DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update on IRS seizure of server with 60 million records of 10 million patients

Posted on January 11, 2014 by Dissent

Erin McCann has a follow-up to a concerning report I noted here in March that involves the IRS’s seizure of 60 million records containing PHI of 10 million people from an unnamed company. McCann reports that the company has since been identified as Three Rivers Provider Network.

As previously reported, the incident related to an IRS investigation of an employee. It turns out the employee is the company’s founder, Blaine Pollock, who was subsequently indicted.

McCann reports:

However, in July 2013, U.S. Attorney Laura E. Duffy and David D. Leshner asked the court for authorization to access the server provided a “filter” attorney view its contents to determine whether the data were within the scope of the warrant, which was ultimately granted.

Yet, according to Pollock’s attorney, Robert E. Barnes, these records were taken in violation of the warrant.

“The lawlessness of the government agents in this case” wrote Barnes in a July 22 opposition statement to the government’s request to view the computer server, “endangers the privacy of millions of Americans.” These Americans include, among others, California state judges, NBA and Screen Actors Guild employees, Barnes alleged.

Added Barnes, “A computer is conceptually indistinct from a filing cabinet; the right to seize financial records from the filing cabinet does not give the right to seize the entire filing cabinet, given that personal, privileged and confidential non-financial records will likely exist in the filing cabinet. Yet, that is precisely what the government did do, and seeks to do again, here.”

The U.S. government, however, argued on the contrary. “Only evidence on the (server) that is within the scope of the search warrant will be provided to the prosecution team,” wrote Duffy and Leshner in support of a motion to grant access to the computer.

Read more on HealthcareITNews.

So I still have some of my original questions, since there is no entry in HHS’s breach tool for Three Rivers Providers Network. Should this have been reported to HHS as a breach under HIPAA and HITECH? There’s no mention that the data or server were encrypted, although that might come out later. And should the IRS have seized this particular server under the terms of the warrant? The government seems to be successfully arguing “yes,” despite TRPN’s position that the server exceeded the warrant.

And how/where is this server with so much PHI being protected by the IRS?

This continues to be a very troubling situation, in my opinion, and I’m glad HealthcareITNews followed up.

Update: It seems that Modern Healthcare had published an update on this case prior to HITN’s report. Joe Carlson of Modern Healthcare provides links to some of the court documents and notes:

U.S. District Judge Michael M. Anello granted a government request to allow a third-party attorney to review the material and flag any information that might be relevant to Pollock’s tax case. For any information not deemed relevant, the IRS has promised to set it aside in a “sealed evidence bag” and allow the court to take custody of it.

Although Pollock initially appealed Anello’s order to a federal circuit court, that appeal was thrown out last month, allowing the review to proceed. The lawsuit against the IRS has since been put on hold pending the outcome of the criminal action against Pollock.

Read more on Modern Healthcare and my apologies for not finding their reporting sooner.

No related posts.

Category: Health Data

Post navigation

← Update: Former Virginia Beach General Hospital nurse's aide sentenced for using patients’ personal info to commit tax fraud
MIT breached on Aaron Swartz Passing Anniversary →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.