law

unnamed

04 May The Judge Made Them Do It

unnamed

So the headline read “FTC told to disclose the data security standards it uses for breach enforcement”, and I thought to myself, “This is a headline? The government agency that wants to police the business world feels so superior that it required a judge to make them disclose what standards are required? No wonder it has taken the world so long to pay attention to this. It sounds unbelievable. How can we comply in the dark?” Well, believe it. This is the arrogance of the US Government Regulatory Regime.

And that, my friends, is the bottom line. I don’t mind complying. I embrace protecting our patients. However, I do not appreciate a power hungry government agency refusing to deal with the reality that technology is changing at an incredibly fast pace and until they, the self-appointed rulers of the consumer protection world, declare what is to be done, then they need to back off.

The FTC plays games. They play bad, damaging, lawyer games. The FTC displays their sociopathic exploitation of a medical facility, asks for forgiveness later, and drains the life blood out of organizations that fight them, all to strike terror in the hearts of everyone else that may consider a battle. They have the audacity to state they don’t need to declare data security rules or standards. They are nothing more than masters of silence and confusion. Justice is a mockery at the Federal Trade Commission.  All they are doing is shopping for heads to place on spikes.

This is what bad, coddled, and sheltered government lawyers do. They play games with words and laws. They argue, cajole, debate and drain. It is all about power to the FTC. They are aiming to intimidate the majority of businesses into rolling over before they get to court. They are scheming to keep their power to bully.

When an ignorant yet powerful bureaucrat with one nasty attitude came knocking on our door with not a shred of concern with what they are doing to medicine, patients, and practitioners, the line in the sand had been drawn. This is a battle worth fighting because it rips the mask off these liars and shows the world exactly what the FTC is. A bunch of puffed up bullies that require a judge to tell the world what standards we are to meet. A four year battle raged that has cost millions of dollars all to make the FTC  fight fair. I am sure they chuckle and how much it took for such a basic requirement.

This is not the end of the game. This is just the end of an inning. I have more of their game to show you. This is the game that Congress created. This is the game that judges and lawyers in DC play. This is the dirty secret game that scares so many into submission so you never hear the cries of the dead. These are bullies created by a lazy political and judicial system that think the intent of the Founding Fathers to separate government powers is an annoying obstacle to the regulatory work they have to do. To hell with civil rights and proper notice, they have consumers to save.

And that “they have consumers to save” mantra is the propaganda they crow out at every Congressional hearing and public meeting they attend. But behind the mask is a bunch of zealots with precious little experience in the private sector. They are drowning in their adolescent attitude that business is evil. They just know it is so bad out here that they have to slap a head on the spike of one company to scare the masses into submission.

Through fate that head turned out to be mine. The FTC is so outrageous and ripe for corruption that I had no choice to fight back. So far it has cost LabMD its life. I hope you will pay attention to the rest of their game so the death of LabMD is not in vain. Once one head on a spike is placed on the roof of 600 Pennsylvania Avenue they just start looking for another…until we see them for what they are and the executioners lose their ax.

Read More

03 May FTC told to disclose the data security standards it uses for breach enforcement

Screen shot 2014-05-03 at 8.07.23 AM

As reported in Computerworld yesterday, there was a legal decision handed down  in favor of  LabMD.  See a short quote of the article from Computerworld below and to read the whole post, click HERE.

 

The Federal Trade Commission (FTC) can be compelled to disclose details of the data security standards it uses to pursue enforcement action against companies that suffer data breaches, the agency’s chief administrative law judge ruled Thursday.

The decision came in response to a motion filed by LabMD, a now-defunct medical laboratory that has been charged by the FTC with unfair trade practices for exposing sensitive information belonging to 10,000 patients in 2010.

LabMD has accused the FTC of holding it to data security standards that do not exist officially at the federal level. It has maintained that the agency must publicly disclose the data security standards it uses to determine whether a company has reasonable security measures in place.

The FTC argued that it should not be required to disclose the legal or other standards it uses to determine whether a company’s data security practices are unfair or not under Section 5 (a) of the FTC Act.

