For those unaware of the case, Daugherty is the founder of LabMD, an Atlanta-based medical testing laboratory that has been caught up in a four-year-long battle with the FTC. Days ago, the company issued a press release: Following a 4:0 vote by the FTC on January 16 to reject LabMD’s motion to dismiss an August 2013 complaint against the facility, the company announced that it has begun the process of winding down. The book documents the company’s saga. While it’s highly specific to the FTC battle, Daugherty’s experience as a founder is also a sobering story for any business owner to read.
Daugherty opened LabMD 18 years ago, in 1996. The lab operated as a small business of 20-some employees and analyzed blood, urine and tissue samples for cancer, micro-organisms and tumor markers. The nightmare began like most any misadventure in business: a company spreadsheet showed up in a research project on accidental data leakage. Somehow, the company’s database of private client information had escaped the firewall boundary. Upon investigation, the company discovered the unwitting culprit: an employee had downloaded LimeWire, a peer-to-peer sharing program, onto a company workstation to listen to music files during work. The peer sharing protocol, of course, created the means for sensitive client data to leave the network as well.
Yes, it was a serious issue and one that required corrective action. New security measures. Stronger employee procedures. Penalties, perhaps. Even fines.
But LabMD’s nightmare had only begun. What makes the LabMD story interesting is that the company has actually never been charged with a HIPAA violation (the federal government’s privacy regulation that governs who can look at and receive an individual’s private health information.) Instead, LabMD became one of a set of companies aggressively pursued by the Federal Trade Commission (FTC) for allegations of failure to protect sensitive client information, not as a HIPAA violation, but as a “deceptive and unfair trade practice.”