DEA Impersonating Medical Board Investigators To Gain Access To Personal Health Records

from the the-constant-hassle-of-minimal-paperwork-thwarted-yet-again! dept

Medical records have long been given an increased expectation of privacy, something that dates back to before the passage of HIPAA. (See also: Hippocratic Oath.) Consultations with doctors -- and the written records resulting from them -- have generally been treated as confidential, seeing as they contain potentially embarrassing/damaging information. Personal health information can be reported to law enforcement for many reasons: suspicion of criminal activity on the health entity's property, suspicion of criminal activity related to an off-site emergency, reporting a death, patients with stabbing/gunshot wounds, or in the case of a serious/immediate threat. Otherwise, HIPAA's rules for law enforcement say personal information can only be released under the following conditions:

To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official (the administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used).
The bar is set pretty low and the DEA has been taking advantage of it. Jon Cassidy of Watchdog.org is reporting that the agency is rooting around in medical records in hopes of finding patients or health care providers who might be abusing drugs.
The Drug Enforcement Administration has been sifting through hundreds of supposedly private medical files, looking for Texas doctors and patients to prosecute without the use of warrants.
What the DEA is using instead is a blend of impersonation and administrative permission slips sporting the agency's own signature.
Instead, the agents are tricking doctors and nurses into thinking they’re with the Texas Medical Board. When that doesn’t work, they’re sending doctors subpoenas demanding medical records without court approval.
How often is this happening? Apparently it's so close to "all the time" that the DEA doesn't even have an approximate guess. This is what a DEA spokesperson told the Daily Caller.
“It’s not like there’s ten of them. There’s probably thousands — I know there are thousands,” Matt Barden, spokesman for the DEA, told the Daily Caller News Foundation about the DEA’s use of administrative subpoenas.
Early last year, a federal court in Oregon ruled the DEA could not access the state's prescription database without a warrant. Unfortunately, this was due to Oregon's state laws being more restrictive than federal law. A federal judge in Texas reached the opposite conclusion, finding that the DEA's use of administrative subpoenas complied with both HIPAA and state law. This decision is now headed for the Fifth Circuit Court of Appeals, where it is hoped a finding similar to the decision in Oregon will be the end result. But judging from the laws in place, that outcome is doubtful.

While the DEA's use of administrative subpoenas appears to comply with HIPAA's restrictions, its repeated attempts (many of them successful) to access medical records with no paperwork whatsoever seem less likely to stand up to legal scrutiny.

The Dallas-area doctors bringing the lawsuit against the DEA have uncovered plenty of DEA subterfuge. In their case, three DEA agents showed up at their offices with a state medical board investigator. Only the investigator identified herself. The agents remained silent, allowing the nurse to believe they, too, were with the state medical board.

The state medical board may have every right to view medical records without any accompanying paperwork, but that's because this information falls directly under its purview. The DEA, however, is looking to build criminal cases. This brings with it additional Fourth Amendment considerations and, at the very least, should bind it to the minimal restrictions of HIPAA. Apparently, issuing its own permission slips is still too much work and the delivered paperwork might accidentally restrict it to only certain medical records pertaining to certain people. By impersonating medical board members, agents have unrestricted access to whatever they ask for.

As Watchdog's Jon Cassidy points out, patients who'd like their privacy respected may want to seek their prescriptions and refills… elsewhere.
The DEA’s practice of avoiding warrant requirements has produced this absurdity: If you have a prescription for Adderall or OxyContin, you might be safer getting your drugs on the street than through your own doctor.

Street dealers, after all, don’t keep patient records, and they’re afforded more constitutional protections than medical practitioners. That is, cops still need a warrant to search them.
While the latter isn't strictly true in all cases, it's true enough to show how limited the protections of HIPAA actually are. The more disturbing aspect is that the DEA isn't even satisfied with near-instant access to a wealth of medical records provided by administrative subpoenas. It apparently only uses the correct paperwork as Plan B, preferring to mislead medical practitioners by allowing them to believe its agents are investigators working for the state medical board.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Violynne (profile), 9 Sep 2015 @ 7:57am

    "The state medical board may have every right to view medical records without any accompanying paperwork..."
    Bullshit.

