Tips for Cyber Security in Your Veterinary Practice: PART I

With the risk of a cyber-security breach increasing on a daily basis, below are some tips that will help a practice owner maintain the security that they need in order to protect patient information.

Use Strong Passwords and Change Them Regularly

Selecting Passwords

Choose a password that is not easily guessed. Below are some examples of strong password characteristics:

❒ At least eight characters in length (the longer the better).

❒ A combination of upper case and lower case letters, one number, and at least one special character, such as a punctuation mark.

Strong passwords should not include personal information, such as:

❒ Birthdate

❒ Names of self, family members, or pets

❒ Social Security Number

❒ Anything that is on your social networking sites or could otherwise be easily discovered by others.

Updating Passwords

Configure your systems so that passwords must be changed on a regular basis.

Resetting Passwords

To discourage staff from writing down their passwords, develop a password reset process to provide quick assistance in case of forgotten passwords. This process could involve:

❒ Allowing two different staff members to be authorized to reset passwords

❒ Selecting a product that has built-in password reset capabilities.

Limit Network Access

❒ Prohibit staff from installing software without prior approval.

❒ When a wireless router is used, set it up to operate only in encrypted mode.

❒ Prohibit casual network access by visitors.

❒ Check to make sure file sharing, instant messaging, and other peer-to-peer applications have not been installed without explicit review and approval.

Control Physical Access

❒ Limit the chances that devices (e.g., laptops, handhelds, desktops, servers, thumb drives, CCs, backup tapes) may be tampered with, lost, or stolen.

❒ Document and enforce policies limiting physical access to devices and information.

❒ Keep machines in locked rooms.

❒ Manage keys to facilities.

❒ Restrict removal of devices from a secure area.

 

 

 

Stuart J. Oberman, Esq. handles a wide range of legal issues for the veterinary profession including employment law, cyber security, practice sales, real estate transactions, lease agreements, OSHA compliance, veterinary board complaints, and entity formation.
For questions or comments regarding this article please call (770) 554-1400 or visit www.obermanlaw.com
If you would like Stuart J. Oberman, Esq. to speak at an event, please contact Katharine Drum, Marketing Coordinator (kath@obermanlaw.com).

Social Media and the Veterinary Practice

The online world is growing. Facebook now boasts a “population” larger than the United States. Thousands of veterinarians are currently taking advantage of social media (e.g. Facebook, Twitter, Youtube, LinkedIn, &c.) and smartphones. It is important to take a brief look at some important issues and areas of concern for veterinary professionals using or considering the use of social media to build and promote their public, patient, and employee relationships.

 
Public Relations
The advantages of a strong social media presence are clear. Information may be shared with colleagues to sustain camaraderie, with patients to strengthen vet-patient relationships, and with the public to bolster your reputation.
It is vitally important to consult with your legal advisers early and often when bringing your professional presence to an online forum.

 

Patient Relations

If content on your social media page is also medical in nature, depending on the forum, the Health Information Portability and Accounting Act (HIPAA) may be implicated.
Members of the veterinary profession should adhere to the following guidelines:

(a) Veterinarians should be cognizant of standards of patient privacy and confidentiality that must be maintained in all environments, including online.
(b) When using the Internet for social networking,veterinarians should use privacy settings to safeguard personal information and content to the extent possible.
(c) If veterinarians interact with patients on the Internet, they must maintain appropriate boundaries of the patient-vet relationship.
(d) To maintain appropriate professional boundaries veterinarians should consider separating personal and professional content online.
(e) Vets must recognize that actions online and content posted may negatively affect their reputations among patients and colleagues, and may have consequences for their professional careers (particularly for veterinarians-in-training and veterinary students), and can undermine public trust in the veterinary profession.

When veterinary professionals provide a social media forum for patient feedback, they risk running afoul of HIPAA rules and regulations. Prior to building a social media presence, it is important to develop policies and procedures designed to guide appropriate use of the relevant forum. A few key points follow:

 

Under the Health Information Technology for Economic and Clinic Health Act (HITECH Act), there are substantial penalties and fines that may be assessed for HIPAA violations that occur during social media exchanges. Under the HITECH Act, fines range from $100.00 to $100,000.00.
Be clear with a disclaimer that patient information is personal and should never be shared via the Internet. Inform participants that any posting that appears to be a violation of this policy will be removed.

