Cyber Security for Veterinary Practices

www-abstract-globe.jpgThe practice of veterinary medicine is changing at a rapid pace. As a result of the reliance on electronic data, veterinary offices have become vulnerable to cyber security threats. The growing volume and sophistication of cyber-attacks suggest that veterinary practices will have to grow increasingly vigilant to ward off these threats. A breach of cyber security will inevitably lead to significant expenses, both financial and reputational, which can wreak havoc on a veterinary practice. This is very alarming for many veterinary practices, so this may make them want to consider selling their computer parts and getting new ones if they have been breached that is. If this is the case, you can visit exIT technologies who are experts in selling computer parts and clearing them in the process, like memory chips and hard drives, as they understand the value of safety and security.

Many veterinarians believe that cyber criminals are not a threat to their practices. Saying this though, it wouldn’t hurt businesses in this industry yo undergo a pci compliance test, in the hopes of keeping themselves safe from these sort of threats. It is always best to be safe than sorry in situations like these, especially with the rise of technology. However, when choosing between a large corporation or bank with security teams and firewalls preventing access to databases and a veterinary office with no firewall or security team, the veterinary practice will be the chosen target. In fact, many hackers specifically target small veterinary offices because they believe that the small business may not have the resources for sophisticated security devices and do not enforce employee security policies.

Veterinary practices are an increasing target for cyber criminals. These offices hold a large amount of data, including names, addresses, credit card information and even banking information. The threat of this information being stolen by a staff member or a cyber-criminal is great, and veterinary practice owners must address this concern before a cyber breach creates a legal nightmare for the veterinary practice. This rise in targeting is why many veterinary offices are employing the use of c2 cyber or similar security firms in order to prevent loss of data and other digital attacks that could cause serious harm to their customer base and their business.

The most common causes of data breaches in veterinary practices are theft, hacking, unauthorized access or disclosure, lost records and devices, and improper disposal of records. A significant proportion of practices breaches are a result of lost or stolen mobile devices, tablets and laptops.

It is crucial for veterinarians to take steps to ensure that their practice is in security compliance. Because the majority of data security breaches occur when staff members fail to follow office procedures or exercise poor judgment, the location of computers in the veterinary office is key. All computers should be placed in areas where the computer screens are not visible to clients and visitors, and encrypted passwords should protect access to each computer. Passwords should contain mixed-case letters and include numbers or symbols and should be changed regularly. In addition, passwords should not be written down under keyboards or kept on desks or surfaces where the public may be able to access them. Veterinarians should ensure that all staff members understand the importance of maintaining the privacy of information.

Every veterinary practice should have a policy that includes steps for safeguarding private information and educate staff members as to how to comply with the office policy. A strict Internet and computer use policy should be enforced that prohibits staff members from checking personal e-mail accounts or visiting Internet sites that aren’t work-related. It is also important that veterinarians ensure that all firewalls, operating systems, hardware and software devices are up to date, strong and secure and that wireless networks are shielded from public view. Antivirus software should be installed on every computer, kept updated, and checked regularly.

When accessing office data remotely, veterinarians should use only trusted Wi-Fi hot spots and never use shared computers. Smartphones and tablets should be password protected to prevent easy access to patient information in case the device is lost or stolen. In addition, all hard copies of documents with patient information should be shredded.

Many veterinary practices have relied on cyber insurance for protection in the event of a breach of cyber security. These insurance policies cover the cost of investigating a theft, compensate the insured for all state and federal fines and penalties imposed, and fund all related lawsuits and legal fees, thus relieving veterinarians of the financial and time burdens imposed as a result of the breach in security.

It would be prudent for all veterinarians to invest in data security and in the proper training of staff members as to acceptable use of office computers. If plans and policies are put in place proactively and steps are followed to ensure security compliance, a veterinary practice should be able to prevent the significant cost and headache involved in responding to a cyber-breach.

If a security breach in a veterinary office does occur, it is imperative that appropriate action is taken immediately, which includes determining how the breach occurred, and the extent of the security breach. In addition, if a security breach does occur, the owner of a veterinary practice must be very careful whom they initially contact and provide information to. Any improper or accidental disclosure to a third-party other than legal counsel for the veterinary practice owner may be subject to the rules of discovery if litigation occurs, which could increase the liability exposure of the practice owner.

