I get it, we're all supposed to hate the IRS, but this is a really terrible article about some scumbag lawyers trying to get a quick settlement. This is just an new play on medical malpractice trolling.. And if there's anyone I trust to give me the scoop on the IRS, it's Wesley Snipes' tax lawyer!
From the filing:
A lurid but vague class action accuses corrupt and abusive IRS agents of
stealing 10 million people's medical records without a warrant - including
"intimate medical records of every state judge in California."
Sounds juicy..
After being put on notice of the illicit seizure, the IRS agents refused
to return the records, continued to keep the records for the prying eyes of
IRS peeping toms, and keep the records to this very day.
Peeping Toms? Getting pretty serious..
Adding insult to injury, after unlawfully seizing the records and searching
their intimate parts, defendants decided to use John Doe Company's media
system to watch basketball, ordering pizza and Coca-Cola, to take in part of
the NCAA tournament, illustrating their complete disregard of the court's
order and the Plaintiffs' Fourth Amendment rights.
The IRS agents had the audacity to order lunch and watch TV? How salacious.. So how did they end up stealing so many confidential records?
"Despite knowing that these medical records were not within the scope of
the warrant, defendants threatened to 'rip' the servers containing the medical
data out of the building if IT personnel would not voluntarily hand them over,"
according to the lawsuit. "Moreover, even though defendants knew that the
records they were seizing were not included within the scope of the search warrant,
the defendants nonetheless searched and seized the records without making any
attempt to segregate the files from those that could possibly be related to
the search warrant."
So they executed a search warrant, seized a server related to the financial crime they were investigating, and that server happened to have some confidential medical records too? And this is worth $250 billion in compensatory and punitive damages?
You seek to minimize the illegal conduct of the agents involved in this case, but this is actually very serious. I certainly don't want the IRS having access to my medical records, and in fact HIPAA was designed for exactly this type of thing. What if the IRS decides to keep this information and use it to spawn other investigations? Who is going to stop them once they have the records? If the law allows for $25,000 per person, and they were informed that they were violating the law and did this anyway, then so be it.
They likely won't wind up with anywhere near $250 billion, but someone needs to keep these IRS animals in check. I'd like to see a multi-million dollar judgment, paid personally by the IRS agents involved over the next several decades, while they are forced to work construction. Then I'd like to see pictures of them working in the hot sun to pay this debt published in the IRS employee newsletter as a warning to other power-tripping, pizza-eating, Coke-swilling agents that practice their profession with wanton disregard for the very laws they are supposed to be enforcing. This kind of thing is not OK.
You seek to minimize the illegal conduct of the agents involved in
this case, but this is actually very serious.
You do realize that this is a civil case right?
I'm not even convinced what they did was illegal. Unless you know otherwise, the story reads that the IRS had a subpoena for some electronic files on a John Doe suspected of fraud. They took a 'server' which was likely a file server that contained said files. It appears that the file server also had patient data. How devious of them.
What were they supposed to do? I'm sure John Doe didn't type up a 'master-fraud-plan.doc' and leave it on the desktop.
And in fact HIPAA was designed for exactly this type of thing.
No it wasn't.
What if the IRS decides to keep this information and use it
to spawn other investigations?
The cases would be thrown out almost immediately?
Who is going to stop them once they have the records?
Somewhat ironically, the 4th amendment?
If the law allows for $25,000 per person, and they were informed that
they were violating the law and did this anyway, then so be it.
The law makes no such allowance. Again, this is a civil case. That is how much damage Wesley Snipes' tax attorney thinks was done to the 10 million people that had never heard of this before.
Speaking of the 10 million people, any provider which loses patient information for more than 500 people must file a notice of breach, which is then public information. Looking at 2011 breach notifications, the largest California breach was only 1.9 million people, and was related to IBM losing some drives.[1] It would be outstanding if this dirtbag convinced some judge that a breach actually occurred, which would be enough evidence for the HHS to levy a massive fine against them for failing to report.
Yes. They committed an illegal act; now they are being sued over it.
[Hipaa was't designed for this]
HIPAA was designed to protect medical records from falling into unauthorized hands and/or being misused or mishandled. So yes, this is a HIPAA violation, probably of unprecedented size and scope.
[If the government used this information for other cases] The cases would be thrown out almost immediately
The government routinely intercepts information that it can't use in court because of the way it was obtained. They use it as a starting point. If someone has told their psychiatrist that they were embezzling funds, for example, and this was in their records, they could use that information to know where to begin looking and prosecute a crime that they would not have otherwise known about.
Yes. They committed an illegal act; now they are being sued over it.
They're being sued in civil court because this would be laughed out of criminal court.
So yes, this is a HIPAA violation, probably of unprecedented size and scope.
You don't have any idea whether or not this is a HIPAA violation, so stop pretending like you do.
1. The law makes clear exceptions for information gathered during the course of an investigation.
2. Health information is supposed to be encrypted in transit or at rest, so if the company was in compliance, there's a distinct possibility that the data isn't even accessible.
The government routinely intercepts information that it can't use
in court because of the way it was obtained. They use it as a starting
point. If someone has told their psychiatrist that they were embezzling
funds, for example, and this was in their records, they could use that
information to know where to begin looking and prosecute a crime that
they would not have otherwise known about.
Citation?
I'll leave it to the courts to determine the outcome, but I predict this is the last we hear of this.
If they knowingly took HIPAA-protected records, and the taking of those records was outside the scope of the search warrant, they violated HIPAA. You can spew your pro-government nonsense all you want, but that simple fact cannot be changed.
They where authorized to have access to that machine and the data on it. HIPAA is just one law amoung many and you can't assume it automatically overrides everything else just because you are emotionally atached to the idea.
> And this is worth $250 billion in compensatory and punitive damages?
If you ever heard about RIAA cases where defendants were punished $250,000 per downloaded song, or $450,000,000 in total "damages", something like this should not surprise you.
The RIAA has an actual law (however absurd that law may be) on their side to award damages.[1] HIPAA has no such law, they can fine health companies for failing to maintain privacy standards, but there is no right to individual tort.
It's worth noting that the largest HIPAA fine to date was $3mm -- .001% of the sought-after amount.
From the filing:
Sounds juicy.. Peeping Toms? Getting pretty serious.. The IRS agents had the audacity to order lunch and watch TV? How salacious.. So how did they end up stealing so many confidential records? So they executed a search warrant, seized a server related to the financial crime they were investigating, and that server happened to have some confidential medical records too? And this is worth $250 billion in compensatory and punitive damages?