The Health Insurance Portability & Accountability Act (HIPPA) is the primary federal law that addresses health records.
The HIPAA privacy rules have special exceptions for law enforcement and national security investigations.
The law enforcement provision is very broad. It covers all the usual police procedures, including subpoenas. Those don’t require a judge’s advance permission, and they also require much less basis than probable cause.
Big Brother is collecting out baby pictures, medical records, resumes & our children’s DNA.
Click here to read more.
The national security exception is even broader.
A covered entity may disclose protected health information to authorized federal officials for the conduct of lawful intelligence, counter-intelligence, and other national security activities authorized by the National Security Act (50 U.S.C. 401, et seq.) and implementing authority (e.g., Executive Order 12333).
United States v. Miller held that routine financial records are not protected by the Fourth Amendment. Two years later, Congress passed the Right to Financial Privacy Act… which largely codified Miller. Law enforcement agencies can still access financial records with just a subpoena.
RFPA includes a special set of national security procedures. Federal grand jury subpoenas and warrants aren’t covered by RFPA, so long as the investigating agency self-certifies “there may result a danger to the national security of the United States.”
RFPA also includes a National Security Letter provision. In counter-intelligence and counter-terrorism investigations, the FBI (and, by proxy, the NSA) doesn’t even need a grand jury subpoena. It can demand financial records with a mere self-certification.
A plain reading of RFPA suggests some privacy protection: targets receive advance notice of a subpoena and have an opportunity to contest the subpoena. In everyday practice, however, RFPA’s delayed notice provisions have swallowed the rule. Law enforcement agencies routinely obtain court orders that both eliminate the advance notice requirement and temporarily gag financial institutions from disclosure.
The precise statutory provision at issue in Smith and Klayman is Section 215 of the USA PATRIOT Act. Allows the FBI/NSA access to any business records when conducting a counter-intelligence or counter-terrorism investigation. A FISA judge’s approval is required, though the standard for issuance is very low.
Section 215 covers medical records. A part of the statute, in fact, expressly addresses them.
Section 215 also covers financial records. In a 2010 opinion, the FISA Court held as much. And, in fact, the CIA operates a bulk financial surveillance program under Section 215.
In sum: not only are national security investigations generally outside HIPAA and RFPA, but the very same authority at issue in Smith and Klayman allows access to medical and financial records.
http://webpolicy.org/2014/12/11/nsa-appeals-medical-financial-records/
