Any information stored on a computer or on a type of mobile device can be at risk. The first step to take towards safeguarding a practice against information loss is to look at the way data is currently protected. The following basic questions will help to determine if a practice is set up to manage against data loss.

What types of data can be found in my business?

Determining the types of data stored within a practice is important in order to provide maximum protection. Understanding how the information is used and where it will travel, both within and outside of the practice is important.

Common classifications include:

• Highly Confidential
  • This information is maintained strictly for use by designated and authorized staff members within the practice
  • Loss of this information could seriously impede or critically impact business operations
  • Examples of highly confidential data include items relating to:
    • Business:
      • Financial records
      • Banking and accounting information
      • Legal, tax, and financial correspondence
      • Passwords and PINs
    • Employee:
      • Contact and address information
      • Payroll files and bank account information
      • Social security numbers
      • Work and personal email addresses
    • Customer:
      • Account records
      • Transaction information for purchases and services
      • Financial information
      • Contact and address information
• Sensitive
  • This information is intended only for use within the practice, and is considered as private
  • Types of sensitive information include such things as:
    • Partnership agreements
    • Employee performance evaluations
    • Financial reports
• Internal Use Only
  • Also considered as sensitive information, this data’s use is intended to remain within the practice, but with a wider group of people
  • Loss of this information is unlikely to result in financial or credibility damage
  • Types of Internal Use Only documents include:
    • Internal memorandums
    • Meeting minutes

Who has accessibility to the data?

Basically speaking, not all employees need access to all data. Accessibility should be restricted to only those individuals with positions that require a specific need for the information. Further questions to ask:

• Have methods been established to protect sensitive information from inappropriate access?
• How were these accessibility rights determined?
• Have steps been established to manage and track the use of any employee access to the information?
• Have guidelines been developed that:
  • Outline the types of data
  • Identify the steps for how each type of data should be handled and protected
  • Categorize the appropriate positions/people with access to each type of data

How is my veterinary practice data secured?

A password is a technical safeguard developed to help protect sensitive data. It is important to determine if your practice trains employees to follow this basic advice:

• Password creation should be:
  • Random
  • Complex, using upper- and lower-case letters, numbers, symbols
  • Long, at least 10 characters
  • Changed regularly
  • Closely guarded

Does my veterinary practice back-up its data?

Theft is not the only way to lose data. Sometimes essential information is lost through system crashes, accidental erasure, or disasters such as a fire or flood. An established procedure for data backup is essential for all businesses. Considerations need to be given to:

• Pinpoint types of data to require back-up
• Establish timing or number of times for back-up
• Identify position/person responsible to complete back-up
• Determine way backup will be made and where it will be stored
• Name position/person with accessibility to backup material

How a practice handles and protects its data is crucial for its everyday operation and future success. Examining your practice by looking internally for answers to these basic questions will help to provide insight as to the next steps requiring data safety consideration.

For more information in regard to handling data safely, please contact your Covetrus representative at 855.724.3461.

Sources:

https://transition.fcc.gov/cyber/cyberplanner.pdf