IRS Agents Sued in Health Records Case

Suit Alleges 10 Million Patients' Info Improperly Seized
IRS Agents Sued in Health Records Case

An unidentified California company has filed a class action lawsuit claiming that Internal Revenue Service agents illegally obtained the electronic health records of 10 million individuals during a raid of the company related to a tax matter involving a former employee.

See Also: Cyber Insurance Checklist - What's Right for Your Risk?

Records seized by IRS agents, according to the lawsuit, include those of every state judge in California, every state court employee, members of the Screen Actors Guild and the Directors Guild, and "prominent citizens in the world of entertainment, business and government, from all walks of life."

The complaint, filed by a company that's a HIPAA covered entity, alleges violations of the Fourth Amendment, which guards against unreasonable searches and seizures.

The lawsuit against 15 IRS agents was filed March 11 in the Superior Court of California in San Diego County by tax attorney Robert E. Barnes on behalf of a company identified only as John Doe Company. The lawsuit seeks $25,000 in compensatory damages per violation per individual.

Barnes did not reply to requests for comment. A spokesman for the IRS's San Diego office would not comment on the matter, saying that the IRS does not disclose or confirm investigations.

A civil case management conference has been scheduled for August 16, and the case has been assigned to judicial officer Ronald S. Prager, court records show.

The Allegations

The lawsuit alleges that on March 11, 2011, IRS agents, during a raid of the company to execute a search warrant, seized 60 million medical records on more than 10 million Americans, including at least 1 million Californians.

"No search warrant authorized the seizure of these records; no subpoena authorized the seizure of these records," the lawsuit claims.

"Despite knowing that these medical records were not within the scope of the warrant, defendants threatened to 'rip' the servers containing the medical data out of the building if IT personnel would not voluntarily hand them over," according to the lawsuit. "Moreover, even though defendants knew that the records they were seizing were not included within the scope of the search warrant, the defendants nonetheless searched and seized the records without making any attempt to segregate the files from those that could possibly be related to the search warrant."

Healthcare attorney Adam Greene of Davis Tremaine Wright, which is not involved in the suit, says a covered entity that improperly turns over protected health information could be in violation of HIPAA. "But if someone comes in and improperly acquires HIPAA covered information through bullying, that would be a potential criminal offense," he adds.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Marianne Kolbasuk McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network