New Hampshire, ACLU Fighting Back Against DEA's Warrantless Access To Sensitive Medical Records

from the you-can-have-your-rights-or-our-failed-drug-war,-citizens dept

The DEA regulates controlled substances, including medications containing controlled substances. The DEA has taken this to mean any number of medical privacy laws don't apply to it. If the DEA was forced to respect the law, well, it might just mean some drug dispensation wouldn't be quite as closely regulated as the agency wants it to be.

Since drugs have a war on them, the DEA has been given a long leash to investigate drug use/abuse. The DEA has argued in court that federal law overrules state-level privacy provisions. It has also done less legal things, like impersonate medical board investigators to gain access to denied records and ignored warrant requirements instituted by state legislatures.

This last tactic worked -- up to a point -- in Oregon. It resulted in the state suing the DEA for ignoring state warrant requirements when pulling records from Oregon's Prescription Drug Monitoring Program. The same thing is happening in New Hampshire. The fed DOJ got stiff-armed by the state DOJ when seeking warrantless access to medical records.

New Hampshire received a warrantless search demand from the federal Drug Enforcement Administration (DEA) for two years of a patient’s PDMP records last year. The N.H. Department of Justice correctly and courageously refused to comply, because doing so would violate the state law requiring a warrant and infringe on privacy rights. After the DEA sued in court, they stood firm, arguing that the subpoena was improper under federal law and the Fourth Amendment to the U.S. Constitution.

The ACLU has stepped in to argue in favor of requiring the DEA to use warrants. Its amicus brief [PDF] argues the records contained in the PDMP are not third-party records requiring nothing more than a subpoena. And even if the court does determine they are third-party records, the Supreme Court's decision in the Carpenter case has changed the contours of third-party record access.

The prescription records at issue in this case reveal intimate, private, and potentially stigmatizing details about patients’ health, including details of those patients’ underlying medical conditions. For that reason, as with other medical records, people have a reasonable expectation of privacy in them. As the Supreme Court explained in Carpenter v. United States, when law enforcement seeks records from a third party in which the subject of the investigation has a reasonable expectation of privacy, use of an administrative subpoena is unreasonable under the Fourth Amendment, and a warrant is required instead. Such is the case here.

While the records may be held by a third party, there's nothing voluntary about the records' creation. These records are created by healthcare professionals to comply with a state mandate. Patients do not volunteer to hand over this sensitive information. The only way to opt out is to never see a doctor.

The records expose at least as much personal information as the location records protected by Carpenter. The Supreme Court didn't believe going through life without a cellphone was a realistic option for citizens. I'm sure the Supreme Court would similarly conclude going through life without ever consulting a physician to be even more unlikely.

The DEA's position isn't based on an investigative need. Unless you're just fishing around, warrant requirements won't slow down the DEA much during investigations. It's just that the DEA is used to doing things its way, which is often the easiest way that involves the least amount of oversight possible.

Unfortunately for New Hampshire residents, trying to make the DEA respect state-level warrant requirements hasn't worked out yet. Oregon's lawsuit against the DEA ended with a defeat in the Ninth Circuit Appeals Court, which held that federal subpoena requirements trumped state-level demand for warrants. Sooner or later, this issue is going to end up in the Supreme Court, but for now, the DEA can still rely on subpoenas to hoover up sensitive patient records.

Filed Under: 4th amendment, dea, medical records, new hampshire, warrants

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    ECA (profile), 13 Jun 2019 @ 12:29pm


    They already lost to much data..
    And its only a reason to Improve security, to the point we are all going to need CHIPS..and Facial ID..
    And thats Only to USe our Credit and debit cards and our checks..

    At this point with all the lost data, the Banks cant prove WHO used your cards..
    And checks always amazed me, as you are handing out your Account numbers on every check..
    There is NO ID on anything now..and its stupid.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.