A new report published last week by the Federal Trade Commission on the use of big data is relevant to the agency's stance on how such information should be handled with regard to healthcare, according to health attorney David Harlow.
In a recent post to his HealthBlawg, Harlow, who also serves on FierceHealthIT's Editorial Advisory Board, says the agency's advice for companies to determine the legitimacy of their data is just as applicable to healthcare entities as it is to institutions in other industries.
"Companies could be held liable where they sold or otherwise provided data to other companies that they knew, or had reason to know, were going to use the data to perpetrate fraud on consumers," Harlow writes. "Similarly, the FTC is likely to seek to hold companies responsible for sharing health data with other companies that they knew or had a reason to know had inadequate security protections in place."
Two months ago, an administrative law judge dismissed the FTC's data enforcement security case against Atlanta-based cancer screening laboratory LabMD following an alleged 2008 breach on the part of the latter institution. That, however, likely will not serve as a deterrent for the agency, going forward, Harlow says. Case in point: the FTC almost immediately decided to appeal the judge's ruling.
"Given the right set of facts … it is likely that the FTC will continue to take action against healthcare companies with poor data security hygiene where an adequate showing of harm may be made," Harlow writes.
An appeals court ruling last August put more power in the hands of the FTC when it comes to policing corporate cybersecurity. The ruling, by the Third U.S. Circuit Court of Appeals in Philadelphia, allowed the FTC to move forward with a lawsuit against Wyndham Worldwide Corp. in which it alleged that the hotel chain was responsible for three breaches between 2000 and 2010 where hackers allegedly stole hundreds of thousands of credit and debit card numbers.