§ 36.01 PURPOSE AND OVERVIEW.
   (A)   (1)   The purpose of this policy/procedure (policy) is to assure that the city ambulance service (provider) maintains compliance with the requirements regarding the prevention, detection and mitigation of identity theft as set forth in the federal regulations known as the “red flag rules.”
      (2)   IDENTITY THEFT means a fraud committed or attempted using the identifying information of another person without authority. This includes MEDICAL IDENTITY THEFT, i.e., IDENTITY THEFT committed for the purpose of obtaining medical services, such as the use of another person's insurance card or number. Although MEDICAL IDENTITY THEFT may occur without the knowledge of the individual whose medical identity is stolen, in some cases the use of an individual's medical identity may occur with the knowledge and complicity of that individual.
   (B)   This chapter sets forth the steps provider will take in implementing a program for detecting, preventing and mitigating identity theft (the program) in connection with covered accounts, as required by the red flag rules. COVERED ACCOUNT means:
      (1)   An account that provider offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions; and
      (2)   Any other account that provider offers or maintains for which there is a reasonably foreseeable risk to individuals or to the safety and soundness of provider from identity theft, including financial, operational, compliance, reputation or litigation risks.
   (C)   (1)   Section 36.02 of this chapter describes the risk assessment provider shall conduct at the inception of the program and annually thereafter. Section 36.03 sets forth the “red flags” (i.e., warning signs) that may alert provider personnel to the possible existence of Identity Theft in the course of provider's day to day operations. Section 36.04 sets forth the procedures provider will follow in attempting to detect those red flags. Section 36.05 sets forth the procedures provider will follow in responding appropriately to red flags that are detected, in order to prevent and mitigate identity theft. Section 36.06 sets forth the procedures provider will take in responding to a claim by an individual that he has been a victim of identity theft. Section 36.07 describes how provider will administer the program. Section 36.08 describes the annual updating of the program.
      (2)   Questions regarding this chapter or the program shall be directed to the Program Compliance Officer designated pursuant to § 36.08.
(Ord. 2416, passed 7-13-2010)
Editor’s note:
   See 16 C.F.R. § 681.2 as supplemented by the Interagency Guidelines on Identity Theft Detection, Prevention and Mitigation set forth in Appendix A of 16 C.F.R. part 681 (Guidelines) and the supplement thereto.