Monday, 20 May 2013

IRS Illegally Seized Medical Records of 10 Million Americans, Lawsuit Claims

Written by 

The Internal Revenue Service (IRS), already under fire for its targeting of conservative organizations and monitoring of Americans’ online activities, is now being accused of stealing the medical records of over 10 million Americans.

A class action lawsuit filed in California in March claims that in the course of serving a warrant for tax records related to a single former employee of a southern California business, IRS agents “stole more than 60,000,000 medical records of more than 10,000,000 Americans.” The agents did this in spite of the fact that such a seizure was not authorized by the warrant, was irrelevant to their investigation, and violated federal law, the suit says.

According to the lawsuit, on March 11, 2011, the IRS “conducted a raid on the corporate headquarters” of the California company. The plaintiffs allege that the raid was unnecessary because “the agents admitted the company was not under investigation” — a confession backed up by both “internal IRS records” and “the search warrant.”

“The search warrant authorized the seizure of financial records related principally to a former employee of the company; it did not authorize any seizure of any health care or medical record of any persons, least of all third parties completely unrelated to the matter,” reads the complaint.

In addition, says the lawsuit, the agents were aware that the company kept medical records for numerous Americans and that those records were subject to the privacy protections of the 1996 Health Insurance Portability and Accountability Act (HIPAA): “During execution of the warrant, defendants saw that the [company] was a HIPAA secure facility and were specifically told by company officials that the records they were searching and seizing were private medical records of other Americans.”

Despite all this, the complaint alleges, the agents “told the company’s IT personnel to transfer several servers of the medical records and patient records to the IRS for search and seizure, otherwise they would ‘rip’ the servers out of the building entirely.” Under this threat, the company’s personnel complied with the agents’ demands, giving the IRS possession of “intimate and private information of more than 10,000,000 Americans,” including “the names and health records of prominent celebrities, sports personalities, and CEOs, ultimately affecting roughly one out of every twenty-five adult American citizens,” the suit claims.

The plaintiffs also charge that IRS agents “seized personal mobile phones, including all the data and information on those phones” and that once they’d completed their other illegal acts, the agents used the company’s “media system to watch basketball, ordering pizza and Coca-Cola, to take part in the NCAA tournament.”

“To this date,” the complaint states, “the IRS refuses to return any of the records, identify the accurate names of the individuals who took the records, kept the records or reviewed the records, return the records, or take any remedial action of any kind for this extraordinary violation of established Fourth Amendment rights.”

The plaintiffs are petitioning the court to provide various forms of relief for their injury, including forcing the IRS to return the medical records and delete them from its databases and requiring the agency to pay “$25,000 per violation per individual [whose records were seized], as consonant to the standards articulated for comparable HIPAA violations by individuals.” If that amount were paid to each affected individual just once, it could come to $250 billion or more; if paid for each violation, it could easily run into the trillions of dollars. One can therefore be quite sure that the government will fight it all the way to the Supreme Court, if necessary.

Some of the plaintiffs’ claims — such as the one about using the company’s property to watch the NCAA tournament — do seem a bit farfetched. (Courthouse News Service, for instance, calls them “lurid but vague.”) Even the plaintiffs’ attorney, Robert Barnes, isn’t saying whether he believes them all at this point. He told Courthouse News that he’s “still investigating all the facts” of the case and will be able to discuss them in more detail “in a few months.”

The fact that it took the plaintiffs two years to file their suit is also cause for some incredulity, though it’s possible the company was simply afraid to take on the federal government or unsure how to proceed. This delay, however, is one reason that Barnes doesn’t have all the facts yet. “I had to file to protect against the statute of limitations being an issue,” he told Courthouse News.

On the other hand, if the plaintiffs’ allegation that “a special agent involved in the matter has a known and legally documented history of misconduct, ethical breaches, and criminal activity” (they provide a lengthy list of his alleged misdeeds) is accurate, then suddenly their other allegations become much more plausible.

“If the allegations are true, the IRS is in trouble,” Washington-based healthcare privacy lawyer Jim Pyles told Healthcare IT News. “By both constitutional law and HIPAA, then I think we have a problem.”

Pyles added that the Fourth Amendment was drafted in response to the General Warrants issued by the King of England under which his officers could search for any evidence of crime without showing probable cause. “The drafters expressly sought to curb that practice in the 4th Amendment which guarantees the ‘right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures,’” he explained. If the allegations are true, “they way overstepped the limits of the search warrant.”

This would, of course, be nothing new for the IRS (which isn’t commenting on the case), but it is a matter of even greater concern now that the agency will be taking on the role of healthcare policeman when ObamaCare’s individual mandate takes effect in January. At that point every American will have to tell the IRS on his tax return, at a minimum, “the name and health insurance identification number of the taxpayer; the name and tax identification number of the health insurance company; the number of months the taxpayer was covered by this insurance plan; and whether or not the plan was purchased in one of Obamacare’s ‘exchanges,’” according to Americans for Tax Reform.

With such information in hand, it would be child’s play for the IRS to obtain any individual’s medical records. These records, the class action suit points out, include “information about treatment for any kind of medical concern, including psychological counseling, gynecological counseling, sexual or drug treatment, and a wide range of medical matters covering the most intimate and private of concerns.” Blackmailing political enemies with such data would be almost too easy — and too tempting. That’s just one more reason that both ObamaCare and the IRS need to go.