Dental Office Software Provider Agrees to FTC Settlement Over False Encryption Ads

voted 4-0 to issue the administrative complaint. The FTC said it will publish a description of the consent agreement, which will be subject to public comment through Feb. 4, in the Federal Register soon. The agency alleged the company marketed "deceptive claims" for two years that its Dentrix G5 software provided industry-standard encryption of sensitive patient data as required by the Health Insurance Portability and Accountability Act (HIPAA). The FTC said the company was aware its software "used a less complex method of data masking to protect patient data than Advanced Encryption Standard," which is the recommended industry caliber. “If a company promises strong encryption, it should deliver it," said Consumer Protection Bureau Director Jessica Rich. Under the settlement, Schein "will be prohibited from misleading customers about the extent to which its products use industry-standard encryption or the extent to which its products help ensure regulatory compliance or protect consumers’ personal information," the FTC said. Schein must also notify all affected customers that the software doesn't provide industry-standard encryption. The company disagreed with the commission about how "we used the word 'encrypted' in Dentrix G5 marketing from early 2012 to January 2014," and the "product works, and works well," emailed a Schein representative Tuesday. "We have always communicated to customers that the ultimate responsibility for data security and HIPAA compliance resides with each practice." The settlement doesn't "represent an admission of wrongdoing regarding the Dentrix product," said the representative. "We made a decision to settle with the FTC to avoid long and costly litigation," she said. "We continuously upgrade and improve our product and service offerings, and advise our customers that they also need to take steps to protect the security of their data."