The lab accused the FTC of overstepping its authority and said the agency did not have the Congressional authority to regulate data security practices. The FTC ruled that it has authority over HIPAA-covered entities and that "Congress has never enacted any legislation that, expressely or by implication, forecloses the Commission fro challenging data security measures that it has reason to believe are "unfair...acts or practices."
"The FTC has spent untold taxpayer dollars...usurping power over patient information from the U.S. Department of Health and Human Services." - CEO, LabMDMany believed health data security was regulated only by HIPAA under the Health and Human Services Office of Civil Rights but now have to consider the FTC can take action as well. The FTC claims the lab "Did not use readily available measures to prevent and detect unauthorized access to personal information." One readily available method to detect unauthorized access, even by authorized users, is low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Medical lab says FTC breach probe forced it to close - www.ComputerWorld.com, 01/31/2014