Governance & Risk Management , Privacy , Standards, Regulations & Compliance

LabMD's FTC Trial to Resume in March

A long-delayed Federal Trade Commission administrative trial on the data security practices of medical testing firm LabMD is slated to resume on March 3.

The FTC trial - also called an evidentiary hearing - that began last May has been on hold since June as a number of other legal issues related to the case were disputed.

See Also: EU-US Data Privacy Framework: Your Questions Answered

Additionally, the Eleventh Circuit federal court last week affirmed a district court's earlier dismissal of LabMD's challenge that the FTC lacks subject-matter jurisdiction in the case. The Eleventh Circuit court ruled that LabMD must first wait for the FTC to make a decision in its administrative trial before a federal court can review the matter. The trial is slated to consider such issues as whether the FTC should move forward with an enforcement order against LabMD related to the lab's data security practices.

The FTC's Complaint

The FTC filed a complaint against LabMD in August 2013, alleging the Atlanta-based lab firm failed to protect consumer health data in two separate incidents. The FTC alleges the incidents - including one allegedly discovered by Tiversa, a peer-to-peer security firm that's at the center of the dispute - collectively exposed the personal information of approximately 10,000 consumers.

The commission had proposed an order against LabMD that would "require the company to implement a comprehensive information security program, and have that program evaluated every two years by an independent, certified security professional for the next 20 years. The order would also require the company to provide notice to consumers whose information LabMD has reason to believe was or could have been accessible to unauthorized persons and to consumers' health insurance companies."

LabMD has argued that the FTC was overstepping its authority in the data security investigation, and the lab firm has taken a number of legal actions over the last year to refute the FTC's case.

Legal Maneuvers

Meanwhile, after a number of other legal moves in recent months, a key witness in the case - a former Tiversa employee - has been granted immunity to testify in the FTC evidentiary hearing once it resumes on March 3.

Tiversa in 2008 allegedly found a LabMD spreadsheet containing insurance billing information for 9,000 individuals on a peer-to-peer network. The former Tiversa employee testified before the House Committee on Oversight and Government Reform in a closed session last year. That testimony resulted in questions about the accuracy and legitimacy of information that Tiversa allegedly supplied to the FTC about the data security of companies, including LabMD, against which the FTC subsequently took enforcement action, former committee chair Darrell Issa, R-Calif., said during during a hearing into FTC data security enforcement practices last July (see Examining FTC's Data Security Enforcement).

New Lawsuit

While awaiting resumption of the FTC proceedings, LabMD on Jan 21 filed a new lawsuit against Tiversa and its top executives, including CEO Robert Boback.

In its complaint, LabMD is seeking action "to recover millions of dollars in damages that defendants [Tiversa] intentionally caused to LabMD through a multi-year, nationwide, continuing racketeering scheme and conspiracy, which decimated LabMD, a privately owned cancer testing facility."

"LabMD employed approximately 40 medical professionals, but, as a result of defendants' actions, it is now nothing more than an insolvent shell of a company," the complaint says.

LabMD CEO Michael Daugherty testified to the House committee last summer that due to the costs of fighting its FTC case, his company was forced to shut down most of its operations early last year.

LabMD had filed a suit against Tiversa previously, but that case was dismissed due to jurisdictional issues (see Latest Legal Twists In FTC, LabMD Saga).