In today's digital society, protecting confidential and proprietary practice information is next to impossible. On a daily basis, employees have access to their employers' confidential information. Electronic information can be stored on a smartphone, on a flash drive, or in the cloud.
In many states, trade secrets are protected by the Uniform Trade Secrets Act. The term "trade secret" is defined as technical or nontechnical data, a formula, a pattern, a compilation, a program, a device, a method, a technique, a drawing, a process, financial data, financial plans, product plans, or a list of actual or potential patients or suppliers, which is not commonly known by or available to the public. Generally, the act protects a practice's patient list and other sensitive practice information.
When a practice takes reasonable measures to protect its valuable and confidential information, and if the information is generally not known by the public, then the practice's trade secrets will most likely be protected. In addition to patient lists and related data, many other forms of information may also be protected, such as business plans.
It is extremely important for a practice to have policies, procedures, and agreements in place to protect its assets and intellectual property before an employee leaves. Below is a checklist that practice owners should review to ensure the protection of their practices' valuable assets.
Confidentiality and return of records policies
A practice should have policies and procedures in place that clearly identify what is considered a protected trade secret (e.g., patient list, pricing, vendors, referrals, marketing data, business plans and projections, etc.). In addition, if an employee resigns or is terminated, the practice should have a written procedure in place that will require the former employee to return all protected and confidential information to the practice immediately.
Confidentiality and nondisclosure agreements
In order to protect a practice's trade secrets, every employee should sign a confidentiality and nondisclosure agreement. The confidentiality and nondisclosure agreement may be part of an employee manual or a separate document.
Keep confidential information confidential
Information that is identified by a practice as a trade secret or that is considered confidential should be treated as such by all employees, or it may lose its confidential status. Employees should be trained to take the necessary precautions in order to protect against the wrongful disclosure or misuse of confidential information.
Bring-your-own-device or employer-provided-device policies
If a practice permits employees to use personal electronic devices for business purposes (e.g., cellphones, iPads, laptops, etc.), the practice should have a written policy in place that will permit periodic inspection of employees' devices in order to ensure that confidential practice information is protected and secure.
In addition, if an employee resigns or is terminated, the practice should also have a written procedure in place that outlines specifically how the practice will be permitted to purge confidential information from the employee's personal electronic device immediately upon departure.
Nonsolicitation and noncompete agreements
A practice should have its key employees sign a nonsolicitation and/or noncompete agreement. A noncompete agreement will prevent an employee from performing the same or similar services for a competitor, for a certain period of time, within a certain specified geographical area, and for specific clients or other confidential relationships. A nonsolicitation agreement will prevent a current or former employee from soliciting or contacting the practice's patients. In order to be enforceable, both types of agreements must be designed to protect legitimate practice interests, be reasonably limited in duration and geographic scope, and be applied consistently.
Immediately cut off system access
A practice should immediately cut off an employee's access to information upon an employee's planned or unplanned departure - or even in advance of an employee's departure, if at all possible. In addition, a practice should immediately change all of its passwords upon an employee's departure, especially for areas in which the employee has access to confidential and protected practice information.
After an employee is no longer employed by a practice, the practice may want to consider sending out a reminder letter to the former employee. The letter should set forth the former employee's postemployment contractual obligations (e.g., noncompete, nonsolicitation, and nondisclosure of confidential information, etc.).
In many cases, the practice's intellectual property (patient lists, confidential company data, software, business plans, etc.) comprises its most valuable assets. The protection of these valuable assets may be necessary in order to ensure the viability of the practice. If the practice takes the required steps in order to protect its assets, it should be in a good position to prevent a devastating and potentially costly loss in the event of an employee's departure.