Image © kras99 / Fotolia
As there is so much industry compliance – and medical technology – to keep up with, it’s no surprise some veterinary practices are unaware of new data laws arriving in 2018.
A prevailing misconception in the UK is Brexit renders organisations immune from the new EU General Data Protection Regulation (GDPR).
This is not the case...
The GDPR will go live in May 2018 and impact globally on any organisation that holds personal information on EU citizens. This means if your veterinary practice holds data, such as names and addresses of animal owners born in Europe, count yourself in.
The GDPR carries very heavy fines – so ignoring it and hoping only bigger companies will be policed is not an option.
The journey begins
Compliance has been described as a journey, not a destination. If you run a vet practice, or you are about to join a new one, then it’s time to start taking the first steps.
The ultimate aim of the legislation is to provide the general public with far greater protection and control over the way personal information is collected, stored and used. It also has mandatory measures to control how long data can be held, under what circumstances, and how it should be disposed of.
Your current or future veterinary practice needs to give human clients clear instructions – that can be evidenced – on what information your firm will hold on them and how it is managed.
The informed consent of all clients, staff and suppliers is needed if you store even their names and emails addresses. Plus, if they ask to see that data at any time that has to be tangibly supported.
As data breaches and cyber security are such a massive concern, all the data your veterinary practice holds should be encrypted, meaning if it falls into the wrong hands it is useless without the key.
Training for staff, such as nurses and admin personnel, has to be cranked up as not only will they need to be aware of the new controls and its audit trail, they also need to know how and when to decode patient information.
For many larger vet practices a data protection officer will be invaluable. Smaller ones need to consider training an existing team member or working collaboratively with other organisations.
The GDPR is a reality – and it’s on the way.