The first article in this series discussed reasons veterinarians should keep their private practice private (May, 2007). Last month, the topic was why privacy makes good business sense. This final article outlines a program on making sure sensitive data about employees and customers is protected.
The first article in this series discussed reasons veterinarians should keep their private practice private (May, 2007). Last month, the topic was why privacy makes good business sense. This final article outlines a program on making sure sensitive data about employees and customers is protected. To access previous articles, go to www.dvmnews.com.
You can determine the best ways to secure sensitive data only after you've traced how it flows through your veterinary practice. Start by creating an Information Privacy Map (IPM) that shows how you receive personal information, where it goes and who has or could have access to it.
Here are some details to consider:
What types of personal data do you collect from staff and clients?
Where do you keep the information you collect?
Who has or could have access to this information?
How does your business receive personal information?
The Federal Trade Commission (FTC) requires an effective security program for any company that holds private information. To the FTC, failure to develop and implement such a program constitutes an unfair trade practice. To meet this requirement, your security program must include these six steps:
Step 1: Name a security administrator
Designate a senior member of your staff to coordinate and implement the security program. His or her job will be to construct a privacy policy that is clear and enforceable. Mandatory staff-training meetings should cover the policy, and the risks and liabilities for noncompliance.
Step 2: Create a written policy
At its core, your privacy policy will be a simple statement of how you will handle, use and store employee/client information. Your policy should address basic questions that only you and your staff can answer:
Step 3: Train employees
Your information-privacy plan may look great on paper, but it's only as strong as the staff members who implement it.
It is your responsibility to see that all of your staff understands how private information is collected, stored and protected. Take time to explain that to your staff, and train them to spot security weaknesses.
Periodic training emphasizes the importance you place on meaningful information-security practices.
Update staff members as you find out about new risks and vulnerabilities.
Train staff to recognize and report suspicious activity and publicly reward those who alert you to vulnerabilities.
A well-trained workforce is the best defense against identity theft and data breaches. Create a "culture of security" with regular staff training.
Step 4: Enforcement
It's not that you don't trust your staff, but obviously the more people with access to customer information, the greater chance there is that someone will slip up. No one can eliminate mistakes completely, but you can minimize them.
Step 5: Find and correct weak spots
Step 6: Handling security breaches
Here's how to reduce the impact on your business, your employees and your customers should a security breach occur despite your best efforts:
By following these six steps you will create an "Identity Safe Zone" that will help give you a competitive edge over the competition by raising the trust and confidence clients and staff have in your practice.
Assured that you will safeguard their information, they will be more likely to share it with you.
James Iafe, VMD, is a Certified Identity Theft Risk Management Specialist (CITRMS). He practices at North Boros Veterinary Hospital in the suburbs of Pittsburgh.
By Daniel R. Verdon
EDITOR
WALLAND, TENN. — For Rhea Morgan, DVM, the first clue that something was amiss was a call from her credit-card company. Then came the correspondence from a collection agency.
Eventually, police reports were needed to solve this case of identity fraud.
Morgan learned that a credit card was taken out in her name, with her Social Security number, and issued to an address some 860 miles away in Fort Lauderdale, Fla. A modest $1,700 buying binge ensued. Just as quickly, the culprits vanished.
"They had no hope of catching these folks," she tells DVM Newsmagazine. "With the police reports it was removed from my credit report and the collection agency, so they would stop coming after me."
Four months earlier, Morgan received a letter from her credit-card company notifying her of a breach to its computer system — the only way thieves could have gained access to her Social Security number, she says. "I don't put my Social Security number on anything. It's not on my driver's license, either."
While the theft could have been far worse, the time it takes to repair damaged credit because of fraud rates is the most frustrating aspect to her ordeal, she says.
According to a new report from the Council of Better Business Bureaus and Javelin Strategy and Research, it took victims 40 hours, on average, to resolve cases of identity theft. The average fraud amount increased from $5,249 to $6,383 over the last two years. As a result, the total one-year cost of identity fraud in the United States remained relatively flat between 2003 and 2006, increasing from $53.2 billion to $56.6 billion. Like Morgan, most victims (68 percent) don't incur out-of-pocket expenses.
Morgan's advice: Get an annual credit report and shred documents with your name and account information.
Identity thieves gather credit-card applications and wait until they have enough information on their victims.
For more information, contact these credit report agencies:
Podcast CE: Using Novel Targeted Treatment for Canine Allergic and Atopic Dermatitis
December 20th 2024Andrew Rosenberg, DVM, and Adam Christman, DVM, MBA, talk about shortcomings of treatments approved for canine allergic and atopic dermatitis and react to the availability of a novel JAK inhibitor.
Listen