Well, they said that they’d be filing again soon, and they have. Yesterday, LabMD filed a lawsuit in federal court in Georgia against the FTC that challenges its authority. For those first catching up with the legal issues, the guts of their main arguments are contained in this paragraph in their complaint:
Even if Section 5 does empower the FTC to broadly regulate data-security, which it does not, Congress delegated sole authority to regulate PHI data-security to the HHS. And even if Section 5 does empower the FTC to regulate PHI data-security concurrently with HHS and/or to “overfile” HHS using a “common law” of consent orders and internet posts to impose requirements in excess of those set through HHS rulemaking, which it does not, the Commission’s refusal to promulgate rules or regulations and provide the public with proper notice and comment violates LabMD’s due process rights by failing to give fair notice of what the FTC believes Section 5 forbids or requires.
They also filed a motion for a preliminary injunction.
I’ve uploaded the complaint here (pdf), but not all the exhibits, which are available on PACER.
Now all I need is time to read the complaint carefully and then get the exhibits. This is one of those days when I think financial sponsorship of the blog wouldn’t have been such an awful idea, but no…..
1:12-cv-03005-WSD