DEA Impersonating Medical Board Investigators To Gain Access To Personal Health Records
from the the-constant-hassle-of-minimal-paperwork-thwarted-yet-again! dept
Medical records have long been given an increased expectation of privacy, something that dates back to before the passage of HIPAA. (See also: Hippocratic Oath.) Consultations with doctors -- and the written records resulting from them -- have generally been treated as confidential, seeing as they contain potentially embarrassing/damaging information. Personal health information can be reported to law enforcement for many reasons: suspicion of criminal activity on the health entity's property, suspicion of criminal activity related to an off-site emergency, reporting a death, patients with stabbing/gunshot wounds, or in the case of a serious/immediate threat. Otherwise, HIPAA's rules for law enforcement say personal information can only be released under the following conditions:
To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official (the administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used).The bar is set pretty low and the DEA has been taking advantage of it. Jon Cassidy of Watchdog.org is reporting that the agency is rooting around in medical records in hopes of finding patients or health care providers who might be abusing drugs.
The Drug Enforcement Administration has been sifting through hundreds of supposedly private medical files, looking for Texas doctors and patients to prosecute without the use of warrants.What the DEA is using instead is a blend of impersonation and administrative permission slips sporting the agency's own signature.
Instead, the agents are tricking doctors and nurses into thinking they’re with the Texas Medical Board. When that doesn’t work, they’re sending doctors subpoenas demanding medical records without court approval.How often is this happening? Apparently it's so close to "all the time" that the DEA doesn't even have an approximate guess. This is what a DEA spokesperson told the Daily Caller.
“It’s not like there’s ten of them. There’s probably thousands — I know there are thousands,” Matt Barden, spokesman for the DEA, told the Daily Caller News Foundation about the DEA’s use of administrative subpoenas.Early last year, a federal court in Oregon ruled the DEA could not access the state's prescription database without a warrant. Unfortunately, this was due to Oregon's state laws being more restrictive than federal law. A federal judge in Texas reached the opposite conclusion, finding that the DEA's use of administrative subpoenas complied with both HIPAA and state law. This decision is now headed for the Fifth Circuit Court of Appeals, where it is hoped a finding similar to the decision in Oregon will be the end result. But judging from the laws in place, that outcome is doubtful.
While the DEA's use of administrative subpoenas appears to comply with HIPAA's restrictions, its repeated attempts (many of them successful) to access medical records with no paperwork whatsoever seem less likely to stand up to legal scrutiny.
The Dallas-area doctors bringing the lawsuit against the DEA have uncovered plenty of DEA subterfuge. In their case, three DEA agents showed up at their offices with a state medical board investigator. Only the investigator identified herself. The agents remained silent, allowing the nurse to believe they, too, were with the state medical board.
The state medical board may have every right to view medical records without any accompanying paperwork, but that's because this information falls directly under its purview. The DEA, however, is looking to build criminal cases. This brings with it additional Fourth Amendment considerations and, at the very least, should bind it to the minimal restrictions of HIPAA. Apparently, issuing its own permission slips is still too much work and the delivered paperwork might accidentally restrict it to only certain medical records pertaining to certain people. By impersonating medical board members, agents have unrestricted access to whatever they ask for.
As Watchdog's Jon Cassidy points out, patients who'd like their privacy respected may want to seek their prescriptions and refills… elsewhere.
The DEA’s practice of avoiding warrant requirements has produced this absurdity: If you have a prescription for Adderall or OxyContin, you might be safer getting your drugs on the street than through your own doctor.While the latter isn't strictly true in all cases, it's true enough to show how limited the protections of HIPAA actually are. The more disturbing aspect is that the DEA isn't even satisfied with near-instant access to a wealth of medical records provided by administrative subpoenas. It apparently only uses the correct paperwork as Plan B, preferring to mislead medical practitioners by allowing them to believe its agents are investigators working for the state medical board.
Street dealers, after all, don’t keep patient records, and they’re afforded more constitutional protections than medical practitioners. That is, cops still need a warrant to search them.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, dea, health records, hipaa, impersonation, investigations, medical boards, privacy, warrant
Reader Comments
Subscribe: RSS
View by: Time | Thread
Bullshit.
A medical board can only review medical records to ensure proper procedure. It does not have any legal justification to rummage through medical records looking for diagnoses or information related to specific health ailments.
That's not only illegal by federal law, but to think so many people think because most medical boards are run by doctors, this gives them carte blanche to the record.
Did you know a provider can't look at your medical record unless: A) you've given permission and B) is your primary care provider?
This is a clear-cut example of violation of the law.
The employees, who refused to question the silent people with the board representative, are also breaking the law, and will most likely be the scapegoats and lose their job while the true offenders get away with violation of the law.
In most HIPAA compliant arenas, great lengths are taken to ensure health care data isn't seen by those not authorized. Databases are tracked, EMRs have restricted access, and computers away from prying eyes.
Because to get caught violating the law is one hell of a fine forthcoming.
Except for health care facilities in Texas, it seems.
There's something seriously wrong with that state.
[ link to this | view in thread ]
Re:
Of course they'd ignore the fucking law. The law only applies to the unwashed masses,a fter all.
[ link to this | view in thread ]
Quick Do the same thing
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
The honest with integrity are constantly weeded out. it is an us vs them mentality over there and their attitude and actions make it clear they think that way.
[ link to this | view in thread ]
Fire all agents on the spot, prosecute, jail them.
You can't deal with organized crime in government by slapping wrists.
[ link to this | view in thread ]
This is why we need more people like Snowden and Manning
[ link to this | view in thread ]
Re:
"Bullshit."
Agreed. Even if the medical board investigator did have the right to view the medical records, they still violated HIPAA by sharing the info with someone else. Period, end of story, time to prosecute the investigator. The fines can be huge and the investigator may be personally liable for them.
[ link to this | view in thread ]
What is worse, is that in almost all cases, physicians and patients never know about it.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
To make sure that the serfs, I mean citizens, cannot pry into the lives and doings of the elites.
[ link to this | view in thread ]
Oh you serfs want to impersonate someone well that's jail time then. If we want to do it we get a raise.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
D.E.A.
mismanagement and unwise misuse of their responsibility has,nearly, completely destroyed the science and research of anything they don't approve of. If society is to survive these people must go. The drug war is just a ruse for an Authoritarian power grab. Other country's that allow easy access to pain medication do not have a major drug problem. It is these government villains here who are orchestrating this farce.
[ link to this | view in thread ]
Turns out my assumptions and gut feelings are 100% true yet again. Sometimes I hate being right all the time.
[ link to this | view in thread ]
Re: D.E.A.
I agree with you. I don't think their budget needs to be cut substantially. The agency needs to be dismantled. If they contribute anything it's negligible and another agency needs to take over those responsibilities.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
HIPAA Promiscuous? A Feature not an Omission
It's quite clear that the paragraph cited was intended to allow unrestricted access by the government. To wit: This might as well be written, "Law enforcement officers are invited to issue administrative requests." So let's look at an example of a compliant administrative request: Let's see: (1) relevant and material, check; (2) specific and limited in scope, check; and (3) de-identified information cannot be used, check.
So my guess is that the DEA will get a pass, because HIPAA was designed to allow them to do this: it is deliberately promiscuous.
[ link to this | view in thread ]
Re: Re: D.E.A.
[ link to this | view in thread ]
[ link to this | view in thread ]