Practice Leadership - Identity Theft
Identify theft, due to the theft of personal information, is a possibility for both employees and clients of this practice. Employee information is obtained on paper documents first and then converted to electronic. Client information is also obtained through paper and then converted to electronic.
County Seat Animal Hospital follows additional guidelines set aside through the Federal Trade Commission. We focus on always looking for ways to improve the way we do things and are open to new ideas and suggestions from all employees. We stress to all employees the importance of reporting any breach of information, loss of information, or situations where information could possibly have been compromised, lost, stolen or misplaced. We review the importance of this policy at least two times per year with all staff during a “state of the staff” meeting.
Practice team members complete personal information, including SSN, etc., the first day they begin work. This information is then entered into the practice database and used for tax and payroll purposes. All paperwork is shredded by the practice manager once it is entered in the computer. Electronic information is protected by security safeguards within our practice software, and we employ an outside company, Mcingvale CAP, for our employee payroll. All practice and employee information is backed up nightly and sent offsite.
Other sources of confidential employee information, e.g., dosimeter reports, are received without social security numbers listed; only the first and last name of the employee is included.
We have a paper file for each employee which includes information we receive, such as recommendations, resume, etc., when they were hired, and also includes CE documentation, licenses, semi-annual and annual reviews, contracts, etc. These files are stored in a locked, fire proof safe in the practice manager’s office. Only the practice manager and owner have access to these files.
Some of the veterinarians have laptops, iPads, or tablets that they take home with them. All devices have strong security safeguards. Only patient information and the veterinarian’s own personal information may be accessed through these devices. Any veterinarian taking this type of device out of the practice has gone through training on how to prevent theft and what to do in case of theft.
Client information is obtained by having them complete an in-depth information form the first time they come to the practice. This includes their personal information, name, address, phone, etc., and information about their pets. We do not obtain any financial information on the form. Once the information from this form has been entered into the computer, this form is shredded. We try to limit the client financial information to financial transactions only. This would include credit card, check, and/or cash transactions. Our policy is all services are paid for when services are rendered; we do not bill clients. Financial information for services, e.g., Care Credit, are specifically between the client and Care Credit. Records of payments made are included when clients check out. All client information and transactions are backed up daily and sent offsite each evening.
Clients May have access to some patient information through Pet Portals. This information is limited to specific patient categories and is password protected.
The practice manager is in charge of making sure all safe guards for both employee and client information are performed. This includes creating safeguards through review of this protocol at least annually with employees who work with employee and/or client information. The practice manager reviews all payroll reports before they are sent to Mcingvale.
The office manager is in charge of payroll management and is trained the first week of employment with skills being reviewed after three months and every six months thereafter.