In a six-page ruling, the FTC’s chief administrative law judge, Michael Chappell, nixed that argument and held that the Commission can indeed be compelled to disclose the information in the LabMD case.

The official response to yesterday’s ruling:

LabMD, a medical facility, is cautiously optimistic that the FTC will be forced to step into an era of fairness and transparency in notifying the business community, both large and small, what their data security standards are. LabMD still strongly objects to the FTC’s overreach into the medical regulatory environment overseen by HHS via HIPAA.

Read More

07 Nov LabMD Slams ‘Oppressive’ FTC Subpoenas in Data Breach Row

Screen shot 2013-11-07 at 7.20.51 AMLaw360, New York (November 06, 2013, 1:33 PM ET) — LabMD Inc. on Tuesday slammed the Federal Trade Commission over some three dozen third-party subpoenas it has issued in its ongoing investigation of alleged security breaches at the cancer diagnosis firm that the agency claims exposed the private medical information of thousands of consumers.

LabMD characterized the FTC’s move, which it said follows after years of discovery during which the firm has already submitted over 5,000 pages of documents since 2010, as an undermining tactic meant to harm its reputation and sap its financial resources, according to its motion for protective order filed Tuesday to an FTC administrative law judge.

The Atlanta-based company is represented by the Washington-based nonprofit Cause of Action, whose website says it “fights to protect economic opportunity when federal regulations … threaten it,” and which on Tuesday reiterated its challenge to the FTC’s authority to regulate data security practices.

“From the outset of the FTC’s investigation, the commission has exerted authority it does not have to punish a business that has done nothing wrong,” said COA Executive Director Dan Epstein.  “COA has taken up this fight because the commission is abusing its power and destroying a small business, and it must be held accountable for demonstrations such as these burdensome subpoenas.”

The group identifies itself as nonpartisan, but Epstein, who founded the group in 2011, has in the past worked for billionaire libertarian Charles G. Koch’s foundation, which has funded various economic freedom nonprofits. A COA spokeswoman on Tuesday declined to identify its donors, citing privacy concerns.

The FTC brought its suit in August over an alleged data breach when Internet security firm Tiversa Holding Corp. took  a LabMD patient information file and gave it to the FTC after LabMD turned down a business pitch by Tiversa, according to LabMD’s motion.

The FTC has claimed that that LabMD exposed the information of roughly 10,000 consumers in two instances: once when the billing information for thousands of consumers was found on a file-sharing network, and again when LabMD documents containing the private information of some 500 consumers were stolen by identity thieves, according to the agency.

LabMD, whose data security practices are regulated by the U.S. Department of Health and Human services, argues that HHS has never accused it of violating any such security requirements and that the FTC is merely retaliating for LabMD CEO Michael Daugherty’s scathing manifesto against the agency in his new book, “The Devil Inside the Beltway.”

“Nothing else explains why the FTC would issue more than 35 subpoenas at issue here,” LabMD said in its motion. “Instead of standing on the strength (or lack thereof) of its complaint, the FTC seeks to crush LabMD by using its vast resources to harass through abusive discovery tactics.”

LabMD is represented by Reed Rubinstein of Dinsmore & Shohl LLP and Michael D. Pepson of Cause of Action.

The case is In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission.

Read More
file9791234819983

18 Sep Critics tell FTC to back off on data security complaints

 

The agency has no specific data security rules and operates from a vague statute, critics say

The FTC should back away from authority it says it has under a vague section of law that doesn’t mention data security, said the critics, including Mike Daugherty, CEO of Atlanta diagnostic lab LabMD, which is fighting an FTC complaint.

The agency should instead seek specific authority to enforce data security rules from the U.S. Congress and should define what data security standards it expects from companies, instead of seeking sanctions on a case-by-case basis, said speakers during a discussion on FTC authoritysponsored by TechFreedom, an antiregulation think tank, and Cause of Action, a government watchdog group defending LabMD.

