In today's digital society, protecting confidential and proprietary practice information is next to impossible. Employees on a daily basis have access to an employer's confidential information. Electronic information can be stored on a smart phone, flash drive, and in the cloud.
In many states, trade secrets are protected by the Uniform Trade Secrets Act. Generally, a practice's patient list and other sensitive practice information are protected by the Act. The term trade secret is defined as technical or nontechnical data, a formula, a pattern, a compilation, a program, a device, a method, a technique, a drawing, a process, financial data, financial plans, product plans or a list of actual or potential patients or suppliers, which is not commonly known by or available to the public.
When a practice takes reasonable measures to protect its valuable and confidential information, and if the information is generally not known to the public, then a practice's trade secrets will most likely be protected. In addition to patient lists and related data, many other forms of information may also be protected, such as business plans.
It is extremely important for a practice to have policies, procedures and agreements in place in order to protect a practice's assets and intellectual property, before an employee leaves. Below is a checklist of items that a practice should consider in order to protect its valuable assets.
Confidentiality and Return of Records Policies.
A practice should have policies and procedures in place that clearly identify what is considered a protected trade secret [patient list, pricing, vendors, referrals, marketing data, business plans and projections, etc...]. In addition, if an employee resigns or is terminated, the practice should have a written procedure in place that will require the former employee to immediately return to the practice, all protected and confidential information.
Confidentiality and Non-Disclosure Agreements.
In order to protect a practice's trade secrets, every employee should sign a confidentiality and non-disclosure agreement. The confidentiality and non-disclosure agreement may be part of a well prepared employee manual or a separate document.
Keep Confidential Information Confidential.
Information that is identified by a practice as a trade secret or considered confidential should be treated as such by all employees, or it may lose its confidential status. A practice should train it's employees to take the necessary precautions in order to protect against the wrongful disclosure or misuse of confidential information.
Bring Your Own Device or Employer Provided Device Policies.
If a practice permits an employee to use their own personal electronic devises for business purposes [cell phones, iPads, laptops, etc...], then a practice should have a written policy in place that will permit a practice to periodically inspect an employees electronic devise in order to ensure that confidential practice information is protected and secure.
In addition, if an employee resigns or is terminated, a practice should also have a written procedure in place that outlines specifically how a practice will be permitted to purge confidential information from the employees personal electronic devise upon departure. The information must be purged immediately upon an employee's departure.
Non-Solicitation and Non-Compete Agreements. A practice should have its key employees sign a non-solicitation and/or non-compete agreement. A non-compete agreement will prevent an employee from performing the same or similar services for a competitor, for a certain period of time, within a certain specified geographical area, for specific clients or other confidential relationships. A non-solicitation agreement will prevent a current or former employee from soliciting or contacting the practice's patients. Both types of agreements must be designed to protect legitimate practice interests, be reasonably limited in duration and geographic scope, and be applied consistently, in order to be enforceable.
Immediately Cut Off System Access. A practice should immediately cut off an employee's access to information upon an employees planned or unplanned departure [or even in advance of an employee's departure, if at all possible]. In addition, a practice should immediately change all of its passwords upon an employee's departure, especially in those areas where the employee has access to confidential and protected practice information.
Reminder Letters. After an employee is no longer employed by a practice, the practice may want to consider sending out a reminder letter to the former employee, that sets forth the former employees post-employment contractual obligations [i.e., non-compete, non-solicitation, and non-disclosure of confidential information, etc...].
In many cases, the most valuable assets of a practice, is the practice's intellectual property [patient lists, confidential company data, software, business plans, etc...], and the protection of these valuable assets may very well be necessary in order to ensure the viability of a practice. If a practice takes the required steps in order to protect its assets, then a practice should be in good position to prevent a devastating and potentially costly loss in the event of an employees departure.
Stuart J. Oberman, Esq. handles a wide range or legal issues for the dental profession including cyber security breaches, employment law, practice sales, OSHA and HIPAA compliance, real estate transactions, lease agreements, non-compete agreements, dental board complaints and professional corporations.
For questions or comments regarding this article please call (770) 554-1400 or visit www.obermanlaw.com.
If you would like Stuart J. Oberman, Esq. to speak at an event for your organization, please contact Katharine Drum, Marketing Coordinator (firstname.lastname@example.org)