Henry Schein Practice Solutions Inc. ("Schein"), a
provider of office management software for dental practices, has
entered into a consent order to settle Federal Trade
Commission (FTC) charges that it falsely advertised the level of
encryption it provided to protect patient data. The FTC announced
the settlement in a press release on January 5.
Schein will pay $250,000 to resolve the FTC's claims that it
deceptively marketed its Dentrix G5 software as having
industry-standard encryption that would help dental practices
satisfy their obligations under HIPAA to secure protected health
information. In fact, Dentrix G5 used a data masking technique
using cryptographic technology, rather than Advanced Encryption
Standard as recommended by the National Institute of Standards and
Technology. Dentrix G5 is used for office tasks including entering
patient data and diagnostic information, sending appointment
reminders, and submitting insurance claims.
In addition to the $250,000 payment, the consent order requires
Schein not to mislead customers about the strength of the
encryption in its products, and to notify all who may have
purchased Dentrix G5 in reliance on the misleading statements that
the product does not provide industry-standard encryption. The
settlement is of particular interest because, although no data
breach or HIPAA violation was alleged, the FTC's involvement in
a healthcare matter suggests the possibility of future
collaboration with the U.S. Department of Health and Human
Services' Office for Civil Rights on HIPAA-related
enforcement.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
