The LabMD Case and the Evolving Concept of “Reasonable Security”
LabMD, Inc. was a cancer diagnostic testing facility that used medical specimen samples and patient information to provide diagnostic information to health care providers. The company was subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and had a HIPAA compliance program in place that prohibited the downloading of peer-to-peer (P2P) file-sharing applications on company computers. LabMD v. FTC, Case No. 16-16270 (11th Cir. June 6, 2018), at 2. Now defunct as an operating company, LabMD nonetheless exists as a company and continues to protect its information.
In violation of this prohibition, a company billing manager installed LimeWire on a company computer. This P2P software permits users to make computer documents accessible to the larger LimeWire community. The manager made a file containing the personal information of 9,300 consumers (the 1718 File) available to approximately two to five million LimeWire users. The 1718 File included names, dates of birth, Social Security numbers, laboratory diagnostic and testing codes, and for some patients health insurance information.
Original article published by Business Law Today.
© Privacy Counsel LLC 2018-2019. All rights reserved. Legal services provided by Paige Boshell. No representation is made that the quality of the legal services to be performed is greater than the quality of legal services to be performed by other lawyers.
Website by dandelion marketing LLC.