Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News

December 22, 2020 |

FTC Charges Company Displaying HIPAA Seal with Consumer Fraud

Don’t make the same “stupid marketing mistake.”

You may have heard me speak or write about the risk of businesses using phony HIPAA compliance seals in their marketing. My warnings were based on a conversation I had with a Federal Trade Commission (FTC) attorney when we were both speaking at the National HIPAA Summit. She told me if a company has a breach or a compliance violation while displaying a seal, the FTC would consider it consumer fraud.

The FTC announced exactly that on December 16 in a settlement with SkyMed, a company that offers transportation services to travelers if they become seriously ill or are injured while away from home. According to the FTC complaint, SkyMed had a “HIPAA compliance shield” all over its website when a security researcher notified the company about an unsecure database with approximately 130,000 membership records that may have been breached. The FTC found that displaying the seal was an unfair business practice under Section 5 of the FTC Act that protects consumers. While the FTC did not issue a fine, it put SkyMed on a 20-year monitored compliance program that will be very expensive.

According to Healthcare Info Security, “The consent order also prohibits SkyMed from making misrepresentations including about how the company protects the privacy, security, availability, confidentiality or integrity of any personal information, as well as its participation ‘in any privacy or security program sponsored by a government or any third party, including any self-regulatory or standard setting organization.’ In other words, never use a seal, even if it comes from a third-party.

The article quotes regulatory attorney Paul Hales of the law firm Hales Law Group, who is not involved in the SkyMed case. He calls the company’s use of a HIPAA compliance seal on its website “a stupid marketing mistake.”

I once asked the head of a company how he could offer a HIPAA compliance seal based just on some questionnaires and discussions. I told him that even the federal government does not certify compliance. He answered, “If you read the fine print, you will see that it doesn’t mean they are compliant.” I replied that I was reading the big print that said their HIPAA compliance was verified.

Don’t make the same mistake. Remove any HIPAA compliance seals from your website. If you are reselling any HIPAA services to clients that are displaying a seal of compliance, tell them to remove the seal immediately. If a client has a breach or compliance violation, they may sue you for your role in providing them with the seal, which may not be covered by your Errors and Omissions insurance because of the deceptive business practice exclusion.


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience