DEA Impersonating Medical Board Investigators To Gain Access To Personal Health Records

from the the-constant-hassle-of-minimal-paperwork-thwarted-yet-again! dept

Medical records have long been given an increased expectation of privacy, something that dates back to before the passage of HIPAA. (See also: Hippocratic Oath.) Consultations with doctors — and the written records resulting from them — have generally been treated as confidential, seeing as they contain potentially embarrassing/damaging information. Personal health information can be reported to law enforcement for many reasons: suspicion of criminal activity on the health entity’s property, suspicion of criminal activity related to an off-site emergency, reporting a death, patients with stabbing/gunshot wounds, or in the case of a serious/immediate threat. Otherwise, HIPAA’s rules for law enforcement say personal information can only be released under the following conditions:

To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official (the administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used).

The bar is set pretty low and the DEA has been taking advantage of it. Jon Cassidy of is reporting that the agency is rooting around in medical records in hopes of finding patients or health care providers who might be abusing drugs.

The Drug Enforcement Administration has been sifting through hundreds of supposedly private medical files, looking for Texas doctors and patients to prosecute without the use of warrants.

What the DEA is using instead is a blend of impersonation and administrative permission slips sporting the agency’s own signature.

Instead, the agents are tricking doctors and nurses into thinking they’re with the Texas Medical Board. When that doesn’t work, they’re sending doctors subpoenas demanding medical records without court approval.

How often is this happening? Apparently it’s so close to “all the time” that the DEA doesn’t even have an approximate guess. This is what a DEA spokesperson told the Daily Caller.

“It’s not like there’s ten of them. There’s probably thousands — I know there are thousands,” Matt Barden, spokesman for the DEA, told the Daily Caller News Foundation about the DEA’s use of administrative subpoenas.

Early last year, a federal court in Oregon ruled the DEA could not access the state’s prescription database without a warrant. Unfortunately, this was due to Oregon’s state laws being more restrictive than federal law. A federal judge in Texas reached the opposite conclusion, finding that the DEA’s use of administrative subpoenas complied with both HIPAA and state law. This decision is now headed for the Fifth Circuit Court of Appeals, where it is hoped a finding similar to the decision in Oregon will be the end result. But judging from the laws in place, that outcome is doubtful.

While the DEA’s use of administrative subpoenas appears to comply with HIPAA’s restrictions, its repeated attempts (many of them successful) to access medical records with no paperwork whatsoever seem less likely to stand up to legal scrutiny.

The Dallas-area doctors bringing the lawsuit against the DEA have uncovered plenty of DEA subterfuge. In their case, three DEA agents showed up at their offices with a state medical board investigator. Only the investigator identified herself. The agents remained silent, allowing the nurse to believe they, too, were with the state medical board.

The state medical board may have every right to view medical records without any accompanying paperwork, but that’s because this information falls directly under its purview. The DEA, however, is looking to build criminal cases. This brings with it additional Fourth Amendment considerations and, at the very least, should bind it to the minimal restrictions of HIPAA. Apparently, issuing its own permission slips is still too much work and the delivered paperwork might accidentally restrict it to only certain medical records pertaining to certain people. By impersonating medical board members, agents have unrestricted access to whatever they ask for.

As Watchdog’s Jon Cassidy points out, patients who’d like their privacy respected may want to seek their prescriptions and refills… elsewhere.

The DEA’s practice of avoiding warrant requirements has produced this absurdity: If you have a prescription for Adderall or OxyContin, you might be safer getting your drugs on the street than through your own doctor.

Street dealers, after all, don’t keep patient records, and they’re afforded more constitutional protections than medical practitioners. That is, cops still need a warrant to search them.

While the latter isn’t strictly true in all cases, it’s true enough to show how limited the protections of HIPAA actually are. The more disturbing aspect is that the DEA isn’t even satisfied with near-instant access to a wealth of medical records provided by administrative subpoenas. It apparently only uses the correct paperwork as Plan B, preferring to mislead medical practitioners by allowing them to believe its agents are investigators working for the state medical board.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DEA Impersonating Medical Board Investigators To Gain Access To Personal Health Records”

Subscribe: RSS Leave a comment
Violynne (profile) says:

“The state medical board may have every right to view medical records without any accompanying paperwork…”

A medical board can only review medical records to ensure proper procedure. It does not have any legal justification to rummage through medical records looking for diagnoses or information related to specific health ailments.

That’s not only illegal by federal law, but to think so many people think because most medical boards are run by doctors, this gives them carte blanche to the record.

Did you know a provider can’t look at your medical record unless: A) you’ve given permission and B) is your primary care provider?

This is a clear-cut example of violation of the law.

The employees, who refused to question the silent people with the board representative, are also breaking the law, and will most likely be the scapegoats and lose their job while the true offenders get away with violation of the law.

