Friday, March 15, 2013

IRS faces class action lawsuit over theft of 60 million medical records

Try this with paper records.  This is spectacular (as in, spectacularly alarming) if true:

IRS faces class action lawsuit over theft of 60 million medical records

The Internal Revenue Services is now facing a class action lawsuit over allegations that it improperly accessed and stole the health records of some 10 million Americans, including medical records of all California state judges.

According to a report by Courthousenews.com, an unnamed HIPAA-covered entity in California is suing the IRS, alleging that some 60 million medical records from 10 million patients were stolen by 15 IRS agents. The personal health information seized on March 11, 2011, included psychological counseling, gynecological counseling, sexual/drug treatment and other medical treatment data.

"This is an action involving the corruption and abuse of power by several Internal Revenue Service agents," the complaint reads. "No search warrant authorized the seizure of these records; no subpoena authorized the seizure of these records; none of the 10,000,000 Americans were under any kind of known criminal or civil investigation and their medical records had no relevance whatsoever to the IRS search. IT personnel at the scene, a HIPPA facility warning on the building and the IT portion of the searched premises, and the company executives each warned the IRS agents of these privileged records," it continued.   According to the case, the IRS agents had a search warrant for financial data pertaining to a former employee of the John Doe company, however, "it did not authorize any seizure of any healthcare or medical record of any persons, least of all third parties completely unrelated to the matter," the complaint read.

The class action lawsuit against the IRS seeks $25,000 in compensatory damages "per violation per individual" in addition to punitive damages for constitutional violations.  Thus, compensatory damages could start at a minimum of $250 billion.

According to the linked Courthousenews.com piece, the class is represented by attorney Robert E. Barnes of Malibu, California.   The Complaint is reported to state that the IRS' data theft was so enormous it affects "roughly one out of every twenty-five adult American citizens."

If a government agency decides to steal medical records, I'd rather the records be on paper than electronic. I think it's inarguable that it is a lot harder for 15 people to haul 60,000,000 paper charts away than a few hard disks.

Mass theft of records must be factored into the risk/benefit ratio of electronic health records.  See other posts on this topic at the label index terms below.

Addendum:  the Complaint is here (PDF).

-- SS

5 comments:

Steve Lucas said...

This is troublesome on many levels. A number of years ago we were in a tussle with the city over a street improvement. Imagine my surprise when a city official started reciting information from our tax return as a means to dissuade us from protesting their action.

We have to also remember how the IRS has been used in the past for criminal investigations. Just having an ongoing IRS investigation linked to your name will have consequences, for politicians, a selective us of this could change political outcomes.

Obamacare calls for the hiring of thousands of new IRS agents to review insurance compliance. It is not a great leap to see how these agents could use interlinked EMR’s in a less than professional way.

Steve Lucas

Anonymous said...

Scot

IRS, CMS, or wildcard executive branch of the Federal government of your choosing. What's the difference? They are simply manifestations of an increasingly intrusive and controlling centralized authority that now has license to invade our VERY personal healthcare space. Privacy is DEAD

Anonymous said...

Courthouse News writers should knoe by now that HIPAA is not spelled "HIPPA".

That said, the country citizens have turned into sheeple.

Where is the outrage? Sad and pathetic.

InformaticsMD said...

Obamacare calls for the hiring of thousands of new IRS agents to review insurance compliance. It is not a great leap to see how these agents could use interlinked EMR’s in a less than professional way.

Indeed. Good point.

-- SS

Anonymous said...

Anonymous,

The HIPAA/HIPPA was obviously a scrivener's error. But in referencing HIPPA, I heard recently that the ACA (Affordable Care Act), now better known as Obamacare, would more correctly be titled HIPPA--the Healthcare Industry Profit Protection Act.

--Melody