The FTC’s complaint against the small lab wasn’t based on established rules that agency officials could point to, Daugherty said.

The FTC, instead of looking for real consumer harm, seems to be saying, “We’re going to take one victim and going to hold them accountable,” said Gerry Stegmeier, a privacy and data security lawyer.

 

Find more of the story here.

If you enjoyed reading this article, sign up for my newsletter and follow me on:

Facebook |  Twitter  |   Google+  |  Pinterest  |   LinkedIn

The Devil Inside the Beltway can be purchased:

Amazon  |   Kobo  |   B&N   

Read More

14 Mar The Congressional Medical License to Practice Obamacare

Obamacare law

Look at that picture of the Congressional Medical License. Isn’t that impressive? (Some people refer to it as the Obamacare law, but I think my name is more accurate). I sure am glad that all those DC folks went to medical school so they would acutely understand what they were messing with.

Feel better? Think about that when your loved one or, God forbid, even you, are rolling into surgery or getting chemotherapy.  Good thing those politicians have our backs, what with death such a permanent thing and all. After years of seamless government operations and efficiency, it only makes perfect sense that they should challenge themselves with trying to manage our very survival. They do everything else so well, it just seemed like a good time to tackle something that would really give the US Government a stretch. It is also comforting to know that Congress is perfectly capable of policing itself. I hear rumors that incoming congressmen have to take a medical ethics class during orientation; if you ask me, that is just an obvious and smart move.

And the fact that it has been signed by the Medical Director himself, Barack Obama, really makes me sleep well at night. No grand social experiment on us guinea pigs here, oh no. He has years…I mean months…I mean days, of actual “roll up your sleeves” real world experience in oncology, infectious disease, urology, neurosurgery, cardiology, geriatrics, medical devices, pathology, clinical chemistry, pharmaceuticals, emergency medicine, molecular diagnostics, internal medicine, obstetrics, gynecology, and orthopedics.

Nancy Pelosi took an online advanced placement course in medicine and blew away the numbers, so of course she has not seen the Congressional Medical License (said she didn’t need too). However, she still leaned forward enough to lead the charge. When plastic surgery was being debated, our Medical Director and Chief, knowing his limitations and the time bomb he was dealing with, called in Nancy Pelosi for some insight. Ever the penny pincher and not wanting to mess with the face of America, she recommended that plastic surgery not be included in the bill. I love a fiscal conservative.

As the baby boomers get sick and need all these services, like a tsunami coming for the coast, the younger people will just have to pick up the check; they should not worry. By the time they are ready for the gurney all the bugs will be worked out of the system. If they have a problem I am sure they will be able to contact our Medical Director at his Presidential Library in Hawaii. Not sure what he will be able to do, being long gone and all, but he does enjoy listening. After all, that is what Nancy Pelosi said just last week on TV. Really, Google it if you don’t believe me.

 

 ~ ~ ~

MichaelDaugherty-PBBAdvisoryBoard

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

 

Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

If you enjoyed this post, you may find these interesting:

Will Obama Sign a Cyber Security Executive Order Despite the Risk?

Read More

12 Nov Will Obama Sign a Cyber Security Executive Order Despite the Risk?

 

Obama pulled it out. So what is in store for cyber security?

Will Obama now use the executive order to control the internet? There certainly is a love of regulation in the Obama administration. They believe regulation is a solution. They also might not have won had it not been for their great use of technology in executing the ground game.

SOPA. The mere acronym for the Stop Online Piracy Act causes citizens and legislators to shudder. The typically pro-Obama tech crowd turns red with anti-regulation fever when you talk about controlling the internet.  Suddenly big government is terrible when the cheese being moved involves an iPad.

The “executive order” (see circumventing Congress) template that was leaked seems to be a soft ball proposal. It looks like pretty window dressing, but it doesn’t really solve the problem. If Obama signs an executive order, he can only blame himself for the repercussions. While he is a master at dancing around accountability and there are no more elections for him, this involves his “base” in a major way, so I wonder if he will turn the screws.

