False Claims about Encryption Cost an Arm, a Leg, and a Tooth

January 13, 2016 | By Lawrence J. Tabas

Earlier this month, Henry Schein Practice Solutions, Inc. (“Schein”), a provider of office management software to dental practices, learned the hard way that exaggerating the capabilities of its products can be very costly. On January 5, 2016, Schein agreed to pay the Federal Trade Commission (the “FTC”) $250,000 to settle claims that it falsely advertised the level of encryption its Dentrix G5 software used to protect patient data.

According to the FTC’s complaint, Schein marketed Dentrix G5 by claiming that the software provided industry-standard encryption that ensured the protection of sensitive patient data pursuant to the requirements of the Health Insurance Portability and Accountability Act. However, in reality, Schein knowingly used a less secure method of encryption in its Dentrix G5 software. Despite its advertising claims, Schein failed to use the Advanced Encryption Standard, which is the industry standard encryption recommended by the National Institute of Standards and Technology.

As explained by Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, “strong encryption is critical for companies dealing with sensitive health information.”

In 2016, we expect the FTC to continue to pursue claims against companies that promise strong encryption and fail to deliver it.

The Health Law Gurus™ will continue to monitor the FTC’s unfair or deceptive acts settlements. Please check back with us for updates.

To read the FTC Complaint, click here.

To read the FTC Press Release, click here.

Categorized In: FTC, HIPAA, Security

About the Authors

Lawrence J. Tabas

Partner

Lawrence is the Chair for Obermayer’s Health Care Law Department and Election Law Practice Group. Lawrence’s Health Care Law legal experience includes the representation of physician group practices (single and multi-specialty), hospitals,...

Read More by Author