A press release yesterday announced that Henry Schein has been named a 2014 World’s Most Ethical Company by the Ethisphere Institute.
Considering that I’ve raised questions about their marketing of Dentrix G5 as providing “encryption” and the fact that they wouldn’t send out individual letters to customers informing them that what providers purchased as incorporating “encryption” didn’t and doesn’t provide encryption for patient data in storage, I find this this announcement …. um… interesting.
I still believe it’s important for Henry Schein Dental to notify all customers who bought Dentrix G5 prior to its re-branding of “encryption” as “data masking” of the security vulnerabilities that have been pointed out and recognized by US-CERT. Legal issues such as the FTC Act aside, I think corporate ethics includes notifying health care providers when patient data might be or is at more risk than providers had been lead to believe.
Henry Schein must be delighted to receive the corporate recognition for ethics. PHIprivacy.net urges them to do the right thing and live up to that mantle by individually notifying all G5 customers about the pseudo-encryption issue and the hard-coding vulnerabilities issue to increase the likelihood that providers will become aware of the issues and take steps to better secure patient data.