News-At-A-Glance: LabMD vs. FTC Update

One more step has been taken toward a resolution in this ongoing HIPAA security case where LabMD, a cancer screening laboratory that is now out of business, has challenged the Federal Trade Commission’s (FTC) authority to enforce the HIPAA security rule. The case is interesting to laboratories because it involves a relatively small laboratory that was the target of the FTC based on evidence provided by a third party with a conflict of interest in the case. Tiversa, a security firm specializing in peer-to-peer file searches, obtained a file that belonged to LabMD, allegedly on a public site called LimeWire. That file, which contained protected health information, is the centerpiece of the FTC’s case, but the circumstances under which it was obtained are questionable. One of the main witnesses in the case, Rick Wallace, an employee at Tiversa, was recently granted immunity in exchange for his testimony. LabMD was ready to move forward with the case, but it has been delayed again. In a court document, Tiversa says that Wallace is not a trustworthy witness. Laboratories should follow developments in this case because the implications, should the FTC lose, could be significant.