Read the full story: Law360

In February, the cancer diagnosis firm dropped its suit in the District of Columbia challenging the FTC’s authority to regulate data security following an unexpected jurisdictional ruling by the Eleventh Circuit. LabMD voluntarily dismissed without prejudice itscomplaint claiming that the agency lacked the authority to bring an administrative action accusing the company of failing to implement reasonable and appropriate measures to prevent unauthorized access to consumers’ personal health data.


But now, government accountability organization Cause of Action has refiled the lawsuit on behalf of LabMD, saying the company’s data security practices are regulated by the U.S.Department of Health and Human Services and that HHS has never indicated that LabMD violated any of its patient information security requirements.


“By continuing to drag the administrative proceedings along, the FTC continues to act without the authority granted to it by Congress — authority they admitted only last month they do not have,” CoA Executive Director Dan Epstein said in a statement on Thursday. “The FTC continues to exemplify the dangers of unbridled federal agency overreach into areas in which they have no authority. The merits of our complaint have yet to be evaluated by a court, which is why we are bringing them before the District Court now.”