Dive Brief:
- The Federal Trade Commission recently went after Henry Schein Practice Solutions, a vendor of dental practice management software, for allegedly misrepresenting its level of encryption for patient data.
- The FTC argued the health IT vendor marketed its Dentrix G5 software under deceptive claims by saying it utilized industry-standard encryption when it actually used a method inferior to to the Advanced Encryption Standard (AES) recommended by the National Institute of Standards and Technology.
- The FTC noted the company had "touted the product's 'encryption capabilities' for protecting patient information and meeting 'data protection regulations' in multiple marketing materials, including newsletters and brochures targeted at dentists," iHealthBeat reported.
Dive Insight:
The case is notable because the FTC did not complain of any data breaches resulting from the software, but made the case based on the issue of misrepresentation.
The company settled for $250,000 but noted by doing so it was not admitting wrongdoing.
"The security features in Dentrix are part of our evolving product development efforts," the company announced in a statement. "Dentrix provides multiple features to help protect patient data, especially when used in combination with practice security measures based upon standards, best practices, laws and regulations. We do recommend that offices employ some form of full disc encryption that utilizes AES-level encryption."
The FTC had previously stated its intent to follow up on vendors' claims and promises. “I would like to see them do more of this," Michael McMillan, CEO of data security consulting firm CynergisTek, told Modern Healthcare. "It would be very helpful to the industry for them to be a watchdog for false promises.”