According to a report by Courthousenews.com, an unnamed HIPAA-covered entity in California is suing the IRS, alleging that some 60 million medical records from 10 million patients were stolen by 15 IRS agents. The personal health information seized on March 11, 2011, included psychological counseling, gynecological counseling, sexual/drug treatment and other medical treatment data.  

 

"This is an action involving the corruption and abuse of power by several Internal Revenue Service agents," wrote Robert E. Barnes, attorney representing the John Doe Company, in the official complaint. "No search warrant authorized the seizure of these records; no subpoena authorized the seizure of these records; none of the 10,000,000 Americans were under any kind of known criminal or civil investigation and their medical records had no relevance whatsoever to the IRS search. IT personnel at the scene, a HIPAA facility warning on the building and the IT portion of the searched premises, and the company executives each warned the IRS agents of these privileged records," the complaint continued.

 

According to the complaint, the IRS agents obtained a search warrant for financial data pertaining to a former employee of the John Doe Company, however, "it did not authorize any seizure of any healthcare or medical record of any persons, least of all third parties completely unrelated to the matter," the complaint read. 

 

The IRS did not respond to multiple inquiries regarding the case.

 

“If the allegations are true, the IRS is in trouble,” wrote Jim Pyles, Washington-based healthcare privacy lawyer, in a statement to Healthcare IT News. “By both constitutional law and HIPAA, then I think we have a problem.”

 

Pyles added that the Fourth Amendment was drafted in response to the General Warrants issued by the King of England under which his officers could search for any evidence of crime without showing probable cause. “The drafters expressly sought to curb that practice in the 4th Amendment which guarantees the ‘right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures,’” he explained. If the allegations are true, “they way overstepped the limits of the search warrant.”

The Department of Health and Human Services recently stated that the ACA does not grant the IRS open access to Americans' medical records with no cause. "The Affordable Care Act maintains strict privacy controls to safeguard personal information. The IRS will not have access to personal health information,” said HHS spokesperson Erin Shields Britt, to Kaiser Health News.

Just recently, IRS officials have been under fire over routinely searching through Americans’ emails, an action the American Civil Liberties Union bills as a violation of the Fourth Amendment. The agency’s justification of this process may foreshadow the fate of the California lawsuit. According to New York Daily News, back in 2009 the IRS wrote, “The Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because Internet users do not have a reasonable expectation of privacy in such communication.” 

The class action lawsuit against the IRS seeks $25,000 in compensatory damages "per violation per individual" in addition to punitive damages for constitutional violations. Thus, compensatory damages could start at a minimum of $250 billion.