News

12 May Kind of Like a Funeral

Screen shot 2014-05-11 at 7.54.37 PM

 

It is kind of like a funeral…people don’t know what to say.

 

“Oh hi Mike, how are you holding up?”

 

I get this a lot. I know people don’t know what to say. They are trying their best to be supportive. This is why I didn’t want anyone that knows about this to pity me, but I did want people to be outraged and enlightened. Hence, I wrote the book, The Devil Inside the Beltway.

 

At the same time there are moments when I want to say,

How the hell do you think I am doing? The government pounds you, the judges are hard to reach, the congressman look like deer in the headlights, and the silence from those one would think would be outraged is deafening (business organizations and national media). Pretty amazing stuff. I think they have become numb and immune to the all too frequent corruption and gamesmanship from Washington, DC.

 

Nobody can you look you in the eye and lie better than the current DC crowd of bureaucrats and politicians. That is a chilling discovery, albeit not surprising. What is a bit surprising is what has to occur before people really take action. At this point I feel like road kill that people slow down to look at, but don’t get out of their cars to assist. They don’t want to stick around and look at such ugliness. Best pretend this is just a fluke and keep driving.

 

But this isn’t a fluke. I am just lifting the lid off of one coffin but the government has buried many other coffins, and as I have said before, the dead can’t really scream well.

 

So you have to look, you have to learn, you have to get involved. I guess more is going to have to come out for the media to slam on their brakes, pay attention and do their independent homework. You want more dirty laundry? Duly noted.

 

The Administrative hearing starts May 20, 2014. You are going to be quite disturbed at how far the deck in slanted in the FTC’s favor in administrative court. You won’t be surprised though. I think everyone is pretty sick and tired of these bullies, but I guess you need more specific examples. Ok then, please stand by.

Read More

07 May Unfair enforcement? FTC vs. LabMD – Excerpts from original post on PHIprivacy.net

Screen shot 2014-05-07 at 6.32.26 AMIs the Federal Trade Commission (FTC) – the agency that is supposed to protect consumers from unfair business practices – itself engaging in unfair practices in its treatment of LabMD?  Who protects us from over-zealous regulators?

This week PHIprivacy.net has written an outstanding post on the FTC and their enforcement of nebulous standards. Please enjoy some choice excerpts and click HERE to read the full post.

Refusal to Cave Costs LabMD Their Business

Rather than comply with what it considered unwarranted and unreasonable demands, LabMD decided to fight the FTC. The FTC action resulted in them losing their insurance, incurring approximately $500,000 in costs (so far), and ultimately, losing their business under the crushing burden of the litigation.

Is it good for patient privacy and data security to have a lab that HHS never investigated  – because there was no reportable breach and HHS received no complaints about the incident – fold under the extraordinary financial burden of an FTC investigation?  I don’t see how. Yes, the second data security incident involving LabMD day sheets may have been associated with consumer/patient harm if the information was used for identity theft or fraud, but unless the FTC plans to investigate tons of cases where copies of paper records with PII or PHI are found in possession of criminals, what was and is the point of its investigation and complaint against LabMD – a process that it initiated well before it even knew about the day sheets incident?

 

Even if FTC were to drop its complaint against LabMD – and in the interests of genuine fairness, I think it should – LabMD has already been destroyed. Sadly, the agency tasked with preventing unfair practices has itself seemingly engaged in unfair practices here. How can the business they have harmed be made whole again if objective people look at the situation as it was in 2008 and agree that there was no fair notice, no harm reported by patients, and that LabMD’s data security program and policies were consistent with standard practice for that time and type of organization?

Read More

03 May FTC told to disclose the data security standards it uses for breach enforcement

Screen shot 2014-05-03 at 8.07.23 AM

As reported in Computerworld yesterday, there was a legal decision handed down  in favor of  LabMD.  See a short quote of the article from Computerworld below and to read the whole post, click HERE.

 

The Federal Trade Commission (FTC) can be compelled to disclose details of the data security standards it uses to pursue enforcement action against companies that suffer data breaches, the agency’s chief administrative law judge ruled Thursday.

The decision came in response to a motion filed by LabMD, a now-defunct medical laboratory that has been charged by the FTC with unfair trade practices for exposing sensitive information belonging to 10,000 patients in 2010.

