The Federal Trade Commission charges Henry Schein Practice Solutions, a dental practice office management software company, falsely advertised the level of encryption it used to protect patient data. Now, the company has settled the charges with a $250,000 payment.
Henry Schein marketed its Dentrix G5 software as a product with industry-standard data encryption in line with HIPAA requirements, but the FTC alleges the company was aware its product uses a less complex method of data masking. The product does not use Advanced Encryption Standard, as recommended by the National Institute of Standards and Technology, according to the FTC complaint.
"Even the best intentioned enterprises can find themselves in regulatory hot water if data security approaches don't meet industry best practices. This is a lesson to any firm today looking to encrypt, tokenize or mask data with proprietary and unproven technology or products who could face similar scrutiny," Mark Bower, global director product management for HPE Security – Data Security, told Becker's Hospital Review.
In addition to paying $250,000 to the FTC, Henry Schein will be required to notify all customers who purchased the Dentrix G5 software during the period "when the company made the misleading statements that the product does not provide industry-standard encryption and provide the FTC with ongoing reports on the notification program," according to the FTC report.
More articles on dental issues:
Drs. Elissa Heard, Don Erbes & more – 5 dentists making headlines
FDA clears 11 dental devices in December
Drs. Amy Au, Kevin Lang & more – 7 dentists making the news