There have been two important developments in the FTC’s administrative case against LabMD over data security.
Today, FTC Administrative Law Judge Chappell issued an order that agreed with LabMD that as a non-party, Tiversa had no right to submit any filing without first seeking – and obtaining – leave to intervene. Tiversa had neither sought nor obtained leave prior to submitting their Notice of Information on November 3. Although Chappell found a motion to strike was procedurally incorrect under the circumstances, he agreed with LabMD on all substantive points.
In his order, Judge Chappell firmly rejected Tiversa’s and FTC complaint counsel’s arguments that the Notice of Information was relevant to whether Tiversa’s former employee, Rick Wallace, should be granted immunity for testimony “necessary to the public interest.” That determination, he wrote, had already been made in October before he sought Attorney General approval to grant immunity under Rule 3.39.
Tiversa’s Notice of Information, which was not uploaded to PHIprivacy.net because of its sensitive content and inappropriateness, was reported by Law360.com, who likely received a copy directly from Tiversa. The Notice of Information was filled with personal details about Wallace and his family, and it appeared to PHIprivacy.net to be a transparent attempt to poison Judge Chappell against the witness before he had ever testified. The FTC’s opposition to LabMD’s motion to strike the filing may fuel claims that the FTC has engaged in questionable conduct in this case.
Also noteworthy about Tiversa’s “Notice of Information” was the inclusion of several emails – without headers and paths – that supposedly showed that Wallace had found the “1718 file” on a number of non-LabMD servers. According to LabMD’s response to Tiversa’s submission, none of those emails had ever been produced by Tiversa during discovery.
In his order responding to LabMD’s motion to strike the Notice of Information, Judge Chappell slapped down Tiversa for their submission, describing it as an “improper attempt to place evidence on the public record, unilaterally, with the transparent purpose of impugning the credibility of Mr. Wallace’s anticipated testimony and/or influencing the immunity process.” Because the Notice was improperly filed, he ordered that the assertions and documents included therein will be “disregarded and will not be considered for any purpose.” At best, Tiversa’s strategy failed. At worst, it appears to have backfired.
The second major development is that the Department of Justice approved Judge Chappell’s request for authority to issue an order requiring Mr. Wallace’s testimony and granting him immunity. That approval was issued on November 14. PHIprivacy.net is attempting to determine whether the grant of immunity has actually been issued.
Assuming the immunity is granted, it is anticipated that Wallace will testify that the “1718 file” that formed the basis for the FTC’s initial investigation of LabMD was found only on LabMD’s server and that he made up four other IP addresses under pressure from his employer (Tiversa), who, in turn, he alleges, was pressured by the FTC. The FTC will likely want to introduce rebuttal witnesses if that is, indeed, his testimony.
Asked for his response to these latest developments, Michael Daugherty, CEO of LabMD, stated, “When Americans learn the facts as I have they will understand my outrage and determination to see this through.”