Feb 242014

After recently announcing it was winding down its operations as a result of the FTC’s protracted investigation and complaint against it, LabMD voluntarily dismissed its lawsuit against the FTC last week. The chronology might suggest that the two events were related, but two people close to the case say that they are not related.

LabMD’s lawsuit, filed in November in the U.S. District Court in D.C., had challenged the FTC’s authority to enforce data security, arguing, in part, that HIPAA’s provisions meant that only HHS had the authority to enforce data security for covered entities. In December, LabMD filed a motion to stay and petition for review in the Court of Appeals for the Eleventh Circuit.

LabMD’s arguments have been rejected by the FTC, who last month denied LabMD’s motion to dismiss its  complaint.

LabMD’s voluntarily dismissal of their lawsuit in U.S. District Court for D.C. came two days after the Court of Appeals for the 11th Circuit dismissed LabMD’s motion for stay and petition for review. The court dismissed for lack of jurisdiction, noting the court only had authority to review a “cease and desist” order by the FTC. Since there was no such order in this case, the court had no authority to hear the issues raised by LabMD.

Bloomberg Law has uploaded a copy of the notice of voluntary dismissal.

Commenting on the voluntary dismissal, Reed Rubinstein, representing LabMD, gave BNA a statement saying that the move to dismiss the district court case without prejudice was “a procedural, not a substantive, step taken in response to a jurisdictional determination by the Eleventh Circuit.” He reportedly anticipates that the litigation will be refiled elsewhere.

His comment was echoed by someone else close to the case. The dismissal seemingly set up a conflict between the 11th Circuit and the U.S. District Court in D.C.’s interpretation of the appropriate court to challenge FTC over-reach. That source, who asked not to be named, also anticipates that LabMD’s suit challenging FTC’s authority will be re-filed soon.

Both this case and the FTC’s lawsuit against Wyndham continue to be watched closely, as an unfavorable ruling by a court about the FTC’s authority to enforce data security could significantly set both the FTC and consumer advocates back.  Out of 50 data security enforcement actions initiated by the FTC, only the Wyndham and LabMD cases haven’t settled and are likely to result in rulings that will be precedential.

Oct 312009

From the why-am-I-not-surprised dept:

At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.

The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed the Commission and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

The Commission previously delayed the enforcement of the Rule for entities under its jurisdiction until November 1, 2009. The Commission staff has continued to provide guidance to entities within its jurisdiction, both through materials posted on the dedicated Red Flags Rule Web site (www.ftc.gov/redflagsrule), and in speeches and participation in seminars, conferences and other training events to numerous groups. The Commission also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form. FTC staff has published numerous general and industry-specific articles, released a video explaining the Rule, and continues to respond to inquiries from the public. To assist further with compliance, FTC staff has worked with a number of trade associations that have chosen to develop model policies or specialized guidance for their members.

On October 30, 2009, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. Today’s announcement that the Commission will delay enforcement of the Rule until June 1, 2010, does not affect the separate timeline of that proceeding and any possible appeals. Nor does it affect other federal agencies’ ongoing enforcement for financial institutions and creditors subject to their oversight.

Source: FTC

Mar 102008

From the FTC:

The Federal Trade Commission will host a workshop on April 24, 2008, to examine recent trends related to health care delivery. This workshop will bring together representatives of physician and healthcare associations, industry, privacy groups, academia, federal and state government, and other experts.

The workshop participants will engage in several panel discussions on competition and consumer protection issues regarding particular health care delivery innovations. These issues include:


Health information technology – Electronic health records have the potential to reduce administrative costs and medical errors due to incomplete or faulty paper records. The Department of Health and Human Services has developed an extensive framework to facilitate the adoption of electronic health records by the medical community, including the certification of particular products for creating and maintaining such records. Private companies, such as popular online consumer sites, have also started offering personal electronic health record services. Electronic access to medical expertise – such as through transfer of diagnostic imaging, real time doctor/patient and doctor/doctor consultation, and remote monitoring – also has the potential to improve the distribution of medical services. One of the primary consumer protection issues for health information technology is patient privacy and the application of current federal and state privacy protections to electronic health records. Concerns about interoperability of electronic record systems and the impact of state laws on interstate electronic consultation and monitoring also implicate competition concerns.

Continue reading »