You seek to minimize the illegal conduct of the agents involved in this case, but this is actually very serious. I certainly don't want the IRS having access to my medical records, and in fact HIPAA was designed for exactly this type of thing. What if the IRS decides to keep this information and use it to spawn other investigations? Who is going to stop them once they have the records? If the law allows for $25,000 per person, and they were informed that they were violating the law and did this anyway, then so be it.
They likely won't wind up with anywhere near $250 billion, but someone needs to keep these IRS animals in check. I'd like to see a multi-million dollar judgment, paid personally by the IRS agents involved over the next several decades, while they are forced to work construction. Then I'd like to see pictures of them working in the hot sun to pay this debt published in the IRS employee newsletter as a warning to other power-tripping, pizza-eating, Coke-swilling agents that practice their profession with wanton disregard for the very laws they are supposed to be enforcing. This kind of thing is not OK.
You seek to minimize the illegal conduct of the agents involved in
this case, but this is actually very serious.
You do realize that this is a civil case right?
I'm not even convinced what they did was illegal. Unless you know otherwise, the story reads that the IRS had a subpoena for some electronic files on a John Doe suspected of fraud. They took a 'server' which was likely a file server that contained said files. It appears that the file server also had patient data. How devious of them.
What were they supposed to do? I'm sure John Doe didn't type up a 'master-fraud-plan.doc' and leave it on the desktop.
And in fact HIPAA was designed for exactly this type of thing.
No it wasn't.
What if the IRS decides to keep this information and use it
to spawn other investigations?
The cases would be thrown out almost immediately?
Who is going to stop them once they have the records?
Somewhat ironically, the 4th amendment?
If the law allows for $25,000 per person, and they were informed that
they were violating the law and did this anyway, then so be it.
The law makes no such allowance. Again, this is a civil case. That is how much damage Wesley Snipes' tax attorney thinks was done to the 10 million people that had never heard of this before.
Speaking of the 10 million people, any provider which loses patient information for more than 500 people must file a notice of breach, which is then public information. Looking at 2011 breach notifications, the largest California breach was only 1.9 million people, and was related to IBM losing some drives.[1] It would be outstanding if this dirtbag convinced some judge that a breach actually occurred, which would be enough evidence for the HHS to levy a massive fine against them for failing to report.
Yes. They committed an illegal act; now they are being sued over it.
[Hipaa was't designed for this]
HIPAA was designed to protect medical records from falling into unauthorized hands and/or being misused or mishandled. So yes, this is a HIPAA violation, probably of unprecedented size and scope.
[If the government used this information for other cases] The cases would be thrown out almost immediately
The government routinely intercepts information that it can't use in court because of the way it was obtained. They use it as a starting point. If someone has told their psychiatrist that they were embezzling funds, for example, and this was in their records, they could use that information to know where to begin looking and prosecute a crime that they would not have otherwise known about.
Yes. They committed an illegal act; now they are being sued over it.
They're being sued in civil court because this would be laughed out of criminal court.
So yes, this is a HIPAA violation, probably of unprecedented size and scope.
You don't have any idea whether or not this is a HIPAA violation, so stop pretending like you do.
1. The law makes clear exceptions for information gathered during the course of an investigation.
2. Health information is supposed to be encrypted in transit or at rest, so if the company was in compliance, there's a distinct possibility that the data isn't even accessible.
The government routinely intercepts information that it can't use
in court because of the way it was obtained. They use it as a starting
point. If someone has told their psychiatrist that they were embezzling
funds, for example, and this was in their records, they could use that
information to know where to begin looking and prosecute a crime that
they would not have otherwise known about.
Citation?
I'll leave it to the courts to determine the outcome, but I predict this is the last we hear of this.
If they knowingly took HIPAA-protected records, and the taking of those records was outside the scope of the search warrant, they violated HIPAA. You can spew your pro-government nonsense all you want, but that simple fact cannot be changed.
They where authorized to have access to that machine and the data on it. HIPAA is just one law amoung many and you can't assume it automatically overrides everything else just because you are emotionally atached to the idea.
They likely won't wind up with anywhere near $250 billion, but someone needs to keep these IRS animals in check. I'd like to see a multi-million dollar judgment, paid personally by the IRS agents involved over the next several decades, while they are forced to work construction. Then I'd like to see pictures of them working in the hot sun to pay this debt published in the IRS employee newsletter as a warning to other power-tripping, pizza-eating, Coke-swilling agents that practice their profession with wanton disregard for the very laws they are supposed to be enforcing. This kind of thing is not OK.