It is a bittersweet victory for Michael J. Daugherty, founder and CEO of the now-defunct medical testing laboratory LabMD. Last week an administrative law judge dismissed a Federal Trade Commission data security complaint against his former Atlanta-based company.

The FTC alleged that LabMD violated the FTC Act by failing to employ reasonable and appropriate measures to prevent unauthorized access to consumers’ personal information. However, Chief Administrative Law Judge D. Michael Chappell found that the FTC’s complaint counsel had failed to prove that LabMD’s alleged failure to employ reasonable data security constitutes an unfair trade practice. In addition, the complaint counsel failed to prove that the allegedly unreasonable conduct caused or was likely to cause substantial injury to consumers.

The administrative judge dismissed purported evidence from data security vendor Tiversa that claimed to have found personal data from LabMD on multiple peer-to-peer networks including some belonging to identity thieves. The judge deemed the evidence as unreliable and not credible, and found that it was outweighed by credible contrary testimony from a former Tiversa employee. 

“At best, complaint counsel has proven the ‘possibility’ of harm, but not any ‘probability’ or likelihood of harm.  Fundamental fairness dictates that demonstrating actual or likely substantial consumer injury under Section 5(n) [of the FTC Act] requires proof of more than the hypothetical or theoretical harm that has been submitted by the government in this case,” the 92-page initial decision states.

Also See: FTC Approves Final Orders in Consumer Privacy Case

The judge’s initial decision is subject to review by the full Federal Trade Commission and the agency could appeal it.

The decision comes too late for Atlanta-based LabMD, which announced in January 2014 that was forced to go out of business due to the “debilitating effects” of the FTC’s investigative practices and litigation.

LabMD—which had about 40 employees at its peak of operations—is a cautionary tale for other healthcare companies, Daugherty says. “We did nothing wrong, and yet we were treated like we were guilty until we were proven innocent.”

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access