Today marks the end of week two of trial testimony in the Federal Trade Commission’s complaint against LabMD for ‘unfair’ trade practices.
According to its website, if the Federal Trade Commission’s mission is to protect consumers, how does relentlessly pursuing an investigation for unfair trade practices against a cancer detection lab, resulting in the lab closing its doors, protect consumers, and what exactly is it the FTC considers unfair about LabMD’s trade practices?
According to the complaint, the FTC alleges LabMD failed to employ reasonable and appropriate data security practices to prevent unauthorized access to patient’s personal information.
The FTC’s complaint is based on an incident occurring in 2008, where a LabMD file [dubbed the 1718 file], containing patient information was ‘discovered’ by cyber security firm, Tiversa.
Tiversa notified LabMD of the 1718 ‘discovery in May 2008, but refused to divulge details on how the file was obtained until LabMD entered into a service contract. When LabMD refused to hire Tiversa, they were notified Tiversa planned to turn over the 1718 file to the Federal Trade Commission, and in 2010 the FTC’s investigation of LabMD commenced.
- Never mind the cyber security firm would not inform LabMD how it obtained the file unless they were hired to help LabMD prevent future occurrences
- Never mind LabMD could find no other copy of the 1718 file further exposed
- Never mind the FTC agrees LabMD is considered a covered entity under HIPAA and governed by Health and Human Services who sets ‘best practices’ for cyber security for HIPAA covered entities
- Never mind LabMD met or exceeded cyber security requirements as set forth by Health and Human Services
- Never mind the FTC agreed Tiversa’s discovery of the 1718 file did not in and of itself constitute a data breach requiring patient notification
- Never mind LabMD is not accused of violating any statute or law yet has spent more than $500,000 and over three years fighting the very agency meant to protect consumers without ‘unduly burdening legitimate business activity’
- Never mind Congress and the media have turned a blind eye to the only person who has been willing to fight the overreach of the FTC instead doing what others have done before him, sign a consent decree allowing the Federal Government to audit his business for the next twenty years
I hail from Atlanta, Georgia, home to LabMD headquarters and have been following the case since first reading about it in Amy Wenk’s story for the Atlanta Business Chronicle, Atlanta Medical Lab Facing Off Against FTC.
I am not an investigative journalist, nor do I play one on TV, but apparently my years of watching Dateline and 48 Hours provide an uncanny ability to recognize what highly trained journalists seem to miss, a story worthy of investigation.
While LabMD’s CEO Michael J. Daugherty has done his best to gain the attention of the media and congress, his pleas fell on deaf ears, even after the release of his book Devil Inside the Beltway chronicling his experience with Tiversa and the FTC.
So many questions remain unanswered, and one wonders whether investigative journalists could have helped prior to LabMD shutting its doors. Questions such as:
- How did Tiversa come to discover LabMD’s 1718 file
- How does Homeland Security’s commission of the Dartmouth University study, Data Hemorrhages in the Healthcare Sector tie into this case where LabMD’s 1718 file is referenced?
- When LabMD refused to hire Tiversa to learn how they ‘discovered’ the 1718 file, how exactly did the file land in the hands of the FTC?
- Why is Tiversa not investigated for unfair business s practices?
- What authority does the FTC have to hold LabMD or any other company to a comprehensive data security standard when they are governed by a separate regulatory body and how is a company to meet the FTC’s comprehensive data security standard when no written guidance on what the FTC considers comprehensive or acceptable is in place?
- How fair is the FTC’s practice of being able to choose whether it will bring its complaint against a business in the Federal court system or the FTC’s administrative court where the FTC serves as arresting officer, prosecutor, judge and jury with a success rate of 100%?
- Who should be held accountable for running a cancer detection lab out of business?
- The FTC for what one may call a power grab?
- Congress, who cedes power to regulatory bodies to enforce overly broad laws allowing unelected bureaucrats to enforce them in a manner exactly opposite of the law’s intent
- The media, whose investigative journalism wing will discover yet another story where they could have done the legwork, helped a small business and exposed DC corruption, but instead will opine, lead from behind and find out about case details when LabMD’s trial concludes and the first press conference is held.