The Patriot Act and Medical Records
Section 215 of the Patriot Act gives high-ranking FBI officials (the Director, Deputy Director, or Executive Assistant Director for National Security) the authority to obtain foreign intelligence information using a court order to compel production of medical records. This provision is largely redundant because the FBI probably already had permissive access to medical records under HIPAA’s national security exemption, but the powers granted under Section 215 are broader and more secretive.
Unlike the HIPAA exemption, however, a Section 215 disclosure is mandatory or compelled.
This gives an agency like the FBI that can use both sets of rules—HIPAA and the Patriot Act—alternatives. It can ask a HIPAA-covered entity for medical records, which can be turned over without a patient’s authorization under the national security exemption. Or, the FBI can apply to the Foreign Intelligence Surveillance Court, the secret court created by the Foreign Intelligence Surveillance Act, to compel production “of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.”
Can you find out if your medical records have been disclosed under a HIPAA exemption or the Patriot Act? Theoretically, you could under HIPAA, which entitles patients to an “accounting of disclosures“; that is, the right to know to whom their medical information has been disclosed for up to six years prior to a request, for reasons other than treatment, payment, or routine business operations.3 Since national security disclosures are not expressly omitted from the list, covered entities should as a matter of law have to account for them if a patient asks. In contrast, the Patriot Act expressly bans anyone ordered to hand over “tangible things”—like records—from telling anyone who isn’t necessary to producing the “tangible things.”4 This means a patient may never know if her medical information is sought using the Patriot Act, even if she does request and receive an accounting of disclosures.
https://www.eff.org/issues/national-security-and-medical-information
EFF Comments on Proposed Rulemaking: Human Subjects Research Protections
https://www.eff.org/files/2016/01/07/eff_common_rule_nprm_comment.pdfhttps://www.eff.org/files/2016/01/07/eff_common_rule_nprm_comment.pdfhttps://www.eff.org/files/2016/01/07/eff_common_rule_nprm_comment.pdf
Lissa's Humane Life: Exposing a Nation of Traitors... Human Rights be Damned 