Software Provider Settles FTC Charges on Data Encryption

Henry Schein Practice Solutions would pay $250,000 to settle charges that it falsely advertised the level of encryption it provided to protect patient data, under a consent order proposed by the Federal Trade Commission.

The FTC has alleged that the Schein unit, which provides dental practice software, was aware in 2010 that the form of data protection used in its Dentrix G5 software was less secure and more vulnerable than widely used, industry-standard encryption algorithms.

Nevertheless, for two years, Schein touted the product’s “encryption capabilities” for protecting patient information and meeting “data protection regulations” in multiple marketing materials, including newsletters and brochures targeted at dentists, the FTC says.

The proposed consent order prohibits the company from misleading customers about the extent to which its products use industry-standard encryption or the extent to which its products help ensure regulatory compliance or protect consumers’ personal information.

Schein also will be required to notify customers that purchased Dentrix G5 during the period when the company made the misleading statements that the product does not provide industry-standard encryption.

The agreement will be subject to public comment through Feb. 4. The commission will subsequently decide whether to finalize the consent order. — Jonathon Shacat