Most dental practices are fully aware of the importance of data security. Practice administrators know their obligations under HIPAA, they have thought through issues of IT security, and they know to ensure that unauthorized individuals do not gain access to private records. In short, dental practice personnel are trained and focused to deal with external threats.
But what about a threat from within? We like to imagine that we are going to work with the same colleagues until we all retire, but a basic reality of the modern workplace is that employees move regularly. Sometimes, they choose to depart, and sometimes their employers end the relationship. In either event, an employee who stays in the same industry has an incentive to take and use materials from a former employer to help a new practice compete. Additionally, an employee will usually have a motivation to try to exploit relationships developed on behalf of a former employer, whether those relationships are with patients or employees.
RELATED ARTICLE:Another embezzler joins the exclusive “Half Million Dollar Club”
RELATED ARTICLE:10 tips to help business owners in challenging times
So what are the best practices for a dental practice that hopes to retain its key employees for a long period of time, but is realistic enough to know this hope may not come true? This article covers pre-departure best practices, while a second article (at a later date) will cover the procedures to employ once a practice is confronted with a departure.
1. Have agreements in place
The best way for a practice to protect itself against competition by former employees is to have restrictive covenant agreements in place. Such agreements can deter employees from leaving in the first place (or competitors from hiring them). If they choose to depart, then the agreements can prevent the employee from: a) competing in certain territories and/or on behalf of certain competitors; b) soliciting customers; c) taking coworkers; and d) using or disclosing confidential information. It is important to note, however, that state laws vary regarding the enforceability of such agreements, so you should work with legal counsel to determine what you can do in your agreements.
2. Think through your key information and take steps to protect it
To stop an employee from using or disclosing confidential information, you need to show that information is truly nonpublic. If other employees are permitted to walk out the door with that information, then such a showing will be very difficult. Likewise, if the information is provided to third parties without safeguards in place, then the information will lose its confidential character. Thus, it is important to ask yourself two questions — What information would be most useful to your competitors if an employee left with it? And two — If asked on a witness stand by a judge (or by your attorney while drafting an affidavit) “How many measures do you take to ensure that the information remains private?” what could you respond?
3. Make clear that employees cannot misuse the practice’s computer system
With the increased use of the federal Computer Fraud and Abuse Act and analogous state law computer protection statutes, employers are learning the importance of putting employees on written notice as to what they are not authorized to do on the practice’s computer system. This includes taking files from the system and deleting files prior to departure. The key to unlocking the power of federal and state computer protection laws is showing that the employee was on notice that he or she was not authorized to perform certain acts on the system.
Michael Elkon is an attorney with Fisher & Phillips LLP, one of the nation's leading labor and employment law firms representing employers.