In most HIPAA compliant arenas, great lengths are taken to ensure health care data isn’t seen by those not authorized. Databases are tracked, EMRs have restricted access, and computers away from prying eyes.

Because to get caught violating the law is one hell of a fine forthcoming.

Except for health care facilities in Texas, it seems.

There’s something seriously wrong with that state.

A Non-Mouse says:

Re: Re:

“The state medical board may have every right to view medical records without any accompanying paperwork…”


Agreed. Even if the medical board investigator did have the right to view the medical records, they still violated HIPAA by sharing the info with someone else. Period, end of story, time to prosecute the investigator. The fines can be huge and the investigator may be personally liable for them.

Anonymous Coward says:

Quick Do the same thing

The internet has taught me that applying these kind of logical loopholes, means the quickest way to make it illegal, is to do it to the DEA who live in these states. Keep all of the relevant info in a big database and every time one of the agents who should not be carrying a weapon or making decisions based on how much of x medication is in their system is involved in an incident, we supply the relevant info to the prosecution and defense. We are the reason they have power and a budget after all.

David says:

Fire all agents on the spot, prosecute, jail them.

They are sworn to the law of the land. It was every individual’s decision to participate in criminal schemes in order to make shortcuts in their job. Every single one of them was sworn to the Constitution and the law and decided to participate in organized crime rather than blow the whistle on what they clearly recognize to be illegal.

You can’t deal with organized crime in government by slapping wrists.

Groaker (profile) says:

HIPPA was never meant to provide privacy for patient data, but rather the illusion of privacy. It creates a significant hassle for those who have a reasonable right and need to access patient information, while leaving the door wide open for just about any LEO to gain full access. Sometimes directly, sometimes indirectly.

What is worse, is that in almost all cases, physicians and patients never know about it.

TOPDOG (profile) says:


The D.E.A. and F.D.A. have become the U.S. equivalent of Gestapo S.S.. The D.E.A. was a bad idea to start with and has only gotten worse ever sense. States are able to do their job. They don’t need the D.E.A. I don’t need the D.E.A. You don’t need the D.E.A. .Nobody needs the D.E.A. They are misappropriating and commandeering billions of dollars of public funds that America can no longer justify..Their funding needs to be cut by,at least, ninety-five to ninty-nine percent and all need to be restructured to a much smaller and much more restrained gang of Authoritarian sociopaths.. This is a group of renegade law enforcement completely out-of-control .and way over-the-top.They are using the war on drugs as a smokescreen and a ruse to subvert our Civil and Human rights and increasingly more as a ruse to seize cash and property in their war on the American people.Also, through gross incompetence, have made it nearly impossible for a pain sufferer to get treatment without being thrown in jail.
mismanagement and unwise misuse of their responsibility has,nearly, completely destroyed the science and research of anything they don’t approve of. If society is to survive these people must go. The drug war is just a ruse for an Authoritarian power grab. Other country’s that allow easy access to pain medication do not have a major drug problem. It is these government villains here who are orchestrating this farce.

BooYa says:

Re: D.E.A.

I think the DEA and general law enforcement paradigm that leads to them breaking the law is contributing to a broader culture of corruption. For example the investigation of silk road ended with two agents going to jail for funneling money into their own accounts.

I agree with you. I don’t think their budget needs to be cut substantially. The agency needs to be dismantled. If they contribute anything it’s negligible and another agency needs to take over those responsibilities.

Windy says:

Re: Re: D.E.A.

The DEA is an absolutely unconstitutional agency. First, it has police powers which are specifically forbidden to the fed gov by the Constitution. Second, the fed gov was never authorized the power to control or prohibit what individuals choose to ingest, therefore an agency devoted to enforcing prohibition of certain substances is verboten to the fed gov, as are the ONDCP, NIDA, and the FDA.

Coyne Tibbets (profile) says:

HIPAA Promiscuous? A Feature not an Omission

From the beginning, one of the “features” of HIPAA was access by and for the government. For example, medical record exchanges between organizations were prohibited by HIPAA, unless the governement was an intermediary in those exchanges.

It’s quite clear that the paragraph cited was intended to allow unrestricted access by the government. To wit:

To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official (the administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used).

This might as well be written, “Law enforcement officers are invited to issue administrative requests.” So let’s look at an example of a compliant administrative request:

We hereby request the information for every patient seen by your organization in the last ten (10) years. This is relevant and material to our search for terrorists, and the names must be included or it is no use to us.

Let’s see: (1) relevant and material, check; (2) specific and limited in scope, check; and (3) de-identified information cannot be used, check.

So my guess is that the DEA will get a pass, because HIPAA was designed to allow them to do this: it is deliberately promiscuous.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...