 

Employee Relations

 
It is important to keep your employees from becoming lax about privacy rules when it comes to social media.
Education is always the first line of defense when it comes to privacy and security safeguards. Make sure all employees are trained and up to date about the privacy and security rules and be sure to disseminate a written company policy outlining permissible and impermissible actions. Make social media training a part of your HIPAA compliance program.
Social media is a powerful tool for expanding a veterinary practice, but be aware of the potential complications. Always consult your legal adviser before branching out into online forums.

 

Receptionist

 

 
Stuart J. Oberman, Esq. handles a wide range of legal issues for the veterinary profession including employment law, practice sales, real estate transactions, lease agreements, OSHA compliance, veterinary board complaints, employment law, and entity formation.
For questions or comments regarding this article please call (770) 554-1400 or visit www.obermanlaw.com

If you would like Stuart J. Oberman, Esq. to speak at an event to your organization, please contact Katharine Drum, Marketing Coordinator (kath@obermanlaw.com)

VETERINARY ADVERTISING

Veterinarians have a right to promote their practices through advertisements. However, there are ethical advertising standards each veterinarian must follow.

Principles of Veterinary Medical Ethics of the AVMA:

“Advertising by veterinarians is ethical when there are no false, deceptive, or misleading statements or claims. A false, deceptive, or misleading statement or claim is one which communicates false information or is intended, through a material omission, to leave a false impression.” [AVMA Ethics Guidelines]

Honest, nondeceptive advertisements help owners make informed decisions regarding their pet’s care.

For an advertisement to be truthful, there must be evidence to back up each assertion. An advertisement is nondeceptive if it is not likely to mislead a reasonable consumer and does not omit any necessary information for the consumer to make an informed decision. Further, all material information must be disclosed in a manner that a reasonable consumer could understand.

Obviously, truthful advertising is important to both the American Veterinary Medical Association and to the Federal Trade Commission. All states have laws prohibiting false and deceptive advertising. Although every veterinarian must comply with the Federal Trade Commission, each veterinarian should be aware of their state’s laws regarding advertising.

Veterinarians should make a point to understand the law through veterinary associations and, if necessary, with the help of legal counsel. Advertisements are a great resource for veterinary practitioners. As long as veterinarians comply with state and federal law, advertising may go a long way in building mutual trust.

 

 

veterinary_header

 

 

Stuart J. Oberman, Esq. handles a wide range of legal issues for the veterinary profession including employment law, practice sales, real estate transactions, lease agreements, OSHA compliance, veterinary board complaints, employment law, and entity formation.
For questions or comments regarding this article please call (770) 554-1400 or visit www.obermanlaw.com

If you would like Stuart J. Oberman, Esq. to speak at an event to your organization, please contact Katharine Drum, Marketing Coordinator (kath@obermanlaw.com)

 

Sign up for our Newsletter!

Responding to OSHA Requests

Initial informal phone calls are becoming more and more frequent from OSHA. First and foremost, you must have a plan in place, if you ever receive such a call from OSHA.

 

 

Letters from OSHA

Typically, when OSHA receives a non-formal complaint, its first investigative step is usually to send a letter to the owner of a practice.

 

 

Telephone Calls From OSHA

When investigating a non-formal complaint, OSHA may also call a practice, in addition to sending an investigatory letter. Responding to an OSHA telephone inquiry poses several unique risks for practice owners.

 

 

Developing an Office Protocol

To avoid potential and unintended problems, practice owners should create a risk management plan for responding to telephone calls from OSHA inspectors. Once formulated, the office protocol should be clearly explained to and followed by all office staff.

 

 

By formulating an office protocol in order to handle OSHA investigations, practice owners can take steps to adequately protect themselves during the investigation process. It is crucial that practice owners plan for OSHA investigation inquiries. In addition, it is also critical that all employees are aware of office protocol regarding OSHA inquiries, in order to avoid unintended consequences.

 

They're king players in the game of business

Stuart J. Oberman, Esq. handles a wide range of legal issues including employment law, practice sales, real estate transactions, lease agreements, OSHA compliance, board complaints, employment law, and entity formation.

 

 

For questions or comments regarding this article please call (770) 554-1400 or visit   www.obermanlaw.com

If you would like Stuart J. Oberman, Esq. to speak at an event to your organization, please contact Katharine Drum, Marketing Coordinator (kath@obermanlaw.com)

 

Sign up for our Newsletter!

What Qualifies as Extra Label Drug Use

Q: How do I know what qualifies as ELDU?

