The Federal Trade Commission has ruled it has the authority to take action against HIPAA-covered entities in issues of data security.
The ruling follows a request by medical testing laboratory LabMD to dismiss a current FTC suit that alleges a recent data breach was the result of inadequate data protection. In the request for dismissal, LabMD argued that by enacting HIPAA, Congress implicitly stripped the FTC of its ability to enforce data security requirements at covered entities, giving that power to HHS.
In a 4-0 vote, the FTC rejected LabMD's claims, asserting the FTC's enforcement authority does not conflict with HHS' in the area of data security.
The ruling is "significant" for HIPAA-covered entities, Kirk Nahra, a partner with Wiley Rein LLP, in Washington, D.C., told Bloomberg BNA. "This is the FTC saying that everyone regulated by HIPAA has to worry about us too," he said.
More Articles on HIPAA:
4 Data Security Best Practices From Mountain States Health Alliance CIO Paul Merrywell
7 Recent Healthcare Data Breaches
Proposed HHS Rule Would Ease HIPAA Regulations Regarding Mental Health Information for Potential Gun Owners