Is your private practice really private?

Article

It's simply good business practice that will reduce or eliminate costly incidents.

Legislation aimed at curbing the national epidemic of identity theft requires all businesses that collect personal information about customers and employees – including names, credit-card numbers, birth dates, home addresses and Social Security numbers – to take reasonable steps to safeguard that data.

Laws that require some form of information security and privacy education include the Fair and Accurate Credit Transactions Act (FACTA), the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the Gramm, Leach, Bliley Safeguard Rule (GLB).

Veterinary practice owners not in compliance with these regulations may be exposing themselves to significant fines, legal liability, reputation risk and, in some cases, jail time.

According to Betsy Broder of the Federal Trade Commission (FTC) in Stolen Lives (ABA Journal, March 2006), businesses need to have a plan in writing describing how customer data is to be secured and an officer on staff responsible for implementing the plan.

Many large firms, she says, entrust data security to a chief technical officer or chief privacy officer. While FTC officials understand that most small businesses cannot employ a full-time privacy specialist, small firms still must prove they have a security plan in place.

"We're not looking for a perfect system," Broder writes, "but we need to see that you've taken reasonable steps to protect your customers' information."

Veterinary practices that rely on staff members to keep personal data secure should implement a program of mandatory training on privacy issues, such as proper handling of check and credit-card transactions. Some staff members may need specialized training.

Being proactive might save time and money in the future.

Case in point: The national retailer PETCO Animal Supplies Inc. experienced a data attack in June 2003. The attackers were able to read clear-text credit-card numbers in the firm's database. The FTC required PETCO to establish, implement and maintain a comprehensive information-security program to guard customer data, then obtain an assessment from an independent third party that its program and training are reasonable, and to do this biennially for 20 years at company expense.

As a private practice owner, you collect confidential information on employees for tax and payroll purposes and sometimes for medical benefits.

How are you and your staff securing this information?

You cannot expect your staff to guard employee and customer data if you do not communicate with them on how to do so. The more staff members are aware of the need for privacy, the better they will handle sensitive information, reducing the likelihood of mistakes or actions that can put you and your business at risk.

Employee education should be ongoing, delivered in multiple ways and tailored to different groups within your organization but the reality is that many practices do not invest nearly enough time, effort, personnel or resources toward privacy issues. Some do not budget for it at all.

If you take the time to create an effective program and budget for it realistically, the investment will be small compared with the impact of incidents, penalties and judgments that could otherwise occur.

Benefits of establishing an effective privacy-education program include:

  • Reducing numbers of privacy and security incidents.

  • Making personnel aware of the risks involved in handling private information and having them work in a more secure manner.

  • Retaining clients who can see the practice is protecting their personal information.

  • Meeting legal and regulatory requirements for awareness and training.

The bottom line: An effective information-security program not only meets legal requirements – it's simply good business practice that will reduce or eliminate costly incidents and fraud.

The next two articles will outline specific information-security policies that you can use in your practice.

James Iafe, VMD, is a Certified Identity Theft Risk Management Specialist (CITRMS). He practices at North Boros Veterinary Hospital in the suburbs of Pittsburgh.

Related Videos
Related Content
FDA proposed rule

New labeling regulations proposed by FDA for animal drugs

March 8th 2024
Article

The Proposed Rule aims to improve content submission and format consistency

Read More

Dogs rescued from living in filthy conditions in New Jersey

Dogs rescued from living in filthy conditions in New Jersey

February 22nd 2024
Article

A self-claimed animal rescue group in Vernon Township, NJ is facing animal cruelty charges

Read More

Man selling fraudulent canine cancer drugs sentenced to 97 months in prison

Man selling fraudulent canine cancer drugs sentenced to 97 months in prison

February 20th 2024
Article

The defendant defrauded 900 pet owners out of almost $1 million

Read More

A new Petfax Act bill has been introduced in Congress

A new Petfax Act bill has been introduced in Congress

February 1st 2024
Article

The legislation promotes informed pet purchases, and helps to combat unregulated, puppy mills

Read More

Unlicensed veterinary clinic shut down in Florida

Unlicensed veterinary clinic shut down in Florida

January 31st 2024
Article

Three men were detained after an anonymous tip was received that they were running an animal health clinic without a license

Read More

Whistleblower law

Veterinarian files whistleblower and retaliation lawsuit against former employer

January 11th 2024
Article

Mariana Pardo, BVSc, MV, DACVECC, was allegedly fired after witnessing unlawful practices and filing a complaint at the clinic

Read More

© 2024 MJH Life Sciences

All rights reserved.