    A medical board can only review medical records to ensure proper procedure. It does not have any legal justification to rummage through medical records looking for diagnoses or information related to specific health ailments.

    That's not only illegal by federal law, but to think so many people think because most medical boards are run by doctors, this gives them carte blanche to the record.

    Did you know a provider can't look at your medical record unless: A) you've given permission and B) is your primary care provider?

    This is a clear-cut example of violation of the law.

    The employees, who refused to question the silent people with the board representative, are also breaking the law, and will most likely be the scapegoats and lose their job while the true offenders get away with violation of the law.

    In most HIPAA compliant arenas, great lengths are taken to ensure health care data isn't seen by those not authorized. Databases are tracked, EMRs have restricted access, and computers away from prying eyes.

    Because to get caught violating the law is one hell of a fine forthcoming.

    Except for health care facilities in Texas, it seems.

    There's something seriously wrong with that state.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Sep 2015 @ 8:23am

      Re:

      Nah, it's the Government, Frank.

      Of course they'd ignore the fucking law. The law only applies to the unwashed masses,a fter all.

      reply to this | link to this | view in chronology ]

    • identicon
      A Non-Mouse, 9 Sep 2015 @ 9:59am

      Re:

      "The state medical board may have every right to view medical records without any accompanying paperwork..."

      "Bullshit."


      Agreed. Even if the medical board investigator did have the right to view the medical records, they still violated HIPAA by sharing the info with someone else. Period, end of story, time to prosecute the investigator. The fines can be huge and the investigator may be personally liable for them.

      reply to this | link to this | view in chronology ]

    • icon
      Padpaw (profile), 9 Sep 2015 @ 3:36pm

      Re:

      There is something seriously wrong with your whole country

      reply to this | link to this | view in chronology ]

    • icon
      Coyne Tibbets (profile), 10 Sep 2015 @ 12:53am

      Re:

      The only thing I don't understand is: where is the lawsuit against the state medical board? They were complicit in these violations of rights.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Sep 2015 @ 8:43am

    Quick Do the same thing

    The internet has taught me that applying these kind of logical loopholes, means the quickest way to make it illegal, is to do it to the DEA who live in these states. Keep all of the relevant info in a big database and every time one of the agents who should not be carrying a weapon or making decisions based on how much of x medication is in their system is involved in an incident, we supply the relevant info to the prosecution and defense. We are the reason they have power and a budget after all.

    reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 9 Sep 2015 @ 8:46am

    Guess the DEA doesn't know that HIPAA > DEA. I wonder how many others flunked basic math.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Sep 2015 @ 8:59am

      Re:

      Almost All of them... that is how many others... you will not get nearly two steps in the Legal System without running into a corruption of some type.

      The honest with integrity are constantly weeded out. it is an us vs them mentality over there and their attitude and actions make it clear they think that way.

      reply to this | link to this | view in chronology ]

  • identicon
    David, 9 Sep 2015 @ 8:59am

    Fire all agents on the spot, prosecute, jail them.

    They are sworn to the law of the land. It was every individual's decision to participate in criminal schemes in order to make shortcuts in their job. Every single one of them was sworn to the Constitution and the law and decided to participate in organized crime rather than blow the whistle on what they clearly recognize to be illegal.

    You can't deal with organized crime in government by slapping wrists.

    reply to this | link to this | view in chronology ]

  • icon
    JustMe (profile), 9 Sep 2015 @ 9:47am

    This is why we need more people like Snowden and Manning

    Because clearly, and demonstrably, the US Federal agencies and agents who have sworn to uphold the Constitution are violating multiple Constitutional protections.

    reply to this | link to this | view in chronology ]

  • icon
    Groaker (profile), 9 Sep 2015 @ 11:53am

    HIPPA was never meant to provide privacy for patient data, but rather the illusion of privacy. It creates a significant hassle for those who have a reasonable right and need to access patient information, while leaving the door wide open for just about any LEO to gain full access. Sometimes directly, sometimes indirectly.

