On Monday, May 16, 2016, the Supreme Court of the United States issued its highly anticipated opinion in Spokeo, Inc. v. Robins, a case that examined the question of whether a plaintiff who ...25 May 2016
LabMD Blames its Shutdown on FTC Legal Battle over Security Protections
In August 2013, the FTC filed an administrative complaint charging LabMD with violating Section 5 of the FTC Act based on allegations that the company failed to implement reasonable and appropriate security protections for consumers’ personal information, including medical information (read our prior post for more details on the complaint). LabMD aggressively fired back this past November, filing a motion to dismiss the administrative complaint. At the core of LabMD’s defense was the argument that the FTC lacked authority to regulate the company’s data security practices because LabMD (as a covered entity) was subject to the security requirements of the Health Insurance Portability and Accountability Act (HIPAA).
LabMD, a medical testing laboratory, maintains that Congress gave the Department of Health and Human Services sole authority to regulate the security of health information under HIPAA and other health privacy laws, and hence the FTC never should have brought an enforcement action against LabMD based on allegations of deficient security controls in the first place. In an order issued on January 16, the FTC denied LabMD’s motion to dismiss the administrative complaint and emphasized the agencies broad authority to define and regulate unfair acts and practices under Section 5, including the practices of HIPAA-regulated entities.
The FTC’s dismissal of LabMD’s motion confirms that the agency does not view HIPAA as a shield against Section 5 and the agency’s enforcement authority. The decision could have far-reaching implications for entities governed by HIPAA. The LabMD case makes clear that the HIPAA Security Rule is not the only standard to consider when covered entities and business associates are managing organizational security risks, and suggests that the FTC’s increased focus on the protection of health data will continue.
Adam Solomon, an associate in our Washington, D.C. office, assisted in the preparation of this entry.
The benefits of using Unmanned Aircraft Systems (UAS) for tasks from catastrophe response to infrastructure inspection to construction site monitoring, and everything in between, are great. ...19 May 2016
The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...02 May 2016