LabMD has accused the FTC of holding it to data security standards that do not exist officially at the federal level. It has maintained that the agency must publicly disclose the data security standards it uses to determine whether a company has reasonable security measures in place.

The FTC argued that it should not be required to disclose the legal or other standards it uses to determine whether a company’s data security practices are unfair or not under Section 5 (a) of the FTC Act.

In a six-page ruling, the FTC’s chief administrative law judge, Michael Chappell, nixed that argument and held that the Commission can indeed be compelled to disclose the information in the LabMD case.

The official response to yesterday’s ruling:

LabMD, a medical facility, is cautiously optimistic that the FTC will be forced to step into an era of fairness and transparency in notifying the business community, both large and small, what their data security standards are. LabMD still strongly objects to the FTC’s overreach into the medical regulatory environment overseen by HHS via HIPAA.

Read More

02 May Latest Book Review of The Devil Inside the Beltway by Josh Kaib

You may think the government is on your side. You may think they wouldn’t try to destroy a man’s business–his livelihood–for all the wrong reasons. But you’d be wrong. There is a devil inside the beltway, and he could be coming for you next.

The Devil Inside the Beltway is more than just a book. It’s even more than the story of one man’s fight against tyranny.

Screen shot 2014-05-02 at 7.29.46 AM

The latest review of The Devil inside the Beltway is found posted in the Watchdog Wire. Please find a snippet below and click HERE for the full review.

More than anything, it is a warning: this is what happens when you let government get too big, too powerful, and too involved with our everyday lives.

As someone who investigates government actions on a semi-regular basis, one part of the book particularly stood out to me. In 2012, Daugherty filed a Freedom of Information Act (FOIA) request to further investigate the connection between Tiversa and the government.

Like many others who have filed FOIAs, he ended up with a disappointing amount of information. It was bad enough that the government was going after LabMD, but at least they could have been transparent about it.

If you have the chance, pick up The Devil Inside the Beltway and give it a read. It’s a thriller, true crime novel, dystopian epic, and political discourse all rolled into one. But above all, watch out for the devil inside the beltway and pray he doesn’t come for you.

Read More

26 Apr FTC challenger remains defiant over charges

Screen shot 2014-04-27 at 8.03.30 PMThe head of a medical lab charged with letting thieves steal patient data is refusing to back down from his fight against the Federal Trade Commission (FTC).

A court’s decision this month to allow the FTC to pursue similar charges against the Wyndham hotel chain shouldn’t have much impact on LabMD’s campaign against the regulator, CEO Michael Daugherty said on Tuesday. He pledged to continue fighting the “bullies” at the agency to prevent them from regulating companies’ data security without explicit regulations.

“I would find most people are going to not say it’s okay to have a government agency that assumes all powers are there until they’re told they’re not,” he said in an interview with The Hill.

Daugherty was on Capitol Hill on Tuesday to talk with congressional staff, many of whom he said have been supportive of his case.

The FTC last summer accused Daugherty’s Atlanta-based laboratory of failing to safeguard consumers’ personal information. The commission claimed that a spreadsheet with data of more than 9,000 patients was found on a peer-to-peer file-sharing network, exposing people’s medical history, Social Security numbers and other personal details.

The company has fought back against the charges.

To read the whole article, click HERE 

Read More

09 Apr Mike is speaking at Restoring our Promise on May 10th

Screen shot 2014-04-09 at 7.00.08 AM
What is Restoring Our Promise?

Read below:

Screen shot 2014-04-09 at 7.00.41 AMWhen is Restoring our Promise?

May 10th Noon till 8PM

*   *   *

Where is Restoring our Promise?

Crossroads Church 2564 Georgia 154, Newnan, Georgia

This event includes dinner. $20 advance $25 at the door $15 students $15 live stream

*   *  *

As you can see below, Mike is scheduled to speak at 2:35 May 10th. Registration opens Monday April 14th. Be sure to register to attend this star filled event!