His cabinet is filled to the brim with big government lovers that think Washington is the center of the universe. Having a politician regulate your internet freedom has become one touchy subject. It looks good on paper as long as somebody else is involved. Once your boat is rocked and the shoe goes on the other foot, the argument seems to tilt right of center. Classic.

 ~ ~ ~

 

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More

25 Oct Breaking News: U.S. Chamber of Commerce Publishes Article featuring LabMD and Michael J Daugherty on Cyber Security

 

 

Link: http://www.freeenterprise.com/technology/fbi-says-expect-be-hacked-ftc-says-expect-us-sue-you?nostyle=true.

Reprint:

FBI Says, Expect to Be Hacked; FTC Says, Expect Us to Sue You

Oct 24, 2012

FBI director Robert Mueller is quoted in a CNN Money story today on the data security crisis now facing American businesses – an issue of particular importance to small businesses:

There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again.

The U.S. Chamber continues to lead efforts to address the data security crisis, by actively engaging in discussions with Congress regarding federal data security and data breach legislation. The Chamber also recently released an Internet security guide, “Internet Security Essentials for Business 2.0.

Unfortunately, the FTC is throwing American businesses who are victims of hacking under the bus by punishing them for not successfully preventing the hacks – in spite of the stark reality described by the FBI’s Robert Mueller.

Take the FTC’s lawsuit against Wyndham Worldwide Corp., which was the victim of a global hacking scheme, as just one recent example of an FTC run amok. I explained the Wyndham case and the FTC’s approach to “regulating” data security in a recent blog post:

Over the last few years, the FTC has routinely punished businesses who are themselves hacking victims for allegedly failing to have “reasonable” data security measures in place – only there’s no way for a business to truly know beforehand what the FTC will consider “reasonable” measure until after it’s been hacked.

Because the FTC has never formally promulgated any data security standards, a business has no way of knowing whether it’s compliant until after it’s been hacked, had its data stolen, completed a costly FTC investigation, and an enforcement action has been filed against it. Then the FTC strong-arms the business into entering into so-called “settlement” agreements (or “consent orders”) that often give the FTC roving and unchecked authority for the next 20 years to conduct audits and impose penalties on the business – again, for violating non-existent data security standards.

The FTC’s approach to data security is particularly damning for small businesses, who often are compelled to divert their time and precious resources on lawyers and litigation, rather than on growing their businesses – and creating jobs.

Take the tale of LabMD, a Georgia-based cancer detection company, as just one example of how the mere allegation of inadequate data security can subject a business to years of expensive FTC investigations and reputational injury – which can derail a small business’s growth agenda, and cost jobs. The Atlanta Business Chronicle reported on this case and interviewed Michael Daugherty, LabMD’s founder and CEO:

Daugherty contends his company is being unreasonably persecuted by the FTC. He said he’s already spent about $500,000 fighting the investigation.

“We are guilty until proven innocent to these people,” Daugherty said in a Sept. 5 interview with Atlanta Business Chronicle. “They are on a fishing expedition. We feel like they are beating up small business.”

“There’s no deception. There’s not been a breach,” he said.

Of course, the initial FTC investigation (which in this case has already cost LabMD half a million dollars) is just the tip of the iceberg. In reference to its investigation, the FTC told the Atlanta Business Chronicle that “[t]here is no allegation that anybody has done anything wrong.”

If that’s the type of treatment and expenses that small businesses can expect to incur even when the FTC claims “there is no allegation that anybody has done anything wrong,” then there is certainly something wrong with how the FTC is conducting its business.

Visit ChamberLitigation.com to read more about the FTC v. Wyndham Worldwide Corp, et al. lawsuit and the amicus brief  filed in support of the company by the National Chamber Litigation Center, the U.S. Chamber’s public policy law firm.

 

Originally published October 24, 2012. Reprinted by permission, http://www.freeenterprise.com, October 2012. Copyright© 2012, U.S. Chamber of Commerce.

~   ~   ~

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More