07 Nov LabMD Slams ‘Oppressive’ FTC Subpoenas in Data Breach Row

Screen shot 2013-11-07 at 7.20.51 AMLaw360, New York (November 06, 2013, 1:33 PM ET) — LabMD Inc. on Tuesday slammed the Federal Trade Commission over some three dozen third-party subpoenas it has issued in its ongoing investigation of alleged security breaches at the cancer diagnosis firm that the agency claims exposed the private medical information of thousands of consumers.

LabMD characterized the FTC’s move, which it said follows after years of discovery during which the firm has already submitted over 5,000 pages of documents since 2010, as an undermining tactic meant to harm its reputation and sap its financial resources, according to its motion for protective order filed Tuesday to an FTC administrative law judge.

The Atlanta-based company is represented by the Washington-based nonprofit Cause of Action, whose website says it “fights to protect economic opportunity when federal regulations … threaten it,” and which on Tuesday reiterated its challenge to the FTC’s authority to regulate data security practices.

“From the outset of the FTC’s investigation, the commission has exerted authority it does not have to punish a business that has done nothing wrong,” said COA Executive Director Dan Epstein.  “COA has taken up this fight because the commission is abusing its power and destroying a small business, and it must be held accountable for demonstrations such as these burdensome subpoenas.”

The group identifies itself as nonpartisan, but Epstein, who founded the group in 2011, has in the past worked for billionaire libertarian Charles G. Koch’s foundation, which has funded various economic freedom nonprofits. A COA spokeswoman on Tuesday declined to identify its donors, citing privacy concerns.

The FTC brought its suit in August over an alleged data breach when Internet security firm Tiversa Holding Corp. took  a LabMD patient information file and gave it to the FTC after LabMD turned down a business pitch by Tiversa, according to LabMD’s motion.

The FTC has claimed that that LabMD exposed the information of roughly 10,000 consumers in two instances: once when the billing information for thousands of consumers was found on a file-sharing network, and again when LabMD documents containing the private information of some 500 consumers were stolen by identity thieves, according to the agency.

LabMD, whose data security practices are regulated by the U.S. Department of Health and Human services, argues that HHS has never accused it of violating any such security requirements and that the FTC is merely retaliating for LabMD CEO Michael Daugherty’s scathing manifesto against the agency in his new book, “The Devil Inside the Beltway.”

“Nothing else explains why the FTC would issue more than 35 subpoenas at issue here,” LabMD said in its motion. “Instead of standing on the strength (or lack thereof) of its complaint, the FTC seeks to crush LabMD by using its vast resources to harass through abusive discovery tactics.”

LabMD is represented by Reed Rubinstein of Dinsmore & Shohl LLP and Michael D. Pepson of Cause of Action.

The case is In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission.

Read More

18 Sep Critics tell FTC to back off on data security complaints


The agency has no specific data security rules and operates from a vague statute, critics say

The FTC should back away from authority it says it has under a vague section of law that doesn’t mention data security, said the critics, including Mike Daugherty, CEO of Atlanta diagnostic lab LabMD, which is fighting an FTC complaint.

The agency should instead seek specific authority to enforce data security rules from the U.S. Congress and should define what data security standards it expects from companies, instead of seeking sanctions on a case-by-case basis, said speakers during a discussion on FTC authoritysponsored by TechFreedom, an antiregulation think tank, and Cause of Action, a government watchdog group defending LabMD.

The FTC’s complaint against the small lab wasn’t based on established rules that agency officials could point to, Daugherty said.

The FTC, instead of looking for real consumer harm, seems to be saying, “We’re going to take one victim and going to hold them accountable,” said Gerry Stegmeier, a privacy and data security lawyer.


Find more of the story here.

If you enjoyed reading this article, sign up for my newsletter and follow me on:

Facebook |  Twitter  |   Google+  |  Pinterest  |   LinkedIn

The Devil Inside the Beltway can be purchased:

Amazon  |   Kobo  |   B&N   

Read More

14 Mar The Congressional Medical License to Practice Obamacare

Obamacare law

Look at that picture of the Congressional Medical License. Isn’t that impressive? (Some people refer to it as the Obamacare law, but I think my name is more accurate). I sure am glad that all those DC folks went to medical school so they would acutely understand what they were messing with.

Feel better? Think about that when your loved one or, God forbid, even you, are rolling into surgery or getting chemotherapy.  Good thing those politicians have our backs, what with death such a permanent thing and all. After years of seamless government operations and efficiency, it only makes perfect sense that they should challenge themselves with trying to manage our very survival. They do everything else so well, it just seemed like a good time to tackle something that would really give the US Government a stretch. It is also comforting to know that Congress is perfectly capable of policing itself. I hear rumors that incoming congressmen have to take a medical ethics class during orientation; if you ask me, that is just an obvious and smart move.

And the fact that it has been signed by the Medical Director himself, Barack Obama, really makes me sleep well at night. No grand social experiment on us guinea pigs here, oh no. He has years…I mean months…I mean days, of actual “roll up your sleeves” real world experience in oncology, infectious disease, urology, neurosurgery, cardiology, geriatrics, medical devices, pathology, clinical chemistry, pharmaceuticals, emergency medicine, molecular diagnostics, internal medicine, obstetrics, gynecology, and orthopedics.

