The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Lawsuit Alleges IRS Violated HIPAA with Seizure of 60M Patient Medical Records

Posted By on May 15, 2013

A class action lawsuit alleges the IRS violated HIPAA regulations when agents seized 60 million private and confidential health records relating to 10 million American individuals. The case is being filed by a healthcare provider – that wishes to remain anonymous – against the IRS and fifteen of its agents who were not named.
The case is being filed with the complainant alleging the IRS breached HIPAA regulations and illegally seized 60 million personal medical records when the warrant allowed only access the financial data of one individual.
The incident occurred on March 11, 2011 when the IRS gained a search warrant to access specific records relating to one individual who had previously worked for the company filing the suit. The IRS agents allegedly seized the data which included financial and medical records and made no attempt to abide by HIPAA regulations and only take the data relating to their investigation. Unrelated medical records of 10 million patients were included with the record they wanted to access.
The data contains highly sensitive medical information such as psychological problems and treatments, gynecological notes and STD treatments, drug therapy and counseling records according to the lawsuit. The data also includes the medical records of one million California residents.
The suit alleges that the IRS only had the authorization to access financial records relating to one individual, and did not have a subpoena for the remaining records. The individuals in the database were not being investigated for any crimes or civil disputes. Medical records should not have been taken as the data had no relevance to the investigation being conducted. The IT personnel present at the time of the seizure warned the IRS that the data was privileged; signage was erected on the building to inform the company was covered by HIPAA and additional signage was present in the IT department where the data was seized according the lawsuit.
The suit alleges, “Despite knowing that these medical records were not within the scope of the warrant, defendants threatened to ‘rip’ the servers containing the medical data out of the building if IT personnel would not voluntarily hand them over,” it goes on to state that “no effort was made at all to even try maintaining the illusion of legitimacy and legality.”
The complainant claims “This is an action involving the corruption and abuse of power by several Internal Revenue Service agents,” and the actions of the agents violated the 4th Amendment. Damages of $25,000 per individual are being claimed.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist