[preamble]Of course the IRS is above the laws we all must follow. Think if this was a hospital or doctor – the NY Times would be ripping them apart stating how bad they are and look how careless they are with our personal data. The power of the IRS is already expanding with the Obama care and in tracking if we are paying for health insurance – imagine the power and helplessness we will have once all this truly takes effect next year. Whats next sleep police making sure we all sleep 8 hours a day. When this folly ends…..[backtopost]
BY Susan D. Hall – Firecehealthit 3/18/2013
An unnamed HIPAA-covered entity in Southern California is suing the U.S. Internal Revenue Service, alleging that agents executing a warrant stole medical records for 10 million Americans. Those affected could include every state judge in California, as well as “prominent citizens in the world of entertainment, business and government, from all walks of life,” according to the complaint.
Fifteen IRS agents executed a search warrant on March 11, 2011, for financial data pertaining to a former employee of the company, however, “it did not authorize any seizure of any healthcare or medical record of any persons, least of all third parties completely unrelated to the matter.”
IT personnel, a HIPAA warning on the building and company executives explained that the records were privileged; however the agents “threatened to ‘rip’ the servers containing the medical data out of the building if IT personnel would not voluntarily hand them over,” Courthouse News Service quotes the complaint. It alleges that the agents made no effort to confine their search to information specified in the warrant, and claims the IRS still has the records.
Plaintiff’s attorney Robert E. Barnes told the news service that he’s still investigating, but had to file the lawsuit now due to statute of limitations issues. He said he will have more information “in a few months.”
The number of records involved–60 million–would include roughly one of every 25 American adults, according to the complaint, including records on psychological counseling, gynecological counseling, sexual/drug treatment and other medical treatment.
The lawsuit seeks $25,000 “per violation per individual” in compensatory damages, as well as punitive damages. It also seeks the return of the data, an injunction to prevent the IRS from sharing the data and the purging of all the information from government databases.
Large-scale healthcare data breaches were on the decline in 2012 as organizations doubled down on privacy and security safeguards, according to IT security audit firm Redspin. Yet stories of lost or stolen laptops remain common, as well as other ways that health information leaks out–such as through unencrypted wireless networks. Google recently agreed to pay a $7 million fine for scooping up personal information while collecting data for its Street View project.