LabMD seeks stay from FTC in security enforcement case

LabMD is seeking a stay of the Federal Trade Commission’s decision to overrule an administrative judge’s dismissal of the case against the Atlanta-based laboratory.

The stay would halt further legal process while LabMD appeals the case, according to Bethany Rupert, of law firm King & Spalding, in a post at JD Supra.

The issue goes back to 2008, when security services firm Tiversa said it discovered a LabMD spreadsheet containing insurance billing information for 9,000 consumers on an unsecured peer-to-peer network. A second security incident in 2012, named in the FTC case, brought the number of patients believed affected to roughly 10,000.

D. Michael Chappell, chief administrative law judge for the FTC, dismissed the case in November, stating that the federal agency failed to prove LabMD’s actions had harmed consumers.

The agency immediately filed an appeal, and in August voted unanimously to overrule that decision, maintaining that the judge applied the wrong legal standard in the case. Chairwoman Edith Ramirez said in the panel’s opinion that the company failed to take even basic precautions to protect sensitive consumer information.

LabMD is challenging the FTC’s contention that the “unfairness” standard applies without proof there’s a high probability of economic or physical harm to consumers.

Specifically, the lab company said the agency's opinion is contrary to plain language in section 5(n), “which requires proof that an ‘act or practice causes or is likely to cause substantial injury to consumers’ before ‘unfairness’ liability may be imposed," according to Rupert.