    What is worse, is that in almost all cases, physicians and patients never know about it.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Sep 2015 @ 12:18pm

    BITTGASO.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Sep 2015 @ 1:58pm

    So whats the point of all these laws and regularions? They will just spend a lot of tax money to go around them and do whatever they want...

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 9 Sep 2015 @ 3:32pm

    Nothing like a little felony to get the info you want. Since the consequences never seem to apply to those working for the state.

    Oh you serfs want to impersonate someone well that's jail time then. If we want to do it we get a raise.

    reply to this | link to this | view in chronology ]

  • identicon
    TOPDOG, 9 Sep 2015 @ 4:28pm

    D.E.A.

    The D.E.A. and F.D.A. have become the U.S. equivalent of Gestapo S.S.. The D.E.A. was a bad idea to start with and has only gotten worse ever sense. States are able to do their job. They don't need the D.E.A. I don't need the D.E.A. You don't need the D.E.A. .Nobody needs the D.E.A. They are misappropriating and commandeering billions of dollars of public funds that America can no longer justify..Their funding needs to be cut by,at least, ninety-five to ninty-nine percent and all need to be restructured to a much smaller and much more restrained gang of Authoritarian sociopaths.. This is a group of renegade law enforcement completely out-of-control .and way over-the-top.They are using the war on drugs as a smokescreen and a ruse to subvert our Civil and Human rights and increasingly more as a ruse to seize cash and property in their war on the American people.Also, through gross incompetence, have made it nearly impossible for a pain sufferer to get treatment without being thrown in jail.
    mismanagement and unwise misuse of their responsibility has,nearly, completely destroyed the science and research of anything they don't approve of. If society is to survive these people must go. The drug war is just a ruse for an Authoritarian power grab. Other country's that allow easy access to pain medication do not have a major drug problem. It is these government villains here who are orchestrating this farce.

    reply to this | link to this | view in chronology ]

    • identicon
      BooYa, 9 Sep 2015 @ 11:15pm

      Re: D.E.A.

      I think the DEA and general law enforcement paradigm that leads to them breaking the law is contributing to a broader culture of corruption. For example the investigation of silk road ended with two agents going to jail for funneling money into their own accounts.

      I agree with you. I don't think their budget needs to be cut substantially. The agency needs to be dismantled. If they contribute anything it's negligible and another agency needs to take over those responsibilities.

      reply to this | link to this | view in chronology ]

      • identicon
        Windy, 12 Oct 2015 @ 11:54pm

        Re: Re: D.E.A.

        The DEA is an absolutely unconstitutional agency. First, it has police powers which are specifically forbidden to the fed gov by the Constitution. Second, the fed gov was never authorized the power to control or prohibit what individuals choose to ingest, therefore an agency devoted to enforcing prohibition of certain substances is verboten to the fed gov, as are the ONDCP, NIDA, and the FDA.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Sep 2015 @ 8:54pm

    This is the main reason I've kept all kinds of secrets from my doctors throughout my entire life. I knew nothing you reveal to your doctor would remain confidential.

    Turns out my assumptions and gut feelings are 100% true yet again. Sometimes I hate being right all the time.

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 10 Sep 2015 @ 1:17am

    HIPAA Promiscuous? A Feature not an Omission

    From the beginning, one of the "features" of HIPAA was access by and for the government. For example, medical record exchanges between organizations were prohibited by HIPAA, unless the governement was an intermediary in those exchanges.

    It's quite clear that the paragraph cited was intended to allow unrestricted access by the government. To wit:
    To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official (the administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used).
    This might as well be written, "Law enforcement officers are invited to issue administrative requests." So let's look at an example of a compliant administrative request:
    We hereby request the information for every patient seen by your organization in the last ten (10) years. This is relevant and material to our search for terrorists, and the names must be included or it is no use to us.
    Let's see: (1) relevant and material, check; (2) specific and limited in scope, check; and (3) de-identified information cannot be used, check.

    So my guess is that the DEA will get a pass, because HIPAA was designed to allow them to do this: it is deliberately promiscuous.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.