More than the Red Flags Rule

Article

Secure your clients' and team members' private information against identity theft and mitigate your own risk of future fines

Over the past year DVM Newsmagazine has done a great job raising awareness about the Red Flags Rule, a set of new guidelines to prevent consumer identity theft. After numerous delays, the Red Flags Rule takes effect in June.

Now it's time to step back and take a look at all the requirements and laws for information privacy being enforced at the federal, state and sometimes state-board levels. Veterinary practices have put some of the pieces of the compliance puzzle in place, but they still don't have a clear picture of what the finished puzzle should look like.

The purpose of these consumer protection laws is to reduce the risk of identity theft to your clients and staff members. Identity theft is a serious crime and has been steadily increasing each year. One study estimates that last year 11 million Americans were victims of identity theft. Could your hospital be contributing to the problem?

If you aren't in full compliance and a client or staff member becomes a victim of identity theft, your practice can face fines of up to $10,000 per incident. Financial punishment like that should be enough to motivate practice owners, but most still aren't fully complying. If this is you, it's time to take action and change the way you manage and process private personal information in your practice.

How do you implement requirements in your practice? What specifically do you need to do? Read on.

Risk mitigation

Instead of focusing on compliance, concentrate on risk mitigation. Let's start by digesting the sometimes-vague requirements of the consumer protection laws. Essentially, these laws require you to keep private personal information from falling into the wrong hands, making it harder for identity thieves to misuse that information in your practice.

You can start by taking an inventory of the private personal information you collect and keep about your clients and staff members. When you finish, you'll see know what you have, whose it is, and where it's located.

Next, conduct a risk assessment, and ask yourself:

  • Does my practice need this information for day-to-day operations?

  • Is this information at risk of getting into the wrong hands?

  • Can someone use this information illegally at my practice?

  • Do my staff members know how to safeguard private personal information?

Your risk assessment will help you see vulnerabilities in your current information management practices and then develop ways to mitigate risks. For example, let's say you find that clients' driver's license identification number are kept in pets' medical records, not in a secured locked filing cabinet. You've determined that the driver's license numbers are at risk.

A possible corrective action plan could require you to:

  • Remove driver's license numbers and Social Security numbers from papers kept in pets' medical records

  • Develop a new filing system for clients' private personal information

  • Store the information in a locked filing cabinet or a safe

  • Limit team members' access to the contents of the locked cabinet

After you've put your plan into action, you'll be prepared to develop written identity theft risk mitigation procedures. These are dos and don'ts for managing, safeguarding and securing private personal information. They should also make it harder for identity thieves to misuse consumers' information in your practice. These new procedures should be incorporated into your day-to-day work.

Below are some examples to follow when accepting payment by personal check:

Dos

  • Verify the client's identity by looking at the driver's license or other picture ID.

  • Verify the client's identity by comparing the signature on the driver's license with the signature on the check.

  • Secure all checks that you may collect for payment. If you receive payment in installments as a form of deferred payment, then you must secure them in a locked drawer or safe.

Don'ts

  • Write additional private personal information on the client's check.

  • Leave checks in medical records or in places where others have easy access to them.

Risk training

Further, make sure all your staff members are trained in identifying private personal information, following your risk-mitigation procedures and spotting and reporting instances when information is at risk. Local and state veterinary medical associations and privacy consultants can help.

Once you've put training in place, you'll want to reinforce your private personal information policies the same way you reinforce medical and client-communication procedures: regular reminders to staff, lunch-and-learns and more.

Your identity-theft–risk-mitigation program isn't a one-and-done process that collects dust on the shelf. Laws are always changing. Years ago, identity theft wasn't an issue — now it is. It's crucial that you assess your program and make changes in your procedures over time. Local and state veterinary medical associations are gearing up to keep track of the Red Flags Rule and its effects on their constituents.

The path to information privacy, security compliance and staying on the right side of the law is risk mitigation. You need step-by-step processes in your daily practice management procedures. Make it a priority, and never worry about running afoul of the identity-theft police again.

James Iafe, VMD, is a certified identity-theft risk-management specialist (CITRMS) and founding partner of PrivacyEdge LLC. He can be reached by phone at (724) 473-1176 and by e-mail at PEWebinars@ThePrivacyEdge.com.

Related Videos
Innovators
Senior Bernese Mountain dog
Related Content
Owners diagnosed with cancer have difficulty paying for veterinary visits, survey finds

Owners diagnosed with cancer have difficulty paying for veterinary visits, survey finds

April 23rd 2024
Article

Affording veterinary care for their pets becomes another major stressor in their lives

Read More

Making the ER experience a low stress experience

Making the ER experience a low stress experience

April 17th 2024
Podcast

Adam Christman, DVM, MBA, and Ken Yagi, MS, RVT, VTS (ECC), (SAIM), emphasize the importance of creating a safe space for pets and owners during emergency visits

Listen

Stay competitive—and ethical

Stay competitive—and ethical

April 22nd 2024
Article

General practitioners are building strong relationships with specialists outside the clinic

Read More

Flipping the script

Flipping the script

April 3rd 2024
Podcast

Peter Weinstein, DVM, MBA, interviews host Adam Christman, DVM, MBA, on this week's episode of The Vet Blast Podcast

Listen

Pet insurance company reports most common veterinary visits

Pet insurance company reports most common veterinary visits

April 19th 2024
Article

Nationwide Pet Insurance reveals the most common reason pets sought out veterinary care in 2023

Read More

A new name for “drop-off”

A new name for “drop-off”

April 18th 2024
Article

Scripts for confident client conversations include wellness testing woes

Read More

© 2024 MJH Life Sciences

All rights reserved.