The IRS is facing a lawsuit over HIPAA violations considered to be a data breach of ten million records with unauthorized seizure. The class action lawsuit does not name the individual company and called it “the John Doe Company” who filed the case. The IRS is being accused of not being helpful regarding supplying information and the lawsuit is looking for $25,000 per individual compensation.
The IRS is facing a lawsuit over HIPAA violations considered to be a data breach of ten million records with unauthorized seizure. The class action lawsuit does not name the individual company and called it “the John Doe Company” who filed the case. The IRS is being accused of not being helpful regarding supplying information and the lawsuit is looking for $25,000 per individual compensation.
The covered entity, called John Doe Company, states that the IRS agents stole more than 60,000,000 medical records of more than 10,000,000 Americans, including at least 1,000,000 Californians.
The agents for the IRS allegedly conducted the unlawful search and seizure in 2011 in Southern California.
From the press release:“No search warrant authorized the seizure of these records; no subpoena authorized the seizure of these records; none of the 10,000,000 Americans were under any kind of known criminal or civil investigation and their medical records had no relevance whatsoever to the IRS search. IT personnel at the scene, a HIPPA [sic: recte HIPAA] facility warning on the building and the IT portion of the searched premises, and the company executives each warned the IRS agents of these privileged records. The IRS agents ignored and discarded each of these warnings, ignored their own published and public-reliant rules and governing ethical requirements, and ignored the limitations of the court’s search warrant authorization, seizing the records under threat of destroying company property”
Not too long ago, I suggested that HIPAA rules should be expanded and combined with other privacy laws to make areas of conflict or duplication clear. It would be helpful to have all privacy and security related information aggregated so it could be accessed in one place. This is a huge problem, and not just in healthcare. I would guess that there are many HIPAA covered entities that may not be aware they are such and they could be operating under other privacy or security entities at the same time.
The lawsuit alleges that the IRS violated the 4th amendment, that there was no reason for them to access the records, and no search warrant was requested. The records are said to include the personal health records of all of the California state judges as well. This certainly is making more of a case for digital laws in the U.S.
http://healthitsecurity.com/2013/03/14/irs-facing-class-action-suit-for-medical-record-breach/
images: medical records/shutterstock