After recently announcing it was winding down its operations as a result of the FTC’s protracted investigation and complaint against it, LabMD voluntarily dismissed its lawsuit against the FTC last week. The chronology might suggest that the two events were related, but two people close to the case say that they are not related.
LabMD’s lawsuit, filed in November in the U.S. District Court in D.C., had challenged the FTC’s authority to enforce data security, arguing, in part, that HIPAA’s provisions meant that only HHS had the authority to enforce data security for covered entities. In December, LabMD filed a motion to stay and petition for review in the Court of Appeals for the Eleventh Circuit.
LabMD’s voluntarily dismissal of their lawsuit in U.S. District Court for D.C. came two days after the Court of Appeals for the 11th Circuit dismissed LabMD’s motion for stay and petition for review. The court dismissed for lack of jurisdiction, noting the court only had authority to review a “cease and desist” order by the FTC. Since there was no such order in this case, the court had no authority to hear the issues raised by LabMD.
Bloomberg Law has uploaded a copy of the notice of voluntary dismissal.
Commenting on the voluntary dismissal, Reed Rubinstein, representing LabMD, gave BNA a statement saying that the move to dismiss the district court case without prejudice was “a procedural, not a substantive, step taken in response to a jurisdictional determination by the Eleventh Circuit.” He reportedly anticipates that the litigation will be refiled elsewhere.
His comment was echoed by someone else close to the case. The dismissal seemingly set up a conflict between the 11th Circuit and the U.S. District Court in D.C.’s interpretation of the appropriate court to challenge FTC over-reach. That source, who asked not to be named, also anticipates that LabMD’s suit challenging FTC’s authority will be re-filed soon.
Both this case and the FTC’s lawsuit against Wyndham continue to be watched closely, as an unfavorable ruling by a court about the FTC’s authority to enforce data security could significantly set both the FTC and consumer advocates back. Out of 50 data security enforcement actions initiated by the FTC, only the Wyndham and LabMD cases haven’t settled and are likely to result in rulings that will be precedential.