Lawsuit Alleges IRS Violated HIPAA with Seizure of 60M Patient Medical Records

A class action lawsuit alleges the IRS violated HIPAA regulations when agents seized 60 million private and confidential health records relating to 10 million American individuals. The case is being filed by a healthcare provider – that wishes to remain anonymous – against the IRS and fifteen of its agents who were not named.
The case is being filed with the complainant alleging the IRS breached HIPAA regulations and illegally seized 60 million personal medical records when the warrant allowed only access the financial data of one individual.
The incident occurred on March 11, 2011 when the IRS gained a search warrant to access specific records relating to one individual who had previously worked for the company filing the suit. The IRS agents allegedly seized the data which included financial and medical records and made no attempt to abide by HIPAA regulations and only take the data relating to their investigation. Unrelated medical records of 10 million patients were included with the record they wanted to access.
The data contains highly sensitive medical information such as psychological problems and treatments, gynecological notes and STD treatments, drug therapy and counseling records according to the lawsuit. The data also includes the medical records of one million California residents.
The suit alleges that the IRS only had the authorization to access financial records relating to one individual, and did not have a subpoena for the remaining records. The individuals in the database were not being investigated for any crimes or civil disputes. Medical records should not have been taken as the data had no relevance to the investigation being conducted. The IT personnel present at the time of the seizure warned the IRS that the data was privileged; signage was erected on the building to inform the company was covered by HIPAA and additional signage was present in the IT department where the data was seized according the lawsuit.
The suit alleges, “Despite knowing that these medical records were not within the scope of the warrant, defendants threatened to ‘rip’ the servers containing the medical data out of the building if IT personnel would not voluntarily hand them over,” it goes on to state that “no effort was made at all to even try maintaining the illusion of legitimacy and legality.”
The complainant claims “This is an action involving the corruption and abuse of power by several Internal Revenue Service agents,” and the actions of the agents violated the 4th Amendment. Damages of $25,000 per individual are being claimed.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.