Is the IRS Violating HIPAA Medical Record Privacy Laws?

What Accusations is the IRS Facing?

Accusations concerning HIPAA stem from an incident in which the IRS investigated a former employee of a company in California. During a 2011 raid of the company, agents allegedly seized over 60 million medical records belonging to over 10 million Americans. reports that a class action complaint resulting from the seizure states, “No search warrant authorized the seizure of these records; no subpoena authorized the seizure of these records; none of the 10,000,000 Americans were under any kind of known criminal or civil investigation and their medical records had no relevance whatsoever to the IRS search.”

The complaint states that “the company executives each warned the IRS agents of these privileged records. The IRS agents ignored and discarded each of these warnings, ignored their own published and public-reliant rules and governing ethical requirements, and ignored the limitations of the court’s search warrant authorization, seizing the records under threat of destroying company property.”

Complainants also argue that the IRS seizure of their medical records violated their 4th Amendment rights.

The seriousness of allegations against the Internal Revenue Service should not be understated. The class action complaint against the IRS states that the medical records the agency seized in California “contained intimate and private information of more than 10,000,000 Americans, information that by its nature includes information about treatment for any kind of medical concern, including psychological counseling, gynecological counseling, sexual or drug treatment, and a wide range of medical matters covering the most intimate and private of concerns.”

Clearly, if these allegations prove substantive, it will be hard for the IRS to argue that it did not act in violation of HIPAA protections.

The complaint continues, “Despite knowing that these medical records were not within the scope of the warrant, defendants threatened to ‘rip’ the servers containing the medical data out of the building if IT personnel would not voluntarily hand them over. Moreover, even though defendants knew that the records they were seizing were not included within the scope of the search warrant, the defendants nonetheless searched and seized the records without making any attempt to segregate the files from those that could possibly be related to the search warrant. In fact, no effort was made at all to even try maintaining the illusion of legitimacy and legality.”

The Verdict

It remains to be seen whether the evidence will substantiate allegations that the IRS has violated HIPAA laws. It does not appear that the (John Doe) company that was raided is in any way responsible for violations that may have occurred.

The Lasting Significance

While recent allegations against the IRS do little to lift public confidence in the agency, there is particular concern among many Americans about any alleged indiscretions on the part of the IRS with regard to health care.

The reason is that the IRS is scheduled, in 2014, to take on a new role as further provisions of the Affordable Care Act (a.k.a. Obamacare) come into effect. As The Christian Science Monitor reports, the Internal Revenue Service will play “an important role in things like administering tax credits, verifying whether people are eligible for subsidies, and checking whether citizens have complied with a new mandate to carry insurance or pay a fine.”

Of special concern, according to ABC News, is the fact that Sarah Hall Ingram, who was in charge of the office responsible for tax-exempt organizations at the time tea party groups were targeted, “now runs the IRS office responsible for the health care legislation.” The tax-exempt unit of the IRS is the office held responsible for targeting groups opposing policies of the Obama Administration, and, while Miller will be stepping down as Acting Commissioner in June, there are many observers who hold Ingram equally responsible, if not more so.

Whatever comes of allegations that the IRS has violated HIPAA laws and breached the privacy of millions of people, it may be difficult, if not impossible, for the agency to convince the majority of Americans that it can be an impartial administrator of a health care program many people staunchly oppose. Complicating the issue is the fact that even many supporters of Obamacare question whether the IRS—especially in the wake of all the recent controversy—should play any role at all in helping to administer Pres. Obama’s health care program.

To learn more about Medicare supplement insurance, Medicare Advantage, and all your best healthcare options, why not give MedicareMall a call today?

Are you confident that the IRS can carry out its new health care duties impartially and responsibly? Leave a comment below!

Is the IRS Violating HIPAA Medical Record Privacy Laws?© 2013

2 thoughts on “Is the IRS Violating HIPAA Medical Record Privacy Laws?

  1. Steven, great post and something I never thought about in all my years of HIPAA consulting to Covered Entities and Business Associates. You have to wonder if this would get anywhere from a legal perspective. Thanks for the post.

  2. ….and on a side note, let me just add that If you want to see a decrease in data breaches of Protected Health Information (PHI), then both Covered Entities and Business Associates should do three (3) primary things. 1. Put in place all necessary HIPAA policies and procedures. (2). Strictly enforce annual security awareness training for all employees and workforce members and (3). Build a network that has comprehensive elements of layered security and defense-in-depth within it. Call the 3 point triangle for HIPAA success, which is relatively straightforward, yet many CE’s and BA’s simply fail to grasp the importance of such initiatives. Remember that HHS | OCR has announced even more annual HIPAA compliance audits, so be ready.

Leave a Reply

Your email address will not be published. Required fields are marked *

By completing the simple formula below you agree that you are a human being and not a robot. Thanks! *