A company that provides medical transcription services has agreed to settle
In its complaint against
Because of inadequate security, the complaint alleges, medical transcript files prepared between
The FTC's consent order with GMR marks the 50th data security case the Commission has settled since undertaking its data security program 12 years ago. The Commission issued a statement today reaffirming the basic principles behind the FTC's data security enforcement program.
"What started in 2002 with a single case applying established FTC Act precedent to the area of data security has grown into a vital enforcement program that has helped to increase protections for consumers and has encouraged companies to make safeguarding consumer data a priority," the Commission statement says.
In the case of GMR, the files handled by the company included sensitive information about consumers, including their driver's license numbers, tax information, medical histories, notes from children's medical examinations, medications and psychiatric notes, according to the FTC's complaint.
According to the complaint, GMR's privacy statements and policies promised that "materials going through our system are highly secure and are never divulged to anyone." However, the company never required the individual typists it hired as contractors to implement security measures, such as installing anti-virus software. In addition, an independent service provider GMR hired to transcribe medical files stored and transmitted the files in clear and readable text on a server that was configured so that they could be accessed online by anyone without authentication.
Under the terms of GMR's settlement with the FTC, GMR and its owners are prohibited from misrepresenting the extent to which they maintain the privacy and security of consumers' personal information. They also must establish a comprehensive information security program that will protect consumers' sensitive personal information, including information the company provided to independent service providers. In addition, the company must have the program evaluated both initially and every two years by a certified third party. The settlement will be in force for the next 20 years.
The Commission vote to accept the consent agreement package containing the proposed consent order for public comment was 4-0. The Commission vote to issue the statement also was 4-0. The FTC will publish a description of the consent agreement package in the
NOTE: The Commission issues an administrative complaint when it has "reason to believe" that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to
TNS 30FurigayJof -140201-4623241 30FurigayJof
Most Popular Stories
- Major Phone Makers Sign Anti-Phone-Theft Pledge
- 'Beige Book' Federal Reserve Survey, April 2014: Full Text
- Yahoo Struggles Despite Alibaba Boost
- Chevrolet's Small SUV Coming to the U.S.
- Rapper Cuts Off Own Penis, Jumps Off Building in Failed Suicide
- Cuba Publishes Text of Foreign Investment Law
- Is This Job Too Good to Be True?
- Yellen Remarks, Market Data Give Stocks a Boost
- Castro Named as a Caress Fabulista
- Neil Young Closes Kickstarter Campaign for PonoMusic