On guard: Threats to personal, business and client privacy can come from all directions - DVM
News Center
DVM Featuring Information from:


On guard: Threats to personal, business and client privacy can come from all directions
Threats to personal, business and client privacy can come from all directions


Client consent is a key protection, she adds. "Vendors most often will use client information to obtain product usage information so they can find out how pet owners are using a certain product, or they might want to obtain information to solicit those clients for marketing purposes," she says. "Client lists are worth a lot of money and (in these cases) veterinarians are the conduit, and it's pretty much unbeknownst to them."

If information is being released, practice owners should take great care to be sure only the permitted data is accessed, not things like client Social Security numbers or other financial information.

Veterinary practices should keep all computerized records password-protected and backed up on a remote, secure server, Lacroix says.

"These are basic security issues that should be in place," she says, explaining that even if a state's veterinary practice act doesn't outline a veterinarian's confidentiality responsibilities, that doesn't mean there is a free-for-all on client/patient data.

The most typical confidentiality problem that Lacroix says she has seen in veterinary practices revolves around the transfer of medical records.

"Do the medical records follow the patients, or do the medical records stay with the client who paid for the care?" she asks.

An owner who has acquired an animal from someone else may believe they have a right to that animal's medical records and request them from the veterinarian. But because animals are property, Lacroix says the records generally remain the property of the person who paid for the animal's veterinary care. A veterinarian who hands medical records over to a new owner without permission from their client may find themselves in a difficult situation—especially in cases where animals were sold for large sums of money like horses or livestock.

A good rule of thumb is to secure permission from the client in writing before releasing any medical records, Lacroix says. "If it's not in writing, it didn't happen."

But computerized records aren't the only threat, Dennis cautions. Educating staff is critical to keeping privacy in check.

Dennis remembers a case where a client gave consent to send her pet's medical records to another veterinarian for a consultation. A consent form was signed and instructions were given to someone on the veterinarian's staff to copy the file and send it along. But the employee copied everything on the file, including the client's confidential information.

"On the right side of the file were the veterinary records. On the left side was client information, including addresses, credit history, date of birth, etc.," Dennis says. The client later filed a complaint with the veterinarian's state board saying she never gave permission to have that information released to the other veterinarian.

In another case, a veterinarian got dragged into a divorce where one spouse ran off with the dog after the court awarded the animal to the other spouse. While heading across the country, the spouse who had taken the dog stopped at a veterinary office, paid for the service and left without a forwarding address. Through tracked credit-card records, the attorneys for the jilted spouse called the veterinarian asking to go through the practice's veterinary records to track the animal down.

"We got them to back off and explain that the person came in, service was provided and then left," he says.

Personal or practice identity theft is another risk to watch, says Dennis, who has been a victim of identity theft himself.

After making a purchase, he was alerted the next day about a mysterious transaction on the credit card he had used to pay his vendor.

"It turned out that the day after the transaction, I had dinner in Tokyo. I have never been to Japan. And what I'm really mad about it is they didn't even invite me to dinner!" Dennis says. "This was a transaction that happened in the United States, and within 24 hours that number's being used in a restaurant in Tokyo."

Veterinarians who find themselves—or their practices—victims of identity theft should immediately call the police and their bank to file reports, he says.


Source: DVM360 MAGAZINE,
Click here