Tips for Cyber Security in Your Veterinary Practice: PART I

With the risk of a cyber-security breach increasing on a daily basis, below are some tips that will help a practice owner maintain the security that they need in order to protect patient information.

Use Strong Passwords and Change Them Regularly

Selecting Passwords

Choose a password that is not easily guessed. Below are some examples of strong password characteristics:

❒ At least eight characters in length (the longer the better).

❒ A combination of upper case and lower case letters, one number, and at least one special character, such as a punctuation mark.

Strong passwords should not include personal information, such as:

❒ Birthdate

❒ Names of self, family members, or pets

❒ Social Security Number

❒ Anything that is on your social networking sites or could otherwise be easily discovered by others.

Updating Passwords

Configure your systems so that passwords must be changed on a regular basis.

Resetting Passwords

To discourage staff from writing down their passwords, develop a password reset process to provide quick assistance in case of forgotten passwords. This process could involve:

❒ Allowing two different staff members to be authorized to reset passwords

❒ Selecting a product that has built-in password reset capabilities.

Limit Network Access

❒ Prohibit staff from installing software without prior approval.

❒ When a wireless router is used, set it up to operate only in encrypted mode.

❒ Prohibit casual network access by visitors.

❒ Check to make sure file sharing, instant messaging, and other peer-to-peer applications have not been installed without explicit review and approval.

Control Physical Access

❒ Limit the chances that devices (e.g., laptops, handhelds, desktops, servers, thumb drives, CCs, backup tapes) may be tampered with, lost, or stolen.

❒ Document and enforce policies limiting physical access to devices and information.

❒ Keep machines in locked rooms.

❒ Manage keys to facilities.

❒ Restrict removal of devices from a secure area.

 

 

 

Stuart J. Oberman, Esq. handles a wide range of legal issues for the veterinary profession including employment law, cyber security, practice sales, real estate transactions, lease agreements, OSHA compliance, veterinary board complaints, and entity formation.
For questions or comments regarding this article please call (770) 554-1400 or visit www.obermanlaw.com
If you would like Stuart J. Oberman, Esq. to speak at an event, please contact Katharine Drum, Marketing Coordinator (kath@obermanlaw.com).

Tips for Cyber Security in Your Chiropractic Practice

With the risk of a cyber-security breach increasing on a daily basis, below are some tips that will help a practice owner maintain the security that they need in order to protect patient information.

Establish a Security Culture

❒ Build a security-minded organizational culture so that good habits and practices become automatic.

❒ Conduct information security education and training frequently.

❒ A practice owner should be the security leader in the practice and set a good example in attitude and action.

❒ Instill taking responsibility for information security as one of your practice’s core values.

Protect Mobile Devices

❒ Ensure your mobile devices are equipped with strong authentication and access controls.

❒ Ensure laptops have password protection

❒ Enable password protection on handheld devices (if available). Take extra physical control precautions over the device if password protection is not provided.

❒ Protect wireless transmissions from intrusion.

❒ Do not transmit unencrypted Protected Health Information (PHI) across public networks (e.g., Internet, Wi-Fi).

❒ Where it is absolutely necessary to commit PHI to a mobile device or remove a device from a secure area, encrypt the data.

❒ Do not use mobile devices that cannot support encryption.

❒ Develop and enforce policies specifying the circumstances under which devices may be removed from the facility.

❒ Take extra care to prevent unauthorized view of the PHI displayed on a mobile device.\

 
Hopefully, this information will provide some simple security tips in order to prevent a violation and/or security breach which can devastate a practice.

 

iStock_000015498430Small
Stuart J. Oberman, Esq. handles a wide range of legal issues for the chiropractic profession, including: employment law, cyber security breaches, practice sales, real estate transactions, lease agreements, OSHA compliance, chiropractic board complaints, and professional corporations.

For questions or comments regarding this article  please call (770) 554-1400 or visit www.obermanlaw.com
If you would like Stuart J. Oberman, Esq. to speak at an event, please contact Katharine Drum, Marketing Coordinator (kath@obermanlaw.com).

