Is your private practice really private?

Article

It's simply good business practice that will reduce or eliminate costly incidents.

Legislation aimed at curbing the national epidemic of identity theft requires all businesses that collect personal information about customers and employees – including names, credit-card numbers, birth dates, home addresses and Social Security numbers – to take reasonable steps to safeguard that data.

Laws that require some form of information security and privacy education include the Fair and Accurate Credit Transactions Act (FACTA), the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the Gramm, Leach, Bliley Safeguard Rule (GLB).

Veterinary practice owners not in compliance with these regulations may be exposing themselves to significant fines, legal liability, reputation risk and, in some cases, jail time.

According to Betsy Broder of the Federal Trade Commission (FTC) in Stolen Lives (ABA Journal, March 2006), businesses need to have a plan in writing describing how customer data is to be secured and an officer on staff responsible for implementing the plan.

Many large firms, she says, entrust data security to a chief technical officer or chief privacy officer. While FTC officials understand that most small businesses cannot employ a full-time privacy specialist, small firms still must prove they have a security plan in place.

"We're not looking for a perfect system," Broder writes, "but we need to see that you've taken reasonable steps to protect your customers' information."

Veterinary practices that rely on staff members to keep personal data secure should implement a program of mandatory training on privacy issues, such as proper handling of check and credit-card transactions. Some staff members may need specialized training.

Being proactive might save time and money in the future.

Case in point: The national retailer PETCO Animal Supplies Inc. experienced a data attack in June 2003. The attackers were able to read clear-text credit-card numbers in the firm's database. The FTC required PETCO to establish, implement and maintain a comprehensive information-security program to guard customer data, then obtain an assessment from an independent third party that its program and training are reasonable, and to do this biennially for 20 years at company expense.

As a private practice owner, you collect confidential information on employees for tax and payroll purposes and sometimes for medical benefits.

How are you and your staff securing this information?

You cannot expect your staff to guard employee and customer data if you do not communicate with them on how to do so. The more staff members are aware of the need for privacy, the better they will handle sensitive information, reducing the likelihood of mistakes or actions that can put you and your business at risk.

Employee education should be ongoing, delivered in multiple ways and tailored to different groups within your organization but the reality is that many practices do not invest nearly enough time, effort, personnel or resources toward privacy issues. Some do not budget for it at all.

If you take the time to create an effective program and budget for it realistically, the investment will be small compared with the impact of incidents, penalties and judgments that could otherwise occur.

Benefits of establishing an effective privacy-education program include:

  • Reducing numbers of privacy and security incidents.

  • Making personnel aware of the risks involved in handling private information and having them work in a more secure manner.

  • Retaining clients who can see the practice is protecting their personal information.

  • Meeting legal and regulatory requirements for awareness and training.

The bottom line: An effective information-security program not only meets legal requirements – it's simply good business practice that will reduce or eliminate costly incidents and fraud.

The next two articles will outline specific information-security policies that you can use in your practice.

James Iafe, VMD, is a Certified Identity Theft Risk Management Specialist (CITRMS). He practices at North Boros Veterinary Hospital in the suburbs of Pittsburgh.

Recent Videos
Related Content
screwworm

US-Mexico agreement allows screwworm eradication efforts to resume

Kristen Coppock Crossley, MA
May 1st 2025
Article

The agreement also ensures ports remain open to livestock imports

Read More

Horse Protection Act changes further postponed

Horse Protection Act changes further postponed

Caitlin McCafferty, Editor
April 22nd 2025
Article

APHIS postponed the effective date of the act regulations into early 2026

Read More

Capitol Hill

Congress reintroduces bipartisan xylazine bill

Kristen Coppock Crossley, MA
February 12th 2025
Article

The legislation seeks to empower law enforcement and fight the opioid epidemic while also protecting access to the drug for veterinary use

Read More

Oregon woman sentenced for wire fraud and illegal animal drug distribution

Oregon woman sentenced for wire fraud and illegal animal drug distribution

dvm360 Staff
January 21st 2025
Article

The defendant co-conspirators defrauded potential pet owners through a animal rescue operation.

Read More

2024 veterinary news in review: #1

2024 veterinary news in review: #1

dvm360 Staff
December 31st 2024
Article

The top dvm360 news story of 2024 is revealed in the final installment of this 20-part series

Read More

2024 veterinary news in review: #6

2024 veterinary news in review: #6

dvm360 Staff
December 26th 2024
Article

dvm360 is counting down the Top 20 news stories and articles from 2024 with this series of spotlights

Read More

© 2025 MJH Life Sciences

All rights reserved.