FTC's Case Against LabMD Highlights Corruption in Agency, LabMD Attorneys Say

A decision in the FTC’s case against LabMD is expected within 70 days of closing argument that was held Wednesday (see 1509160051), which would be around Thanksgiving. Attorneys for LabMD said the company’s case against the FTC has “significant legal consequences” and they will continue with the case until a federal court has the final say. They said the FTC colluded with a third-party security company to create a case against LabMD, and the agency changed the legal rules to benefit itself. The FTC didn't comment.

A lot more than whether the FTC finds in favor of LabMD is at stake, but the integrity of the FTC’s process has been exposed, said Dinsmore attorney William Sherman, who represents LabMD. There have been a many irregularities in the agency's process and the case, and the commission has continued to say it doesn’t matter, Sherman said. LabMD was a very effective cancer diagnosis lab whose lifeblood wasn’t data security, but ensuring a more accurate diagnosis, said Dinsmore attorney Reed Rubinstein.

The FTC didn’t care about any of that and “destroyed this business and destroyed the integrity of the agency,” Rubinstein said. The case is “one of the more embarrassing and disgraceful actions” of the agency, he said. LabMD closed during the pendency of the commission's case alleging it had poor data security practices that left some patient information open to theft.

This case spotlights the abuses used in the administrative process by an agency, said LabMD CEO Michael Daugherty. It’s evident in the transcript that Administrative Law Judge Michael Chappell, who heard the case, is constrained by the ALJ court rules the FTC has made for itself, Daugherty said. The agency used witnesses in the case whom his attorneys weren't able to cross examine, and used experts who have “never stepped in a lab,” he said.

If the case were in federal court, it would have been dismissed years ago, Daugherty said. Chappell’s hands are tied in this case and he has conceded things would have gone differently if the case were in a different venue, Dougherty said. Chappell is trying to figure out how to side in favor of LabMD despite all of the constraints put on him, Daugherty said. The FTC determined what the standard was for Chappell, but nowhere does the FTC Act's Section 5 talk about reasonableness, said Rubinstein.

Tiversa, the data security consultancy that told the FTC of LabMD security problems, is the "elephant in the corner" that the FTC is trying to hide "with a tea towel," Rubinstein said. A House Oversight Committee report, released in May after Tiversa whistleblower Richard Wallace testified, criticized the FTC over its relationship with Tiversa in the LabMD case. Wallace testified (see 1505050050) that he was instructed to phish and hack into companies, present the data to the companies and inform them their systems were insecure, so Tiversa could sell its services to a company like LabMD. It’s a classic shakedown operation, said Cause of Action, also representing LabMD.

FTC Overreach?

This is a classic case of government collusion, in this instance with Tiversa, said Cause of Action. The FTC and Tiversa have been in bed together since 2007, a Cause of Action staffer said. If LabMD doesn’t win this case, it means healthcare companies won't have to follow only Department of Health and Human Services rules but FTC rules as well, he said.

Chappell may not be able to consider the FTC’s relationship with Tiversa, but the FTC didn’t present a convincing argument, said the Cause of Action staffer. The agency's closing argument consisted of admitting that it had relied on faulty evidence that had been stolen and manipulated, but also saying it had found wrongdoing and therefore LabMD must be held responsible, he said.

The FTC offered rebuttal to the respondent’s closing argument Wednesday that the Chappell must determine whether Section 5 was violated. “Complaint counsel is not required to demonstrate any breach,” said FTC Privacy and Identity Division Acting Assistant Director Laura VanDruff. “We don’t take a position on the merits of respondent’s argument in Tiversa’s conduct,” VanDruff said. “Did LabMD unreasonably fail to protect the consumer data it collected and did its failures cause or were they likely to cause substantial injury to consumers? The answer to both questions is yes.”

Ex-Commissioner Joshua Wright has been saying for years that once the commission votes out a complaint, the agency’s mind is made up on the issue, Rubinstein said. Wright said the FTC wins 100 percent of cases before ALJs, and when the judge rules in favor of the respondent, the agency always overrules the jurist, Rubinstein said. Wright didn't comment Friday. But while at the FTC, he wrote the unanimous order denying LabMD’s motion to dismiss the case. If the FTC agreed to not bring cases against private companies, it “would greatly restrict the Commission’s ability to protect consumers from unwanted privacy intrusions, fraudulent misuse of their personal information, or even identity theft that may result from businesses’ failure to establish and maintain reasonable and appropriate data security measures,” said the denial.

LabMD unsuccessfully asked the 11th U.S. Circuit Court of Appeals and before that the U.S. District Court in Atlanta to rule the FTC lacks authority to regulate private companies’ data security. The company also unsuccessfully sought to have FTC Chairwoman Edith Ramirez recuse herself from the case, because she participated in the House Oversight investigation of the agency and Tiversa's role in the case. Commissioner Julie Brill recused herself in 2013, after giving speeches whose prepared text had footnotes mentioning LabMD as its case was pending.