Screen shot 2014-04-09 at 7.04.40 AM

Read More

07 Apr Don’t be Seduced by Pigs Wearing Lipstick:

lipstickpig

Graphic credit to Mick Coulas

The FTC Testifies Before Congress Using Fear in Their Thinly Veiled Grab for More Power

On April 2, 2014, FTC Chairwoman Edith Ramirez performed a classic display of Government Agency Contempt of Congress as she attempted to seduce Congress into giving her agency more power. She wants power to further pound companies into submission before they can get to a fair and impartial court, power to mislead the public regarding FTC effectiveness, and power to keep Congress from understanding that bully agencies like the FTC keep the American public exploited by hackers and cybercriminals.

With all the chest beating of the US Government agency complex, I remind you that Edward Snowden walked out with a thumb drive. Hero or traitor is not the issue. The issue is hero or traitor, someone walked out with a thumb drive. In the meantime, Edith Ramirez and her merry band of sheriffs want to keep beating up victims. This may make for great theater, this may allow hollow congressmen to back slap and light cigars, but this will never solve the problem.

The tools that Chairwoman Ramirez employs come straight out of the FTC’s “congressional testimonial strategy handbook”; speak briefly using broad and vague terms, assume Congress approves your powers until restricted otherwise, use Heads on Spikes to show the world all the “good” you are doing while you scare everyone else by implying this could happen to them, and finally, keep your mouth shut about the false confessions extracted by holding guns to the heads of victims.

As the FTC knows all too well, the dead and injured are unable to give their side of the story. And who needs to be bothered by petty annoyances like due process and legal integrity when there is so much to do?

Let’s dig a bit further into a couple of their favorite tricks:

Assume regulatory powers are theirs until stopped by Congress or the Courts

The FTC chants every morning like a drunken yogi that they have “broad powers assigned by Congress”. They think that means they rule the world. Given what we have seen from the IRS when an agency is given “broad powers”, this is nothing to brag about. But Congress, in its infinite laziness and fear of public accountability, tossed away the political hot potato by creating regulatory agencies intent on executing Congress’s dirty work. It’s Congress’s version of outsourcing.

While Congress has never assigned the FTC power to regulate data security, the FTC screams “loophole”. Congress didn’t state the FTC didn’t have the power, so, to the assumptive FTC, that means they do. If you want to climb Justice Mountain to get a federal court to rule otherwise, you are going to have to pony up at least a million dollars while Congress stays asleep at the wheel. In the meantime, the courts may roll their eyes and rule that, yes, it is a terrible law, but it is Congress’s terrible law, not the courts, so if you want change it, go complain to Congress.

This is called “running the prisoner until he drops”. There isn’t a more inefficient and corrupt road to justice that waiting for Congress to get something done. And the FTC knows this. They revel in it. The power that the FTC has stacks the deck dramatically in their favor.

Congress probably doesn’t even realize it lets the FTC:

  • Make their own rules.
  • Police themselves.
  • Oversee their own internal administrative court system (think kangaroos).

This has completely shredded the founding fathers intent in separating government powers. We don’t have to speak in theory now…we are currently experiencing a plethora of government agency overreach under the guise of saving the world. “Trust but verify” has been replaced with “trust us you fool”.

Parade around DC with Heads on Spikes

She makes it sound so sweet, but Ramirez is a hissing snake as she announces her list of consent decrees that she likes to call “settlements”.  It would be more accurate to call them extortions. She repeatedly disparages prior companies that had no idea they would receive this repeatedly public reputation assassination for years to come.  Failing to mention her buried fine print that clearly states no wrongdoing was admitted, here arrives more lying through omission.

Companies blocked from their day in even a lopsided and biased court, because they were forced to choose between settling or draining their bank accounts, then continually assassinating their reputation for years to come in hearings and print is a disgusting display of misleading the public and the companies the FTC “settles” with.

We now observe there is no real settling with the FTC. They have become a chronic disease, at every turn forgetting our foundational right of innocence until proven guilty. Yet the FTC extorts these decrees and then brags like they won a jury verdict. Ramirez plays her poker well. She doesn’t have to act long. Congress will move their attentions to something else in a matter of moments. Mission accomplished.

And are we safer? No.

What the FTC doesn’t want you to know is that so many of the files floating around cyberspace are precisely due to the FTC’s ignorance and incompetence. In my new book, The Devil Inside the Beltway, I specifically lay out how the FTC blew the corrective control of P2P malware. Giving a regulatory agency power over technology is like handing Kathleen Sebelius a scalpel and sending her into surgery. This is a dangerous game.