VICARIOUS LIABILITY OF DENTAL STAFF MEMBERS

In today’s legal environment, a owner of a dental practice may be vicariously liable for the errors and omissions of staff members. As a general rule, the risks are clinical in nature, however, a substantial amount of errors or omissions occur as a result of miscommunication. In matters of alleged patient miscommunication, a patient alleges that they were told the wrong clinical information, or were never told the correct clinical information at all.

Although, claims arising from a dentist’s vicarious liability for the clinical error or omission of a staff member may not be very common, dental malpractice claims arise from a patient’s dissatisfaction with staff member interaction. A dental practice owner can manage the risks of staff members by hiring qualified individuals, who can project the desired image of the practice, are well trained, and communicate in a clear manner.
 

Receptionist

 

Stuart J. Oberman, Esq handles a wide range of legal issues for the dental profession including cyber security breaches, employment law, practice sales, OSHA, and HIPAA compliance, real estate transactions, lease agreements, noncompete agreements, dental board complaints, and professional corporations.
For questions or comments regarding this article
please call (770) 554-1400 or visit www.obermanlaw.com

If you would like Stuart J. Oberman, Esq. to speak at an event to your organization, please contact Katharine Drum, Marketing Coordinator (kath@obermanlaw.com)

 

Sign up for our Newsletter!

Social Media and the Veterinary Practice

The online world is growing. Facebook now boasts a “population” larger than the United States. Thousands of veterinarians are currently taking advantage of social media (e.g. Facebook, Twitter, Youtube, LinkedIn, &c.) and smartphones. It is important to take a brief look at some important issues and areas of concern for veterinary professionals using or considering the use of social media to build and promote their public, patient, and employee relationships.

 
Public Relations
The advantages of a strong social media presence are clear. Information may be shared with colleagues to sustain camaraderie, with patients to strengthen vet-patient relationships, and with the public to bolster your reputation.
It is vitally important to consult with your legal advisers early and often when bringing your professional presence to an online forum.

 

Patient Relations

If content on your social media page is also medical in nature, depending on the forum, the Health Information Portability and Accounting Act (HIPAA) may be implicated.
Members of the veterinary profession should adhere to the following guidelines:

(a) Veterinarians should be cognizant of standards of patient privacy and confidentiality that must be maintained in all environments, including online.
(b) When using the Internet for social networking,veterinarians should use privacy settings to safeguard personal information and content to the extent possible.
(c) If veterinarians interact with patients on the Internet, they must maintain appropriate boundaries of the patient-vet relationship.
(d) To maintain appropriate professional boundaries veterinarians should consider separating personal and professional content online.
(e) Vets must recognize that actions online and content posted may negatively affect their reputations among patients and colleagues, and may have consequences for their professional careers (particularly for veterinarians-in-training and veterinary students), and can undermine public trust in the veterinary profession.

When veterinary professionals provide a social media forum for patient feedback, they risk running afoul of HIPAA rules and regulations. Prior to building a social media presence, it is important to develop policies and procedures designed to guide appropriate use of the relevant forum. A few key points follow:

 

Under the Health Information Technology for Economic and Clinic Health Act (HITECH Act), there are substantial penalties and fines that may be assessed for HIPAA violations that occur during social media exchanges. Under the HITECH Act, fines range from $100.00 to $100,000.00.
Be clear with a disclaimer that patient information is personal and should never be shared via the Internet. Inform participants that any posting that appears to be a violation of this policy will be removed.

 

Employee Relations

 
It is important to keep your employees from becoming lax about privacy rules when it comes to social media.
Education is always the first line of defense when it comes to privacy and security safeguards. Make sure all employees are trained and up to date about the privacy and security rules and be sure to disseminate a written company policy outlining permissible and impermissible actions. Make social media training a part of your HIPAA compliance program.
Social media is a powerful tool for expanding a veterinary practice, but be aware of the potential complications. Always consult your legal adviser before branching out into online forums.

 

Receptionist

 

 
Stuart J. Oberman, Esq. handles a wide range of legal issues for the veterinary profession including employment law, practice sales, real estate transactions, lease agreements, OSHA compliance, veterinary board complaints, employment law, and entity formation.
For questions or comments regarding this article please call (770) 554-1400 or visit www.obermanlaw.com

If you would like Stuart J. Oberman, Esq. to speak at an event to your organization, please contact Katharine Drum, Marketing Coordinator (kath@obermanlaw.com)