Healthcare Information Security


House Committee hears new FTC v. LabMD arguments

By Patrick Ouellette

- Though the FTC v. LabMD trial has been temporarily put on hold, there is still a war of words going on between the two sides. The House Committee on Oversight and Government Reform governed a three-hour meeting to help determine whether the Federal Trade Commission (FTC) has overreached its jurisdiction during its case against LabMD.

The case was heard by FTC Chief Administrative Law Judge D. Michael Chappell on May 20, but now both sides are waiting on the Oversight Committee to decide whether to grant partial immunity to a former Tiversa Inc. employee and potential key witness. According to the National Law Journal, LabMD has essentially accused Tiversa, a cyber-intelligence vendor, of blackmail after it didn’t use Tiversa’s services to clean up a data breach where there was no data online.

A main sticking point in FTC v. LabMD had been whether, through Section 5 of the FTC Act, the FTC had the authority to determine that a healthcare organization has failed to implement “reasonable” data security safeguards. Specifically, FTC Deputy Director Bureau of Consumer Protection Daniel Kaufman’s deposition earlier this summer revealed that the FTC doesn’t have a comprehensive information security program that it can refer to. But the administrative judge didn’t make FTC go into any detail regarding security standards.

On Thursday, July 24, the House Committee on Oversight and Government Reform met and each side traded barbs. First, LabMD CEO Michael Daugherty said the FTC’s actions will cause future legal issues for care providers. “All Americans should be outraged by the FTC’s unchecked ability to pursue a claim that is not based on any legal standard,” Daugherty said in his testimony before the committee. “If this can happen to LabMD, a cancer detection center, this can happen to anyone. This does nothing to help the constantly-changing cybersecurity landscape.”

On the other side of the spectrum, Woodrow Hartzog, an assistant professor at Stanford University and data privacy specialist, believes the FTC acted within its regulatory rights. “Overall, the overwhelming pattern is that the FTC has acted conservatively, judiciously and consistently,” Herzog told the committee.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...