Managing Exposure After a Security Breach of Patient Information

If a security breach occurs in a dental practice, the practice owner must take the necessary steps in order to comply with federal law, in order to avoid a potential increase in liability exposure.

Rules Requiring Patient Notification of a Security Breach

The U.S. Department of Health and Human Services (HHS) has issued strict regulatory guidelines that dental practice owners must follow in the event of a security breach. The Federal Trade Commission (FTC) has also issued breach notification regulatory requirements that dental practice owners must comply with, in the event of a security breach.

Breach Notification Requirements

Depending on the type of security breach and the extent of the breach, a dental practice owner must notify affected patients, the Secretary of HHS and the FTC [if applicable], and, in certain circumstances, the media.


If you are not familiar with the American Recovery and Reinvestment Act, the HITECH Act, and the 2013 Final Rule your dental practice is probably not in HIPAA compliance. In fact, statistically, 85% of all dental practices are not in HIPAA Compliance.

Dental practices that have experienced a breach of patient protected health care information can significantly limit their legal exposure by complying with simple regulatory guidelines.


Withholding Pay after Termination of Employees

Many dentists do more than practice dentistry: they own, run, and manage a business. Unfortunately, employee termination is often a necessary part of running a successful practice. Many dentists inquire as to whether it is permissible to withhold a former employee’s pay when a former employee has not completed patient notes or when a former employee remains in possession of practice property.

Federal Department of Labor mandates that wages are due on the next regular payday for the covered pay period. The law does not allow for any exceptions related to incomplete work or equipment that is not returned.

This means that the employee could potentially file a claim with the Federal Department of Labor or Federal Wage and Hour Division alleging a violation of federal law [the Fair Labor Standards Act], which offers federal protections against the unlawful withholding of an employee’s paycheck. If an investigation commences, the employer could be subject to fines up to $10,000.00, criminal sanctions or imprisonment.

To prevent subjecting yourself and your dental practice to a complaint or federal investigation, employers should not withhold an employee’s pay and should promptly release a final paycheck on the former employee’s next regular payday unless otherwise agreed to in writing.

Documentation for the Dental Practice: A Must

Documentation by dental staff members is equally as important as documentation by the dentist. The dentist and staff entries are considered equivalent; what a staff member writes in a patients chart is regarded as representing the dentist. Patients will be there for a multitude of teeth needs and procedures, they could be having Dental Implants in Denver and the dentist will need to make sure that they are meeting the standards set by the dental system, this applies to every single practice around the world.
All staff members should sign or initial their entries. In addition, all entries by staff members should be reviewed by the dentist, who should, in turn, verify the accuracy of the entries, make any necessary changes or additions, and co-sign the entry. This is particularly important for those dentists who delegate the task of writing clinical progress notes to their assistants. The data recorded by staff members under the dentist’s direction ultimately remains the dentist’s responsibility. If an entry is illegible, incomplete or incorrect, the patient may suffer consequences, and the dentist will be held liable.
Documentation of telephone calls, conversations, and messages is another area where the dental team is of vital importance, whether they be related to dental emergency help or a regular checkup. A great deal of important information is contained in patient phone calls, most of which do not involve the dentist’s participation. The timeliness and extent of documentation of patient telephone calls are often the issues that make or break the defense of a malpractice allegation or dental board complaint. Information received on answering machines or voice mail, or from answering services, should be recorded in the patient’s chart in a timely fashion.
The duplication and release of confidential patient information is yet another area in which dental team members must practice good risk management, especially as people know to visit your dentist at least once per year and want to ensure their information is safe and secure. All team members must understand that, absent a court order, patient information is not to be released to anyone without the patient’s expressed written consent. This prohibition includes releasing records to spouses, parents of adult children, children of aged parents, siblings, work associates, and insurance companies.

