Washington, DC - After a public comment period, the Federal Trade Commission has approved a final order resolving the Commission’s complaint against Henry Schein Practice Solutions, Inc., alleging the company falsely advertised the level of encryption it provided to protect patient data.
The settlement was first announced in January 2016. In its complaint, the FTC alleged that Schein marketed its Dentrix G5 software to dental practices with deceptive claims that the software provided industry-standard encryption of sensitive patient information and in doing so, ensured dentists met certain regulatory obligations under the Health Insurance Portability and Accountability Act (HIPAA). The complaint alleged that the software actually used a less complex data masking process to protect patient data that failed to meet accepted encryption standards.
Under the terms of the consent order, Schein will be required to pay $250,000 to the FTC. In addition, the company will be prohibited from misleading customers about the extent to which its products use industry-standard encryption or the extent to which its products help ensure regulatory compliance or protect consumers’ personal information.
In addition, Schein will be required to notify all of its customers who purchased Dentrix G5 during the period when the company made the misleading statements that the product does not provide industry-standard encryption and provide the FTC with ongoing reports on the notification program.
The Commission vote to approve the final order and letters to commenters was 3-0.