No one likes a bully, whether the bully attacks personally or professionally. In this case, the victim is LabMD and the bully is the Federal Trade Commission, or FTC. In the latest FTC data security scandal, the organization abused its power and continues to demonstrate the lack of oversight the federal government has on its own programs.
Michael J. Daugherty, www.michaeljdaugherty.com, President and CEO of LabMD, has announced that he has no choice but to wind down operations at his medical facility in Atlanta, GA. Why? Because the FTC has been investigating the business for four exhausting years and has filed an administrative suit against LabMD regarding patient information data security. Established in 1996, LabMD specializes in analysis and diagnosis of blood, urine, and tissue specimens for cancers, micro-organisms and tumor markers. Due to the actions of the FTC, LabMD can no longer accept new specimens. It will do everything it can to continue helping current clients, despite the devastating impact on its loyal employees and partners.
Why has this even been allowed to happen? There are no answers yet. In an effort to help others, and according to a recent Forbes article, Michael Daugherty offers this advice as federal government bully repellent:
1. As a small company, especially, document everything. Bear in mind, Daugherty cautions, that small businesses are informal environments where decisions tend to be made by "conversations as you walk down the hall." But to increase your safety in an environment of regulation, you should document every step and every decision to a degree that it would be understandable even to a stranger. Every operational procedure. Every technology purchase. The blueprint of the network. This is an arena where electronic alternatives or reliable services that specialize in governance can be especially helpful in keeping any potential for exposure (to theft or to liability) to the minimum. The Nevada-based company Laughlin Associates, for example, provides its clients with precisely this "Corporate Veil Protection Service".
2. Get a comprehensive data security program in place. Unfortunately, Daugherty acknowledges, while alternatives such as Websense are suitable for mid to large organizations, few comprehensive data security alternatives for smaller organizations exist. The lack, however, offers an opportunity for aspiring entrepreneurs to develop increasingly better security alternatives that can keep a smaller organization compliant and safe where issues such as HIPAA regulation are concerned. Cyber theft of every kind is an increasingly prevalent risk for small businesses, which can do much to increase their safety through even small and straightforward steps such as applying malware and security software and putting sufficient physical access and password protection in place.
3. Consider the implications - all of the implications - of staffing and outsourcing. How does your company’s liability shift when you employ directly versus completing work through an external agency? In addition to macro issues such as FTC and SEC regulations, companies need to consider the implications of decisions such as whether client data (particularly data such as medical records) is stored on site or whether the data is outsourced to the cloud. If outsourced, where is the cloud located? What is your company’s liability? Likewise, know your liability for the actions of employees who are in your employ as opposed to those you engage through outside services. You should research these alternatives with care in advance.
4. Be a savvy business "consumer". Every business owner must stay abreast of the changing regulatory climate that affects their industry and business, Daugherty says. A rapidly evolving environment presents a need (and also an opportunity) to stay nimble in working not only to keep your organization as safe as possible, but also to capitalize on the opportunities to meet new market needs. For example, for better or worse, changing or increasing regulation creates a greater need and demand for services that can help other businesses to stay educated and to remain abreast of and compliant with current standards.
This may seem to be common sense, or it may seem to be overkill for your small or fledgling business. Aren't these the kinds of issues that concern only larger companies? If that is true, when is the tipping point for your company to take the leap into the security unknown?
Just like identity theft, the everyday person, or in this case the everyday business, is targeted.
But being a large domestic or international business does not mean you are safe or exempt from the threat of security issues or from drawing the attention of the unfettered American governmental agencies. Even large companies have security problems. One example is the Target hack during the 2013 holiday season. Just like any other program you have, your security protections must grow with you to be truly integrated into your company’s culture and quality management systems. Start when you are small to ensure continued success and compliance when your company joins the ranks of the Fortune 500.
It is time that the small and medium business populace insist on transparency from the government. The taxpayers deserve to know how their dollars are spent, to evaluate whether the expenditure is worth their money, and to expect the freedom to pursue their own versions of the American dream. Our nation's history shows that the banding together of individuals evokes great change, and now is the time for change.