Veterinary client information breaches have consequences

Veterinary client information breaches have consequences

There's much more at stake than regulatory fines — beware of mishandling sensitive information
Jul 01, 2010

Safety in numbers: Is your clients' payment and personal information secure?
Every time you accept a client's credit card for payment, you also accept responsibility for the safe handling of that information. If your negligence were to cause your client to become a victim of identity theft, how would you rectify the problem? How would you feel?

Your long-time client Mrs. Jones pays you an unexpected visit. She's angry and barely holding back tears as she describes her ordeal.

"I was driving down Main Street with my two children when I was stopped for a burned-out tail light," she says. "Then the police arrested me and took me off to jail and my children to family and youth services — and it's all your fault!"

It turns out a thief stole Mrs. Jones' identity thanks to driver's license information she got from your veterinary hospital.

Many practice owners and managers don't understand the value of the information they hold about their clients and staff. All they know is, they need the information for business purposes. When I ask how they're protecting this data, they shrug. They think identity theft won't happen at their practices. This false sense of security is their worst enemy — and yours. It's time you knew for sure whether data at your practice is safe or not.

Evaluate your program

Start by taking an inventory of data you collect, maintain, and use for clients and staff members. Then ask some important questions:

> Do I need this information for day-to-day operations?

> Is this information at risk of getting into the wrong hands?

> Can someone use this information illegally?

> How do clients purchase products or services from my business (Web, phone or in person)?

This approach will assess your risk of an information breach.

How breaches come back to you

Bob is a new client. He's in the process of buying a new home when the lender puts the brakes on the deal. Bob's credit is a disaster. The bank says he's a high risk and denies the loan application. Bob misses out on purchasing the home of his dreams.

Now suppose multiple people have similar experiences. They suspect they're victims of identity theft and file police reports. Through computer forensics, the police determine these victims have one thing in common: They're all clients of your practice.

How will you handle this? Will you loan Bob the money he needs to buy his dream home? Of course not, but how do you think Bob feels? What will you do to keep Bob and other affected clients from leaving your practice?

When an information breach occurs, it's important to notify clients as soon as you become aware of the situation. In your letter, describe clearly what you know about the breach, including how it happened, what was taken, and, if you know, how the thieves have used the information. Include the actions you've taken to remedy the situation. Explain how to reach a designated staff member to answer questions regarding the breach. Consult with the police on what information to include so your notice does not hamper the investigation. Depending on the magnitude of the breach, it may be impossible to rectify the situation. That's why it's important to prevent breaches from happening in the first place.