Keep your mouth shut about the false confessions extracted by holding guns to the heads of victims

Congress has allowed the FTC to play judge, jury and prosecutor in their Administrative court, making their rules so lopsided that their victims are beaten into submission and silence. With silenced victims, Congress stays blissfully ignorant of the medieval tactics their spawn employs.

In these congressionally created star chambers, called administrative court, the FTC has the power to:

  • Rule on motions to dismiss, rather than the judge
  • Rule on motions to quash, rather than the judge
  • Require defendants to get FTC signature approval before sending subpoenas.
  • Reject the judge’s ruling.

I could go on…but you get the point. And what does the media do? Nothing. The power slant is so outrageous yet hidden the media can’t comprehend it. That would involve paying attention for more than five seconds.

As long as the FTC keeps it on the down low, plays circle and confuse but is sweet in front of Congress, and gets the hell out of the hearing as fast as possible, this charade is going to continue. Our safety, however, will continue to erode.

The FTC is a fearsome bully that has made us less safe. Shut down the FTC and any and all other agencies that put their job security in front of the national security. This is the tip of the iceberg and it is even chillier below the surface.

Read More

02 Apr Recent FTC Ruling Could Cloud Data Security Enforcement

Reblogged from:Screen shot 2014-04-02 at 8.58.11 AM

by John Moore, iHealthBeat Contributing Reporter

TOPIC ALERT:

  • Privacy and Security
Click on topic to receive periodic emails.

The arcane world of data security regulations just got a little more ambiguous.

In January, the Federal Trade Commission affirmed its authority to bring action against businesses that fail to adequately protect consumer data. The decision has particular implications for health care, as the case involved LabMD, a medical testing laboratory and a covered entity under HIPAA.

FTC last August filed a complaint against LabMD alleging the company exposed the personal information of about 10,000 people in two incidents. LabMD responded with its own missive: a motion to dismiss the complaint on the grounds that the FTC enforcement action clashed with HIPAA’s information security regulations.

On Jan. 16, FTC commissioners rejected LabMD’s arguments. As a result, health care providers and their business associates now need to consider FTC in addition to HHS’ Office for Civil Rights as a data security enforcement organization.

“What the FTC is saying is they feel they have the latitude … to go after anyone who doesn’t live up to the promises they make with respect to protecting their data,” said Mac McMillan, CEO of CynergisTek, an IT security consulting firm that focuses on health care.

“This was a big surprise to a lot of people,” McMillan said, adding, “Most health care organizations have never really viewed FTC as a regulatory body as it relates to privacy and security.”

Here are some other things healthcare organizations might find surprising:

  • The “new” regulator isn’t particularly new — FTC has been sniffing around health care and security for a number of years.
  • Settlements with FTC could involve 20 years of privacy audits if recent history applies to health care companies.
  • None of this may ever happen — pending court cases could check FTC’s data security watchdog role.

Overlapping Authority?

FTC’s assertion of authority stems from its interpretation of the FTC Act and its mission of pursuing consumer trust issues. In the LabMD decision, the commissioners ruled that a company’s data security lapses fall within the scope of the FTC Act’s ban on “unfair … acts or practices.”

The commission’s enforcement track, however, puts it on a path similar to OCR.

LabMD cited this overlap in its motion to dismiss. The company argued that HIPAA — which empowers OCR’s enforcement work — takes precedence over the FTC Act in the realm of data security.

The commissioners disagreed, saying, “Nothing in HIPAA … reflects a ‘clear and manifest’ intent of Congress to restrict the Commission’s authority over allegedly ‘unfair’ data security practices such as those at issue in this case.”

FTC’s decision is unlikely to stand as the final word on its data security powers in health care and other fields. Ongoing court cases should help determine whether FTC’s position will prevail. In one example, a federal court will rule on Wyndham Worldwide Corp.’s contention that FTC’s pursuit of data security represents an overreach of its authority. FTC in 2012 sued the hotel chain for alleged data security failures.

While the cases continue, some industry watchers believe FTC and OCR will be able to work cooperatively.

Scott Walters — director of security at INetU, a managed hosting and cloud provider that targets the health care industry — said FTC and HHS “are smart enough not to get into a double jeopardy situation” in which the two agencies would take independent action against the same company.