A: Specific criteria must be followed:

  • A valid VCPR is a prerequisite for all ELDU;
  • Only a veterinarian can determine that ELDU is needed and can administer, prescribe or dispense a medication extralabelly. The veterinarian must direct or supervise ELDU in an animal;
  • ELDU rules only apply to FDA-approved animal and human drugs;
  • ELDU is intended for prevention, treatment, and control purposes only when an animal’s health is threatened. ELDU of drugs for production use and/or in feed is not approved;
  • ELDU is not permitted if it results in an illegal food residue, or any residue which may present a risk to public health;
  • A veterinarian must not pursue use of certain FDA-prohibited drugs in food-producing animals.

ELDU of an FDA approved drug may be used if:

  • There is no approved animal drug that is labeled for such use, or that contains the same active ingredient in the required dosage form and concentration.
  • Alternatively, an approved animal drug for that species and condition exists, but a veterinarian finds, within the context of a VCPR, that the approved drug is clinically ineffective for its labeled use.

There are few restrictions on extralabel use in non-food-producing animals compared to food-producing animals. If the intended use is in a non-food-producing animal, then an approved human drug may be considered for extralabel use even when an approved animal drug for that species and condition exists. Economic reasons for ELDU of a human drug over the approved drug for that species are valid to treat the medical condition. Veterinarians should recognize, however, that human-labeled drugs are approved based on studies in people and their use in animals could vary. In addition, minor differences in the formulation may produce alterations in the pharmacokinetics and biological availability in the animal species compared to humans. Also keep in mind that consistent use of human-labeled drugs when approved animal-labeled drugs are available could create relative disincentives for the animal health industry to pursue new animal drug approvals and could further limit the availability of veterinary drugs.

The following additional conditions must be met for ELDU in food-producing animals:

  • Such use must be accomplished in accordance with an appropriate medical rationale; and
  • If scientific information on the human food safety aspect of the use of the drug in food producing animals is not available, the veterinarian must take appropriate measures to assure that the animal and its food products will not enter the human food supply.

If the veterinarian determines the food-producing animal needs a drug administered in an extralabel fashion, an approved animal drug must be considered for the particular use before a drug labeled for humans is considered. The prescribed or dispensed extralabel drug (prescription legend or over-the-counter) must bear labeling information which is adequate to assure the safe and proper use of the product.

7 Types of Records Your Veterinary Practice Should Be Keeping

What records should your veterinary practice keep, and how long should you keep them? There are several categories of records that are important to a practice, some for internal purposes and some for tax returns and other government requirements. Let’s take a look at these by category.

 

  1. Tax records. First, consider the records you need to substantiate your annual income tax return. The IRS says that you must maintain adequate records, to support the items of income and expenses that you claim. That means you must be able to produce receipts, invoices, cancelled checks, or banking records supporting expense items. Similarly, you should keep sales slips, invoices, or bank records to support income items.
  2. Accounting records. Most practices have adequate accounting systems to capture routine transactions, but not for nonroutine transactions such as the purchase of depreciable assets. When you buy a car, computer, or piece of office equipment, be sure to file all purchase documents, assign an inventory number, and immediately set up a depreciation schedule.
  3. Travel and entertainment expenses. Good recordkeeping for travel and entertainment expenses is essential. Although the rules can be complex, in general you should capture where, when, who, how much, and the business purpose for each expense. A well-designed standard expense report form can help insure that your records contain all the required information.
  4. IRS audits. Generally, the IRS can audit a tax return for three years after the date it was due or the date the tax was paid, whichever is later. However, if there is a major understatement of income, they can audit for six years after the due date (or seven years after the tax year). For that reason, you should keep most income tax records for seven years.
  5. The IRS requires records relating to employment taxes to be kept for at least four years after the date of the return or the date the tax was paid, although here again a seven-year rule is safer.
  6. Corporate records. Every incorporated  practice (or Limited Liability Company) needs good corporate records, including documents associated with forming the company, bylaws, business licenses, and minutes of all board meetings. Shareholder records should include stock registers and records of all share issuances and redemptions. Also keep copies of all contracts and leases. Finally, don’t forget current and terminated employee files, and records of employee pension or profit sharing plans. Most corporate and employee pension plan records should be kept indefinitely.
  7. Computer recordkeeping. The IRS has established a series of rules and recommendations concerning how electronic records must be maintained. Generally, such records should contain the same information as paper records and should be kept for the same length of time.

Now is a good time to start planning for the rest of 2012.