Senior Communications Manager
Kirk Nahra Discusses Challenge to FTC Authority in Health Privacy Matters
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice, was quoted in a November 22 Law360 article about a significant challenge to the Federal Trade Commission’s (FTC) authority to regulate data security in health care-related matters.
LabMD, Inc., this month filed a suit against the FTC after the commission alleged that the medical testing laboratory does not have a comprehensive information security program. LabMD is arguing that the Health Insurance Portability and Accountability Act (HIPAA) gives the U.S. Department of Health & Human Services’ Office for Civil Rights sole jurisdiction because the data in question is sensitive medical information.
Mr. Nahra said that if the FTC is allowed to proceed in the case, “that would be a major development because that would mean that there’s a whole other regulator that the health care industry would have to worry about that it didn’t historically have to worry about.”
Noting that that FTC has “gone out its way” to say that it intends to focus on matters outside of HIPAA’s scope, Mr. Nahra told Law360 that the central question is whether LabMD falls into the jurisdiction of the privacy rules. “Both sides seem to be dancing around whether LabMD is a business associate covered by HIPAA,” Mr. Nahra said. “There are all kinds of companies that handle health care information that are not covered by HIPAA, and it’s not clear where LabMD stands.”