“I can see it being complementary for a while,” Walters said.

Brad Keller — senior vice president at the Santa Fe Group and program director of the company’s Shared Assessments Program — pointed out that FTC and HHS have some history with coordinated action. As an example he cited a 2010 case in which Rite Aid agreed to pay $1 million to settle potential HIPAA violations, following an “extensive joint investigation” by OCR and FTC.

“If you think about it, this isn’t all that new,” Keller said.

McMillan also noted FTC’s previous interest in data security, citing the commission’s discussions over the past five years with organizations including the Office of the National Coordinator for Health IT.

“They have always been clear: if they receive a complaint or perceive a customer trust issue, they will pursue it,” McMillan said.

Effect on Health Care Industry

Assuming FTC’s authority survives court challenges, health care providers would have another data security enforcement body looking at them — and one that can levy fines and order corrective measures.

As for fines, HIPAA has a higher penalty limit. David Harlow — president of The Harlow Group LLC, a healthcare law and consulting firm — noted that fines under the FTC Act are limited to $16,000 for each violation, compared with HIPAA’s maximum fine of $1.5 million.

McMillan, on the other hand, suggested that FTC has a more powerful weapon: privacy audits. When Google and Facebook settled with the FTC — amid complaints of mishandling users’ personal information — the companies agreed to undergo privacy audits for 20 years as part of the deal,according to Forbes.

McMillan said the cost of conducting periodic audits could prove more expensive in the long run than a HIPAA fine. “You’ve got the cost of an external monitor for 20 years,” McMillan said, noting that the audits are conducted by a third party.

He said, “It’s not just the cost, but being under the microscope for 20 years,” adding, “That is an awfully long time to have the government … reviewing what you are doing.”

But the effect of FTC enforcement should not prove as dire for health care providers who stay on the right side of HIPAA.

“If they pay attention to HIPAA, they are going to be fine,” Walters said.  “I don’t think FTC is going to end up trumping HIPAA.”

Walters said the investment in HIPAA, HITECH and the omnibus rule suggests that those requirements will endure as the data security standard in health care.

McMillan said he believes FTC will apply HIPAA’s privacy and security requirements when considering health care companies.

“They are not going to pull some other standards out,” he said.

A gray area still exists, nevertheless. While HIPAA enforcement relies on specific rules, FTC pursues enforcement through case-by-case litigation, Harlow said. The commission doesn’t operate with a list of unfair business practices, he added. So, at least in theory, FTC could find fault with a HIPAA-compliant health care provider.

“There is still room for FTC to maneuver, even if they are fully HIPAA compliant,” Harlow said.

Read More

02 Apr It’s time for the Fat Lady to Sing….

Wake up healthcare, the fat lady is clearing her voice and she is about to sing for you.

Screen shot 2014-03-24 at 8.05.38 PM

Two articles came out about LabMD recently, HealthCare Info Security’s

LabMD vs. FTC: Legal Battle Continues and Fox Rothchild’s The Wild West of Data Breach Enforcement by the Feds. Please read them. My take is this:

Finally…finally…finally…the world just might be waking up to the fact that this furious war (and make no mistake, it is a war) with the Federal Trade Commission is not only about their crushing and imploding a small cancer detection center. No, this is about the FTC wanting the world of medicine at their beck and call. Should the FTC get away with this, then HIPAA is the least of healthcare’s worries. As if shrinking payments, Obamacare and Health and Human Services aren’t enough to worry about, how would you like to have to bow to an agency that argues they don’t need standards or specific rules?

Yes, more government lawyers with scant experience in medicine want to call the shots. This is because they know so much. Just ask them. They are the self-appointed saviors of the consumer. Of course, they don’t actually care enough to learn about the world they are messing with. They are so proud of their intentions to save the world (congress, doctors, and businesses be damned) that they will create common law to get their way. They will use a biased administrative court system. They will do anything, say anything and stop at nothing to “save the world”. In the mean time they crush all that stands in their way, including LabMD. I say no…and I mean it. If you don’t wake up now, my fate will be yours. WAKE UP, because reputation assassination is what they do for a warm up. The world of medicine has enough on its hands with Obamacare and HHS. There is no room at the inn for regulatory zealots. The FTC needs to go away for good.

 

 

Read More