The New York SHIELD Act’s Impact On Veterinarians
Many veterinarian clinics are experiencing major changes to the way they practice veterinary medicine. Why? Because clients want to interact with their veterinarian the same way they do every other business – through convenient, efficient forms of technology that enable anytime, anywhere access to their records and information. Although veterinarians aren’t dealing with the protected health information of people, they’re dealing with private information belonging to the owners of the pets in their care. This means they’re subject to the new data security law known as the New York SHIELD Act – signed into law on July 15, 2019 and going into effect on March 21, 2020.
How Does the New York SHIELD Act Impact Veterinarians?
The SHIELD act aims to ensure better protection for consumers who are entrusting businesses, including veterinarians, with their private information. Anyone storing or accessing information belonging to residents of the state, even if you’re located outside of the state, must ensure the proper safeguards are in place while following the updated breach notification laws in the event of unauthorized access and/or disclosure. This can be challenging for veterinarians who are looking to keep their clients engaged outside of the practice – offering more support for pets in their homes.
Governor Cuomo, who signed the SHIELD act into law, expresed, “As technology seeps into practically every aspect of our daily lives, it’s increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure.” He continued, “The stark reality is security breaches are becoming more frequent, and with this legislation, New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data.”
What Type of Private Information Does the New York SHIELD Act Refer To?
Many data privacy laws refer to personal information that can be used to identify an individual, but the New York SHIELD act specifically states that “private information” must be protected, including:
- Personal information in combination with unencrypted data elements, such as social security numbers or driver’s license/ID card numbers.
- Account numbers and credit or debit card numbers in combination with any required security codes or access numbers to permit access.
- Biometric information, such as iris images, voiceprints, fingerprints, retina scans or other representation of identity.
- Usernames and/or email addresses in combination with passwords or security codes and answers to permit access.
How Should Veterinarians Protect Private Information Accordingly?
Veterinarians must ensure private information is protected according to the law, which requires various administrative, technical, and physical safeguards, including:
- Designating an employee or team to coordinate a cybersecurity program.
- Implementing sufficient safeguards to control risks identified in an assessment.
- Vetting third-party vendors and contractually obligating them to meet standards.
- Testing and monitoring the controls and procedures in place to prevent attacks.
- Protecting against unauthorized access of information in transit or at rest.
Keep in mind, any indication that private information was viewed or used without valid authorization is considered a breach now. If a breach occurs involving private information, veterinarians must report the breach to the following:
- The State Attorney General
- State Police
- The Department of State
- Any Impacted Individuals
Globalquest Solutions Welcomes Any and All Veterinarians Who Aren’t Prepared to Comply with the New York SHIELD Act to Contact Us. Call (716) 601-3524 to Get Started.
Why get in touch with Globalquest? Simple: We’ve been helping veterinarians throughout Western New York stay safe against cybercrime since 2014. We’re here to help you embrace the power of technology for better serving the individuals who entrust you with the health and safety of their beloved pets – while remaining safe against unauthorized access to private information.