New Hampshire, ACLU Fighting Back Against DEA's Warrantless Access To Sensitive Medical Records

from the you-can-have-your-rights-or-our-failed-drug-war,-citizens dept

The DEA regulates controlled substances, including medications containing controlled substances. The DEA has taken this to mean any number of medical privacy laws don't apply to it. If the DEA was forced to respect the law, well, it might just mean some drug dispensation wouldn't be quite as closely regulated as the agency wants it to be.

Since drugs have a war on them, the DEA has been given a long leash to investigate drug use/abuse. The DEA has argued in court that federal law overrules state-level privacy provisions. It has also done less legal things, like impersonate medical board investigators to gain access to denied records and ignored warrant requirements instituted by state legislatures.

This last tactic worked -- up to a point -- in Oregon. It resulted in the state suing the DEA for ignoring state warrant requirements when pulling records from Oregon's Prescription Drug Monitoring Program. The same thing is happening in New Hampshire. The fed DOJ got stiff-armed by the state DOJ when seeking warrantless access to medical records.

New Hampshire received a warrantless search demand from the federal Drug Enforcement Administration (DEA) for two years of a patient’s PDMP records last year. The N.H. Department of Justice correctly and courageously refused to comply, because doing so would violate the state law requiring a warrant and infringe on privacy rights. After the DEA sued in court, they stood firm, arguing that the subpoena was improper under federal law and the Fourth Amendment to the U.S. Constitution.

The ACLU has stepped in to argue in favor of requiring the DEA to use warrants. Its amicus brief [PDF] argues the records contained in the PDMP are not third-party records requiring nothing more than a subpoena. And even if the court does determine they are third-party records, the Supreme Court's decision in the Carpenter case has changed the contours of third-party record access.

The prescription records at issue in this case reveal intimate, private, and potentially stigmatizing details about patients’ health, including details of those patients’ underlying medical conditions. For that reason, as with other medical records, people have a reasonable expectation of privacy in them. As the Supreme Court explained in Carpenter v. United States, when law enforcement seeks records from a third party in which the subject of the investigation has a reasonable expectation of privacy, use of an administrative subpoena is unreasonable under the Fourth Amendment, and a warrant is required instead. Such is the case here.

While the records may be held by a third party, there's nothing voluntary about the records' creation. These records are created by healthcare professionals to comply with a state mandate. Patients do not volunteer to hand over this sensitive information. The only way to opt out is to never see a doctor.

The records expose at least as much personal information as the location records protected by Carpenter. The Supreme Court didn't believe going through life without a cellphone was a realistic option for citizens. I'm sure the Supreme Court would similarly conclude going through life without ever consulting a physician to be even more unlikely.

The DEA's position isn't based on an investigative need. Unless you're just fishing around, warrant requirements won't slow down the DEA much during investigations. It's just that the DEA is used to doing things its way, which is often the easiest way that involves the least amount of oversight possible.

Unfortunately for New Hampshire residents, trying to make the DEA respect state-level warrant requirements hasn't worked out yet. Oregon's lawsuit against the DEA ended with a defeat in the Ninth Circuit Appeals Court, which held that federal subpoena requirements trumped state-level demand for warrants. Sooner or later, this issue is going to end up in the Supreme Court, but for now, the DEA can still rely on subpoenas to hoover up sensitive patient records.

Filed Under: 4th amendment, dea, medical records, new hampshire, warrants


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    ECA (profile), 13 Jun 2019 @ 10:03am

    Can we laugh at this now?? Please..

    WE have seen tons of evidence already.. Who and where all this started and where is comes from.

    Its the concept that you dont Attack the Druggies, you attack the distributor..you Find him and take all of it off the market.

    Anyone here think we could find a few addresses, OFF THE NET to tell them what door(S) to knock on??

    90% of this is Legislation..WHO will make the laws for WHOM..
    Place Doctors in jail?
    Pharmacists?
    Who do you want to hold responsible??
    NOT those guys over there, that give us MONEY not to do it.. It could hurt the market..

    I know, lets SAY' we are going to make laws, and get them to pay us MORE, not to..

    reply to this | link to this | view in chronology ]

  • icon
    James Burkhardt (profile), 13 Jun 2019 @ 10:03am

    Why in this case is the argument about a nebulous inherent expectation of privacy in medical information (which, given all the laws regarding it, can't be that strong), and not the explicit expectation of privacy established by statute, including the laws that explicitly establish a warrant requirement?

    I realize that the inherent expectation of privacy protects our rights better from future legislation, but it relies on precedent that American conservatives actively believe they can get overturned by the current SCOTUS. And I feel if the courts do not believe the legislature can establish warrant requirements, than the inherent privacy argument isn't likely to survive either.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Jun 2019 @ 10:07am

      Re:

      It's not just inherent privacy for medical records, there are also explicit laws to protect that data.

      reply to this | link to this | view in chronology ]

      • icon
        James Burkhardt (profile), 13 Jun 2019 @ 11:24am

        Re: Re:

        Which was my point, the article highlights the ACLU stance, which was to argue the inherent expectation of privacy over the explicit expectation of privacy.

        reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 13 Jun 2019 @ 10:31am

      Re:

      Whats fun to think about, with FREE MEDICAL..
      Is that a system can be created with NO NAMES..
      showing all the files to compare and decode/use/... for doctors and lawyers and the Police/feds..
      And it would still be considered PRIVATE...the only telltale would be WHERE the data was gathered in the USA.. Which would keep it private. But if something were found, that those agencies that NEED to locate Some Psychopath could IDENTIFY the medical properties and then ask the courts to find the REGION..and they could focus on the area and FIND the person..

      and it would be considered Private.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jun 2019 @ 10:16am

    Opting out

    The only way to opt out is to never see a doctor.

    No, you'd also have to make sure a doctor never sees you while you're unconscious. Which is a risk when you've never seen a doctor. You may need an opt-out tattoo.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jun 2019 @ 11:47am

    "The DEA regulates controlled substances, including medications containing controlled substances."

    They did a really bang up job with those opioids.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jun 2019 @ 12:23pm

    Privacy is as obsolete as copyright.

    Nothing to hide, nothing to fear.

    reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 13 Jun 2019 @ 12:29pm

      Re:

      They already lost to much data..
      And its only a reason to Improve security, to the point we are all going to need CHIPS..and Facial ID..
      And thats Only to USe our Credit and debit cards and our checks..

      At this point with all the lost data, the Banks cant prove WHO used your cards..
      And checks always amazed me, as you are handing out your Account numbers on every check..
      There is NO ID on anything now..and its stupid.

      reply to this | link to this | view in chronology ]

  • identicon
    WhatAWorld, 13 Jun 2019 @ 12:36pm

    State has other options

    State can fine whichever health-care provider that fulfills the illegal/warrantless requests an amount that would beggar all but the wealthiest of corporations.

    Like say, a billion dollars or more per violation.

    reply to this | link to this | view in chronology ]

    • identicon
      Annonymouse, 13 Jun 2019 @ 1:15pm

      Re: State has other options

      Add in the heads being separated for all the board members and things will eventually stabilize as the pool of greedy idiots is reduced.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.