Senior Communications Manager
Kirk Nahra Discusses FTC Data Security Enforcement Ruling
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted by Bloomberg BNA in a January 23 article about the implications of a Federal Trade Commission (FTC) ruling in an important data security case.
The FTC on January 16 affirmed its enforcement authority over LabMD even though the cancer-detection service company is a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). LabMD’s billing manager made a report containing the personal information of more than 9,000 customers available through a file-sharing network, the FTC alleged in its original complaint. LabMD argued that the FTC had no authority in the case because its involvement violated a section of the FTC Act.
The commission’s recent ruling rejecting LabMD’s challenge is “significant” for HIPAA-covered entities that were previously unaffected by the FTC Act, noted Mr. Nahra. “This is the FTC saying that everyone regulated by HIPAA has to worry about us too,” he said.