Red Flags Policies and Forms
Policies and Procedures
The Board of Trustees ("Board") recognizes that some activities of Nova Southeastern University (NSU) are subject to the provisions of the Fair and Accurate Credit Transactions Act (FACTA) and the Federal Trade Commission's Identity Theft Prevention "Red Flag" Rules (16 C.F.R. §681.1) and that Identity Theft is a serious and growing problem. Therefore, the Board approves of and adopts the following initial program Identity Theft Prevention program for Nova Southeastern University.
"Covered accounts":
"Customer": Any person with a covered account with NSU.
"Identifying information": Any name or number that may be used, alone or in conjunction with any other information, to identify a specific person," including:
"Identity Theft": A fraud committed using the identifying information of another person.
"NSU Health Care Provider": Any clinic operated and managed by NSU which offers health care services.
"Patient": Any person with a covered health care account.
"Patient Account": Covered accounts at NSU Health Care Clinics. See also, definition of NSU Health Care Provider.
"Red Flag": A pattern, practice, or specific activity that indicates the possible existence of Identity Theft.
After consideration of the size and complexity of NSU's operations and account systems, the nature and scope of NSU's activities, and our risk assessment of potential identity theft opportunities, the Board has determined that this Program is appropriate for NSU. This policy and protection program applies to employees and students at NSU, including all personnel affiliated with third parties.
This policy enables NSU to protect existing employees, students, customers, and patients, reduce risk from identity fraud, and minimize potential damage to NSU from fraudulent new accounts. The program will help NSU:
The Program will be periodically reviewed and updated to reflect changes in identity theft risks and technological changes. The Program Administrator will consider the NSU's experiences with identity theft, changes in identity theft methods; changes in identity theft detection, mitigation and prevention methods; changes in types of accounts NSU maintains; changes in the NSU's business arrangements with other entities, and any changes in legal requirements in the area of identity theft. After considering these factors, the Program Administrator will determine whether changes to the Program, including the listing of Red Flags, are warranted.
The Program Administrator shall confer with all appropriate NSU personnel as necessary to ensure compliance with the Program. The Program Administrator shall annually report to the President on the effectiveness of the Program. The Program Administrator shall present any recommended changes to the President for approval. The President's approval shall be sufficient to make changes to the NSU Identity Theft Program.
The following are examples of NSU Covered Accounts:
The following are examples of Covered Patient Accounts at NSU Health Care Clinics:
The detection of a Red Flag by an employee shall be reported to their supervisor or designated authority who in turn will report the matter to the Program Administrator following an initial authentication review. The Program Administrator or their authorized designee shall conduct an investigation into the reported suspicious activity and based on the type of red flag, will determine the appropriate response.
The Program Administrator shall report to the Board of Directors, an appropriate committee of the board, or a designated employee at the level of senior management, at least annually, on compliance by NSU Colleges, Schools, and Clinics with the Red Flag Regulations (16 C.F.R. §681.1).
For further information, please contact Elizabeth Guimaraes, Director of Risk Management, at (954) 262-5271 or fax at (954) 262-3814.