The Federal Trade Commission's administrative trial examining the data-security practices of LabMD is on hold, Healthcare Info Security reports.
The action came after the House Committee on Oversight and Government Reform notified the FTC that Tiversa, a peer-to-peer intelligence and security services firm involved in the investigation, possibly gave untruthful information.
The House committee will conduct its own investigation of Tiversa, and said in a letter to FTC Chairwoman Edith Ramirez that the "information provided to the FTC is incomplete and inaccurate."
The FTC alleges the medical testing laboratory exposed thousands of consumers' personal information, including names and Social Security numbers, via billing information accessible through a peer-to-peer file-sharing network.
Tiversa said it discovered a LabMD spreadsheet containing insurance billing information for 9,000 consumers on an unsecured peer-to-peer network in 2008. A second security incident in 2012, named in the FTC case, brought the number of patients believed affected to roughly 10,000.
LabMD, an Atlanta-based cancer-screening laboratory, claimed that the FTC overstepped its statutory authority because the company was a covered entity under HIPAA--and only the Department of Health and Human Services can enforce patient privacy laws. In January, the FTC ruled that HIPAA is not a barrier to its enforcement actions.
The administration trial will determine whether LabMD's data-security practices violated Section 5 of FTC regulations related to unfair business practices.
In May, the FTC issued a report calling on Congress to provide better protections for consumers' personal information. It urged Congress to require data brokers to obtain consumers' consent for data collection and to provide more transparency about how they intend to use that data.
To learn more:
- read the article