   Finacial Matters in a Dental Office

  bills_coins.jpg     It is imperative that dental team members in financial roles recognize the often delicate nature of their assigned tasks. In many dental practices, the negotiation of patient financial arrangements and management of account receivables is delegated to an office manager or billing coordinator.
    Unfortunately, financial disputes are a frequent cause of a breakdown in the relationship between a patient and a practice. Most financial disputes and associated legal claims can be avoided by establishing clear, concrete financial policies and following them.
  The person responsible for making financial arrangements should be comfortable discussing financial matters. Whenever a payment is overdue, the patient should be contacted in a courteous manner in order to determine the problem before it creates a rift in the patient relationship. checkbook-pen.jpg
         Another responsibility of the office’s financial manager is sending accounts to collection. While it is the practice owner’s legal right to pursue a collection action for an outstanding debt, it should be noted that collection actions against patients frequently result in board complaints and retaliatory claims of malpractice against the dentist.
        Practicing sound risk management in the dental office isn’t difficult when the dentist and staff members take a team approach to risk management.


In today’s legal environment, a owner of a dental practice may be vicariously liable for the errors and omissions of staff members. As a general rule, the risks are clinical in nature, however, a substantial amount of   errors or omissions occur as a result of miscommunication. In matters of alleged patient miscommunication, a patient alleges that they were told the wrong clinical information, or were never told the correct clinical information at all.

Although, claims arising from a dentist’s vicarious liability for the clinical error or omission of a staff member may not be very common, dental malpractice claims arise from a patient’s dissatisfaction with staff member interaction. A dental practice owner can manage the risks of staff members by hiring qualified individuals, who can project the desired image of the practice, are well trained, and communicate in a clear manner.

Independent Contractor or Employee: What Every Practice Owner Needs to Know

Working as a contractor or as an employee in all industries is two very different things. Whilst some may enjoy the freedom of working as a contractor, others may enjoy working under someone to ensure they’ll always have instructions if there’s something they encounter that they’re not sure about. The IRS will review many factors in order to determine whether a worker is an independent contractor or an employee. Some of the factors include (1) behavioral control; (2) financial control; and (3) the relationship of parties.

In each case, it is very important to consider all of the factors regarding an employment relationship.

Behavioral Control

The factors listed above will show whether there is a right to direct or control how a worker performs their required work. A worker that may be considered an employee when a dental practice has the right to direct and control the worker. The practice does not have to actually direct or control the way the work is performed, as long as the employer has the right to direct and control the work.

For example:

Instructions – if a worker receives extensive instructions on how such work should be performed, then this suggests that a worker is an employee. Instructions can cover a wide range of topics, such as (1) how, when, or where to do the work; (2) what instruments or equipment to use; (3) what assistants to hire to help with the work; and (4) where to purchase supplies and services.

If a worker receives less extensive instructions about what should be done, but not how it should be done, they may be considered an independent contractor. For instance, instructions about time and place may be less important than directions on how the work should be performed.

Training – if the practice provides a worker with training about required procedures and methods, this indicates that the practice wants the work to be performed a certain way, and this suggests that a worker may be considered an employee.

Financial Control

The factors below show whether there is a right to direct or control the business side of the practice.

For example:

Significant Investment – if a worker has a significant investment in their work, they may be an independent contractor. While there is no precise dollar test, the investment must have substance. However, a significant investment is not necessary to be considered an independent contractor.

Expenses – if a worker is not reimbursed for some or all of their business expenses, then they may be considered an independent contractor. Especially, if their unreimbursed business expenses are high. An independent contractor needs to keep track of these expenses in order to file their work-related taxes. Perhaps this FileCenter Receipts software would be useful for that.

Opportunity for Profit or Loss – if a worker can realize a profit or incur a loss, this suggests that they may be in business for themselves, and that they may be considered an independent contractor.

Relationship of the Parties

The facts below illustrate how the practice and a worker may perceive their relationship.

For example:

Employee Benefits – if a worker receives benefits, such as insurance, pension, or paid leave, this is an indication that they may be an employee. If a worker does not receive benefits, however, they may be either an employee or an independent contractor.

Written Contracts – a written contract may show the actual intention of the worker and practice. This may be very significant if it is difficult, if not impossible, to determine the status of a particular worker based on other facts.