IRS Agents Sued in Health Records Case

Suit Alleges 10 Million Patients' Info Improperly Seized

By , March 15, 2013.
IRS Agents Sued in Health Records Case

An unidentified California company has filed a class action lawsuit claiming that Internal Revenue Service agents illegally obtained the electronic health records of 10 million individuals during a raid of the company related to a tax matter involving a former employee.

See Also: Digital Identity Verification for Fraud Mitigation

Records seized by IRS agents, according to the lawsuit, include those of every state judge in California, every state court employee, members of the Screen Actors Guild and the Directors Guild, and "prominent citizens in the world of entertainment, business and government, from all walks of life."

The complaint, filed by a company that's a HIPAA covered entity, alleges violations of the Fourth Amendment, which guards against unreasonable searches and seizures.

The lawsuit against 15 IRS agents was filed March 11 in the Superior Court of California in San Diego County by tax attorney Robert E. Barnes on behalf of a company identified only as John Doe Company. The lawsuit seeks $25,000 in compensatory damages per violation per individual.

Barnes did not reply to requests for comment. A spokesman for the IRS's San Diego office would not comment on the matter, saying that the IRS does not disclose or confirm investigations.

A civil case management conference has been scheduled for August 16, and the case has been assigned to judicial officer Ronald S. Prager, court records show.

The Allegations

The lawsuit alleges that on March 11, 2011, IRS agents, during a raid of the company to execute a search warrant, seized 60 million medical records on more than 10 million Americans, including at least 1 million Californians.

"No search warrant authorized the seizure of these records; no subpoena authorized the seizure of these records," the lawsuit claims.

"Despite knowing that these medical records were not within the scope of the warrant, defendants threatened to 'rip' the servers containing the medical data out of the building if IT personnel would not voluntarily hand them over," according to the lawsuit. "Moreover, even though defendants knew that the records they were seizing were not included within the scope of the search warrant, the defendants nonetheless searched and seized the records without making any attempt to segregate the files from those that could possibly be related to the search warrant."

Healthcare attorney Adam Greene of Davis Tremaine Wright, which is not involved in the suit, says a covered entity that improperly turns over protected health information could be in violation of HIPAA. "But if someone comes in and improperly acquires HIPAA covered information through bullying, that would be a potential criminal offense," he adds.

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Post Breach: Prioritizing Cyber Spending

Following a data breach, organizations need to be sure they avoid simply throwing more money into...

Latest Tweets and Mentions

ARTICLE Post Breach: Prioritizing Cyber Spending

Following a data breach, organizations need to be sure they avoid simply throwing more money into...

The ISMG Network