Many Americans think the Health Insurance Portability and Accountability Act (HIPAA) protects their medical privacy, but federal bureaucrats issue thousands of subpoenas every year without prior judicial approval to get around the law.
“If you don’t have a reasonable expectation of privacy against government in your medical care, then where does it exist at all? If that’s not private, then what is?” Adam Bates, a criminal justice policy analyst at the libertarian Cato Institute, told The Daily Caller News Foundation.
Congress passed HIPAA in 1996 with a promise that it would clamp down on waste, fraud and abuse in the health care industry and safeguard patient privacy. But HIPAA allows federal bureaucrats to get patient records merely by issuing administrative subpoenas, or civil investigative demands.
These bureaucratic edicts bypass the Fourth Amendment’s requirement that a judge must give prior approval before government can search or take an individual’s property. Officials with the Department of Health and Human Services’ (HHS) Office of Inspector General and the Department of Justice (DOJ) thus have access to any records they believe to be “relevant” in cases of alleged health care fraud.
“The subpoenas are so broad that they almost always will include patient records,” David Douglass, a partner at Sheppard, Mullin, Richter & Hampton law firm which represents health care providers also told TheDCNF.
The DOJ issued 2,102 administrative subpoenas in 2001 over suspected health care offenses, according to a 2002 DOJ report. That doesn’t include subpoenas issued by other agencies, like the HHS IG. Nobody knows how many administrative subpoenas are issued annually now because the 2002 report was the last time an official count was done.
But lawyers representing medical care providers constantly deal with administrative subpoenas.
“I do think it raises constitutional challenges,” said Robert Rhoad to TheDCNF. Rhoad is a former Navy JAG Corps lawyer who’s now a partner at Crowell & Moring law firm.
Federal officials in most cases can also share records, including patient records, with whistleblowers, called relators, and their lawyers, whether or not the government ultimately decides to pursue criminal charges or a civil lawsuit.
“Everybody’s got horror stories for what happens when the relators get into their stuff,” said Jonathan Diesenhaus, a former DOJ senior trial lawyer who now represents health care companies as a partner with the Hogan Lovells law firm, to TheDCNF. “It becomes an avenue for abuse.”
Congress passed HIPAA amid reports of increasing Medicare fraud, but the legislation also provided for first time ever specific authorization for judgeless administrative subpoenas to be used in criminal law enforcement pursuits.
“Mentioning privacy, the Justice Department can get medical records, patient bills,” Diesenhaus said. “Just like an administrative subpoena, these civil investigative demands fall into the federal program oversight exception to the HIPAA statue.”
“So, patient records protections that apply and require courts to say ‘yes, you can look at those records’ in other contexts, and that imposed significant penalties for even government people who released them, those rules don’t apply with the IG or if the Department of Justice asks for patient records,” Diesenhaus said.
Federal officials use patient records to determine whether a health care provider, drug company or patient gamed the system, “and there is no judicial oversight,” Diesenhaus said.
“But I would imagine people don’t understand in this world of heightened sensitivity to privacy issues — I don’t know that people understand that these government agencies when looking into billing fraud get raw medical records and raw billing records and look and see what the diagnosis is,” Diesenhaus said.
Spokesmen for DOJ and the HHS IG did not respond to TheDCNF requests for comment.
Health care lawyers said judgeless subpoenas in health care investigations became more prevalent after passage of the 2009 Fraud Enforcement And Recovery Act, which amends the False Claims Act — the main law allowing for fraud recovery. The 2009 law extended the authority to issue administrative subpoenas from the attorneygGeneral to 93 U.S. attorneys.
Four years later, in 2012, the DOJ announced its largest ever four-year recovery rate under the False Claims Act — $13.3 billion.
“With respect to civil investigative demands and administrative subpoenas, there has been a sharp uptick in the issuance of those in the last few years,” Rhoad said.
Administrative subpoenas have all but replaced the grand jury, Douglass said.
“When this administrative subpoena power was granted, it became more common for the government to issue administrative subpoenas than grand jury subpoenas,” Douglass said. “So the administrative subpoena is a much lower (legal) bar to issue and the government has much broader authority to use it.”
A federal judge recently ruled that the Drug Enforcement Administration can access patient records after a medical office in Dallas challenged DEA’s demands.
Most businesses don’t challenge subpoenas in court. The success rate isn’t great for the few that do. “Part of it is you want to show you’re cooperative and don’t have anything to hide,” Rhoad said.
Administrative subpoenas are tough to fight, as Congress has issued agencies broad authority through the years. Courts historically are deferential to the government, the 2002 DOJ report said.
“I absolutely think companies capitulate rather than fight,” said Douglass.
Companies also have to take into account an agency’s authority to retaliate in the future.
“The thing is that the government, and HHS in particular, they hold a lot of administrative remedies in their pocket that they can exercise relatively freely,” Rhoad said. “And if you’re a health care provider, the death penalty for you is to be excluded from federal health care programs.”
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact email@example.com.