Nancy Pelosi took an online advanced placement course in medicine and blew away the numbers, so of course she has not seen the Congressional Medical License (said she didn’t need too). However, she still leaned forward enough to lead the charge. When plastic surgery was being debated, our Medical Director and Chief, knowing his limitations and the time bomb he was dealing with, called in Nancy Pelosi for some insight. Ever the penny pincher and not wanting to mess with the face of America, she recommended that plastic surgery not be included in the bill. I love a fiscal conservative.

As the baby boomers get sick and need all these services, like a tsunami coming for the coast, the younger people will just have to pick up the check; they should not worry. By the time they are ready for the gurney all the bugs will be worked out of the system. If they have a problem I am sure they will be able to contact our Medical Director at his Presidential Library in Hawaii. Not sure what he will be able to do, being long gone and all, but he does enjoy listening. After all, that is what Nancy Pelosi said just last week on TV. Really, Google it if you don’t believe me.


 ~ ~ ~


Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.


Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

If you enjoyed this post, you may find these interesting:

Will Obama Sign a Cyber Security Executive Order Despite the Risk?

Read More

12 Nov Will Obama Sign a Cyber Security Executive Order Despite the Risk?


Obama pulled it out. So what is in store for cyber security?

Will Obama now use the executive order to control the internet? There certainly is a love of regulation in the Obama administration. They believe regulation is a solution. They also might not have won had it not been for their great use of technology in executing the ground game.

SOPA. The mere acronym for the Stop Online Piracy Act causes citizens and legislators to shudder. The typically pro-Obama tech crowd turns red with anti-regulation fever when you talk about controlling the internet.  Suddenly big government is terrible when the cheese being moved involves an iPad.

The “executive order” (see circumventing Congress) template that was leaked seems to be a soft ball proposal. It looks like pretty window dressing, but it doesn’t really solve the problem. If Obama signs an executive order, he can only blame himself for the repercussions. While he is a master at dancing around accountability and there are no more elections for him, this involves his “base” in a major way, so I wonder if he will turn the screws.

His cabinet is filled to the brim with big government lovers that think Washington is the center of the universe. Having a politician regulate your internet freedom has become one touchy subject. It looks good on paper as long as somebody else is involved. Once your boat is rocked and the shoe goes on the other foot, the argument seems to tilt right of center. Classic.

 ~ ~ ~


Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More

25 Oct Breaking News: U.S. Chamber of Commerce Publishes Article featuring LabMD and Michael J Daugherty on Cyber Security





FBI Says, Expect to Be Hacked; FTC Says, Expect Us to Sue You

Oct 24, 2012

FBI director Robert Mueller is quoted in a CNN Money story today on the data security crisis now facing American businesses – an issue of particular importance to small businesses:

There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again.

The U.S. Chamber continues to lead efforts to address the data security crisis, by actively engaging in discussions with Congress regarding federal data security and data breach legislation. The Chamber also recently released an Internet security guide, “Internet Security Essentials for Business 2.0.

Unfortunately, the FTC is throwing American businesses who are victims of hacking under the bus by punishing them for not successfully preventing the hacks – in spite of the stark reality described by the FBI’s Robert Mueller.

Take the FTC’s lawsuit against Wyndham Worldwide Corp., which was the victim of a global hacking scheme, as just one recent example of an FTC run amok. I explained the Wyndham case and the FTC’s approach to “regulating” data security in a recent blog post:

Over the last few years, the FTC has routinely punished businesses who are themselves hacking victims for allegedly failing to have “reasonable” data security measures in place – only there’s no way for a business to truly know beforehand what the FTC will consider “reasonable” measure until after it’s been hacked.

Because the FTC has never formally promulgated any data security standards, a business has no way of knowing whether it’s compliant until after it’s been hacked, had its data stolen, completed a costly FTC investigation, and an enforcement action has been filed against it. Then the FTC strong-arms the business into entering into so-called “settlement” agreements (or “consent orders”) that often give the FTC roving and unchecked authority for the next 20 years to conduct audits and impose penalties on the business – again, for violating non-existent data security standards.

The FTC’s approach to data security is particularly damning for small businesses, who often are compelled to divert their time and precious resources on lawyers and litigation, rather than on growing their businesses – and creating jobs.

Take the tale of LabMD, a Georgia-based cancer detection company, as just one example of how the mere allegation of inadequate data security can subject a business to years of expensive FTC investigations and reputational injury – which can derail a small business’s growth agenda, and cost jobs. The Atlanta Business Chronicle reported on this case and interviewed Michael Daugherty, LabMD’s founder and CEO:

Daugherty contends his company is being unreasonably persecuted by the FTC. He said he’s already spent about $500,000 fighting the investigation.

“We are guilty until proven innocent to these people,” Daugherty said in a Sept. 5 interview with Atlanta Business Chronicle. “They are on a fishing expedition. We feel like they are beating up small business.”

“There’s no deception. There’s not been a breach,” he said.

Of course, the initial FTC investigation (which in this case has already cost LabMD half a million dollars) is just the tip of the iceberg. In reference to its investigation, the FTC told the Atlanta Business Chronicle that “[t]here is no allegation that anybody has done anything wrong.”

If that’s the type of treatment and expenses that small businesses can expect to incur even when the FTC claims “there is no allegation that anybody has done anything wrong,” then there is certainly something wrong with how the FTC is conducting its business.

Visit to read more about the FTC v. Wyndham Worldwide Corp, et al. lawsuit and the amicus brief  filed in support of the company by the National Chamber Litigation Center, the U.S. Chamber’s public policy law firm.


Originally published October 24, 2012. Reprinted by permission,, October 2012. Copyright© 2012, U.S. Chamber of Commerce.

~   ~   ~

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More