NATIONAL REPORT — The Internet has opened up a vast array of new tools to conduct business and just as many concerns as it relates to data
privacy and client confidentiality.
As veterinary practice vendors and software programs in accounting and billing look to create a better user experience through
Internet-based tools, it creates new vulnerabilities to practice data—whether it's hacked or shared with other third parties
unbeknownst to veterinarians. In some cases, the result can put the veterinary practitioner at risk of violating client-confidentiality
"When you post information on the Internet, it's basically like writing it on the back of a postcard. You have to assume that
way," says Greg Dennis, a Kansas-based attorney specializing in veterinary law.
When asked if there are safeguards veterinarians can put in place to keep Internet-based information private, Dennis was doubtful.
"Other than using the old method of pen and paper? Nope," he says. "Once there's a stream flowing, you don't know where it
might be ending."
Dennis remembers comparable problems in the 1980s and 1990s when veterinarians first were required to provide local governments
with verifications of rabies vaccinations. Marketing companies and vendors would simply file a public records request with
authorities and use the data to see when a patient was due for its next vaccine. They would then take the data and send targeted
marketing to the client.
"How secure is this stuff? And are the statements being made that the information would not be available to anyone else be
something veterinarians can rely on?" asks Dennis. "It does put a question in your mind."
Dennis recalls a case years ago, during a settlement with an insurance agency, where records about a practice were released
only to show up eight years later somewhere else. The confidential information was released to a single source, but somehow
got out, possibly through a hacked database.
"Once it's out the door, you can't control it," he says. "Even if you can get to a court and get it ordered back, with the
Internet, you can't ever completely purge it."
Third-party access to information about clients, as well as patient medical histories, employee records or a practice's financial
records is a valid concern, agrees Charlotte Lacroix, DVM, JD, owner of the legal and business consulting firm Veterinary
Business Advisors in New Jersey. Usually, web-based programs, or disc-based programs dialed into the web give access to some
type of vendor, she says.
In fact, questions emerged about this issue following VCA's $150 million acquisition this summer of MediMedia's VetStreet,
which offers home delivery of medications. Data security as it relates to competitive practice information was being actively
discussed. VCA asserts its contracts with its customers prohibit VCA from inspecting individual practice data. Vetstreet customer
contracts also mandate that the company strip all information about clients, patients and veterinary practices before selling
According to Lacroix, "It becomes important for veterinary practitioners to be sensitive to their agreement with vendors."
Practice owners need to be aware what information a program vendor has access to, and how they might use it.
Neither Dennis nor Lacroix have had clients report major privacy breaches, but they say there is always the possibility information
will go where it wasn't meant to. If you need an example, just look at the banking industry. And once a channel is open, the
risk of computer hacking increases too.
"Have (the vendor) sign a confidentiality agreement, and then if the information gets divulged on their end, and you're the
one that gets sued, they pay for your damages," Lacroix recommends.
But finding out what kind of information is being opened up to a vendor isn't the only privacy concern practice owners should
be aware of, Lacroix says.
"If they do intend on using it, and you are open to it, do you need to get the client's consent in order for them to use it?"