Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Government
January 07, 2016 12:00 AM

FTC reaches $250,000 settlement with IT vendor over data encryption

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    The Federal Trade Commission has sent a clear message that it will come after health information technology vendors that don't provide the data security they promise to their customers.

    The FTC this week zeroed in on Henry Schein Practice Solutions, the health IT arm of publicly traded Henry Schein, Melville, N.Y., a global supplier of products and services to dental, medical and animal health providers.

    According to the FTC, the company agreed to pay a $250,000 settlement over allegations that it “falsely advertised the level of encryption it provided to protect patient data” on its Dentrix G5 dental office practice management software.

    An FTC statement said Schein claimed its “industry-standard encryption” would ensure “that practices using its software would protect patient data, as required by the Health Insurance Portability and Accountability Act.”

    But the FTC alleged that Schein “used a less complex method of data masking than Advanced Encryption Standard (AES), which is recommended as an industry standard by the National Institute of Standards and Technology (NIST).” And, it said that “Schein touted the product's 'encryption capabilities' for protecting patient information and meeting 'data protection regulations' in multiple marketing materials, including newsletters and brochures targeted at dentists.”

    Under additional terms of the agreement, Schein “will be prohibited from misleading customers about the extent to which its products use industry-standard encryption or the extent to which its products help ensure regulatory compliance or protect consumers' personal information,” the FTC statement said. Further, the company must notify customers that purchased Dentrix G5 “that the product does not provide industry-standard encryption and provide the FTC with ongoing reports on the notification program.”

    The company did not respond to a request for comment.

    The FTC notice made no mention of data breaches involving the software. Only a few dental practices have had data breaches reported to the “wall of shame” website kept by the Office for Civil Rights at HHS, which has enforcement authority over violations of the HIPAA privacy and security rules. The website lists only breaches involving 500 or more individuals' records. Last year was a particularly bad one for breaches, with more than 104 million individuals records exposed in just four incidents, all reportedly attributed to hackers.

    The FTC's action against a health IT vendor was not unexpected, said Michael McMillan, CEO of CynergisTek, an Austin data security consulting firm.

    “They said last year that they were going to be looking at the promises that vendors were making with respect to their products and capabilities—do these products really have up-to-date encryption, real audit features, data integrity,” McMillan said. “I would like to see them do more of this. It would be very helpful to the industry for them to be a watchdog for false promises.”

    The FTC's clamp-down on a health IT vendor does not mean it's invading territory that belongs to the Office for Civil Rights, said Kirk Nahra, a privacy lawyer with Wiley Rein in Washington, D.C.

    “This was more of a misrepresentation case, which is in the FTC's wheelhouse,” Nahra said. “The FTC has authority in lots of areas that overlap—the LabMD case is the test case so far, since that was a direct overlap involving a HIPAA covered entity.”

    In that case, an administrative law judge ruled against the FTC in November, saying it failed to prove harm in a complaint involving two data breaches by the lab.

    But in August, a federal appeals court supported the FTC's authority to regulate in the area of cybersecurity in a FTC lawsuit against Wyndham Worldwide Corp. over three data breaches linked to hackers.

    “It is going to be interesting to see how this plays out over time, although the FTC and OCR are already cooperating and discussing how to proceed in overlap situations,” Nahra said. “My take on this case is that companies have to evaluate vendor representations in a reasonably aggressive manner, and that they should be careful about anyone who says their product is 'HIPAA compliant,' since a 'product' can't really be HIPAA compliant,” Nahra said.

    What that means is that it's up to the organization using the product to ensure HIPAA compliance.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    abortion-pill-misoprostol-legal
    Abortion pill case advances to appeals court, on course to Supreme Court
    young doctor medical resident
    Federal physician recruitment program at risk
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing