The Federal Trade Commission is taking action against medical laboratory services firm LabMD for enabling patient information to be accessible on a peer-to-peer file sharing network, which resulted in identity theft. LabMD vigorously disputes the charges.

In a complaint filed against the Atlanta-based company, FTC alleges that billing information for more than 9,000 patients was found on the network, and information on at least 500 patients were found in the hands of identity thieves.

“The complaint alleges that a LabMD spreadsheet containing insurance billing information was found on a P2P network,” according to an FTC statement. “The spreadsheet contained sensitive personal information for more than 9,000 consumers, including names, Social Security numbers, dates of birth, health insurance provider information and standardized medical treatment codes.”

The complaint charges LabMD with failure to implement or maintain a comprehensive data security program, identify commonly known and reasonably foreseeable risks and vulnerabilities, implement measures to prevent employees from accessing information not needed for their jobs, train employees on security practices, and use measures to prevent and detect unauthorized access.

The FTC alleges that police in Sacramento, Calif., in 2012 found protected information in possession of identity thieves and a number of Social Security numbers were being used or had been used by more than one person with different names. Chief Administrative Law Judge D. Michael Chappell has appointed himself to handle the case.

In a defiant statement, obtained by PHIprivacy.net, LabMD calls the FTC action a witch hunt:

“The Federal Trade Commission’s enforcement action against LabMD based, in part, on the alleged actions of Internet trolls, is yet another example of the FTC’s pattern of abusing its authority to engage in an ongoing witch hunt against private businesses. The allegations in the FTC’s complaint are just that: allegations. LabMD looks forward to vigorously fighting against the FTC’s overreach by seek recourse through the available legal processes. The FTC has repeatedly overstepped its statutory authority under Section 5 of the Federal Trade Commission Act and the FTC does not have the authority to bring this enforcement action.”

The Atlanta Business Chronicle quotes Leslie Rice Melman, assistant general counsel for litigation at FTC, as saying LabMD has been unwilling to provide oral testimony and other documents. LabMD CEO Michael Daugherty told the publication that the company has cooperated and FTC is on a fishing expedition, and that a firm that provides security services for peer-to-peer networks stole the spreadsheet and hounded LabMD to sign a service agreement, which it refused to do.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access