How to develop and maintain an effective privacy-protection plan
ABOUT THIS SERIES
The first article in this series discussed reasons veterinarians should keep their private practice private (May, 2007). Last month, the topic was why privacy makes good business sense. This final article outlines a program on making sure sensitive data about employees and customers is protected. To access previous articles, go to http://www.dvmnews.com/.
You can determine the best ways to secure sensitive data only after you've traced how it flows through your veterinary practice. Start by creating an Information Privacy Map (IPM) that shows how you receive personal information, where it goes and who has or could have access to it.Here are some details to consider:
What types of personal data do you collect from staff and clients?
Where do you keep the information you collect?
Who has or could have access to this information?
How does your business receive personal information?
The Federal Trade Commission (FTC) requires an effective security program for any company that holds private information. To the FTC, failure to develop and implement such a program constitutes an unfair trade practice. To meet this requirement, your security program must include these six steps:
Step 1: Name a security administrator
Step 2: Create a written policy
Step 3: Train employees
Your information-privacy plan may look great on paper, but it's only as strong as the staff members who implement it.
It is your responsibility to see that all of your staff understands how private information is collected, stored and protected. Take time to explain that to your staff, and train them to spot security weaknesses.
Periodic training emphasizes the importance you place on meaningful information-security practices.
Update staff members as you find out about new risks and vulnerabilities.
Train staff to recognize and report suspicious activity and publicly reward those who alert you to vulnerabilities.