LabMD and the FTC: Guilty Until Proven Innocent

The Conflict between LabMD and the FTC

The Federal Trade Commission (FTC) charged LabMD with a failure to maintain proper cyber security for our patient records. In the final FTC order, the FTC stated that LabMD “did not employ basic risk management techniques and safeguards such as automated intrusion detection systems, file integrity monitoring software or penetration testing, and failed to monitor traffic coming across its firewalls. Of course, we knew these charges were false. Our networks were monitored electronically, rather than the FTC’s definition of “monitored”, which they believe should be a person watching files and data move across the network.

We had our log files on auto delete after 10 days, so there was no proof of whether we did or did not have any of these things, but this is where the regulators made things up. They didn’t think we had the proper precautions in place, so they charged us with not having them in place. We never got our day in court to rebut these charges, because we were always in their court answering their many inquiries.

It is very difficult to fight back when you’re always only on defense answering to the power of the Federal Government. And you’re all alone.

If It Bleeds, It Leads. But If Not…

When you’re not famous or you’re not a Fortune 500 company, the media simply ignores you. Furthermore, in such cases, the media doesn’t do any investigative work. If it’s not a front page story, you won’t get any media coverage. This lack of reporting was a constant problem because when you say “we didn’t do it”, they might report it, but they don’t believe you and neither does anyone else.

Your name is tarnished based on allegations made by the Federal Government, rather than proof that you did anything wrong. You are, by definition in the court of public opinion, guilty until proven innocent.

The Final Word in Our Favor: Too Late

After 8 years, the 11th circuit came out with their written ruling. Who reads court rulings except for those directly impacted? Furthermore, who reads the most important part of the ruling when it is in the Footnotes of the ruling? Below are the two footnotes from our victorious ruling over the FTC:

  1. LabMD’s program included a compliance program, training, firewalls, network monitoring, password controls, access controls, antivirus and security related inspection.
  2. The record is not clear but we assume the billing manager installed the peer to peer sharing app on her workstation computer.

Nobody Challenges the Federal Government

The truth was finally printed, ten years after the FTC began its systematic destruction of the company called LabMD. Federal regulators had lied and exploited our company. It was in the record – pictures of everything as proof of our actual policies and practices. But nobody reads the record. Nobody doubts the government. They just report what the government says, and the government agencies know this.

So, when the FTC judge ruled that we had the proper systems, policies, and procedures in place, the FTC commissioners overturned it. The commissioners ruled exactly the opposite, when it was all there all the time, in black and white, on the record.

It took years to get the court to say it. Meanwhile LabMD’s reputation is trashed and market doubt is created, while the lawyers make money off of the conflict. Nobody is paying attention any longer because it’s been 10 years. However, we were right: we had all the policies, practices, and procedures that the government said we did not have.

LabMD was destroyed based on the false accusations of a Federal Government Agency.

Leave a Reply

Your email address will not be published. Required fields are marked *