much easier than trying to collect $350 . . .
Moving on to your provider docs - interesting - everyone I have read in CT/MA and CA have the data collection language as well as spell out the required security if you do. Insurance companies and the Blues are not stupid. They understand their liability if they have a provider contract with you and you get hacked.
Honestly - to this day I don't understand why hackers bother with banks and other sources for identity theft - doctors offices are such easy targets. Just walk in steal the files - bring them back next week - you have known good current information.
