The LabMD Case and the Evolving Concept of “Reasonable Security”

Jul 16, 2018

LabMD, Inc. was a cancer diagnostic testing facility that used medical specimen samples and patient information to provide diagnostic information to health care providers. The company was subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and had a HIPAA compliance program in place that prohibited the downloading of peer-to-peer (P2P) file-sharing applications on company computers. LabMD v. FTC, Case No. 16-16270 (11th Cir. June 6, 2018), at 2. Now defunct as an operating company, LabMD nonetheless exists as a company and continues to protect its information.

In violation of this prohibition, a company billing manager installed LimeWire on a company computer. This P2P software permits users to make computer documents accessible to the larger LimeWire community. The manager made a file containing the personal information of 9,300 consumers (the 1718 File) available to approximately two to five million LimeWire users. The 1718 File included names, dates of birth, Social Security numbers, laboratory diagnostic and testing codes, and for some patients health insurance information.

> Read Full Story

Original article published by Business Law Today.

Certified Information Privacy Professional (CIPP): USCertified Information Privacy Professional (CIPP): EuropeCertified Information Privacy ManagerRecognized by Best LawyersAlabama State BarMartindale Hubbell AV Preeminent for Etical Standards and Legal AbilityAvvo RatedFellow of Information Privacy (FIP)Privacy Law Specialist (PLS)GDRP Ready