After a public comment period, a final order resolving the FTC’s complaint against Henry Schein Practice Solutions, Inc., has been approved, alleging the company falsely advertised the level of encryption it provided to protect patient data.
The settlement was first announced in January 2016. In its complain, the Commission alleged that Schein marketed its Dentrix G5 software to the dental practice with deceptive claims that the software provided industry-standard encryption of sensitive patient information and in doing so, ensured dentists met certain regulatory obligations under the Health Insurance Portability and Accountability Act (HIPAA). The complaint alleged that the software in question, actually used a less complex encryption technique to protect patient data that failed to meet accepted encryption standards.
Under the terms of the consent order, Schein will be required to pay $250,000 to the FTC. In addition, the company will be prohibited from misleading customers about the extent to which its products use industry-standard encryption or the extent to which its products helpp ensure regulatory compliance or protect consumers’ personal information.
In addition, Schein will be required to notify all of its customers who purchased their Dentrix G5 software during the period when the company made the misleading statements that the products does not provide industry-standard encryption and provide the FTC with ongoing reports on the notification program.
The Commission vote to approve the final order and letters to commenters was 3-0.