Can the DEA use an "administrative subpoena" to obtain information from a database of transactions, or do the DEA's motives for wanting such information need to be more thoroughly vetted before being able to access the data?
ISSUE OF THE CASE
Can the US Drug Enforcement Administration (DEA) use an “administrative subpoena” to obtain information from a database of transactions maintained by a state government of prescriptions of controlled substances, or is the expectation of privacy of such information so significant that the DEA’s motives for wanting such information need to be more thoroughly vetted before being able to access the data?
FACTS OF THE CASE
The prescription drug monitoring program (PDMP) of a northwestern state was established, with the primary purpose being “to provide practitioners and pharmacists a tool to improve health care.” Information in the database is designated “protected health information,” with disclosure being permitted only under very limited circumstances. In addition to health professionals having access to the information when contemplating treatment or currently treating a patient whose information appears in the database, the state statute governing operation of the system permits disclosure “pursuant to a valid court order based on probable cause and issued at the request of a federal, state, or local law enforcement agency engaged in an authorized drug-related investigation involving a person to whom the requested information pertains.”
An administrative subpoena is authorized by a provision in the Controlled Substances Act. The wording of the relevant provision in the statute specifies that the Attorney General may issue such a subpoena. Failure to comply involves no penalty, but the US Department of Justice may go to a federal court to seek an order to compel compliance.
DEA representatives sought access to the state’s PDMP by submitting 2 administrative subpoenas to state officials responsible for operating the database. One of the subpoenas sought access to a patient’s prescription records, and the other covered a request for a compilation of all database prescriptions that had been issued by 2 prescribers, in particular.
Because database administrators felt that these 2 requests were contrary to state law, they filed an action in US District Court seeking a declaratory judgment about which was supreme in this case: state law or the administrative subpoena. In essence, they asked the court to declare what was the appropriate way to view the law in this area. Four patients and 1 physician also joined the suit to bring their perspectives to bear, represented by the American Civil Liberties Union (ACLU). All parties to the matter moved for summary judgment, arguing that there was no genuine dispute as to any material fact. All were in agreement about the facts; the disagreement was over how the law applied to those facts.
THE COURT’S RULING
Whereas the motion for summary judgment made by the patients and physician was granted, rendering moot (or of no practical value) the motion by the PDMP administrators, the DEA’s motion for summary judgment was denied. The bottom line was that administrative subpoenas could not be used to get information from the state-operated PDMP because doing so would violate the Fourth Amendment to the US Constitution.
THE COURT’S REASONING
The Fourth Amendment protects against “unreasonable searches and seizures.” Therefore, searches conducted without prior screening for probable cause by a judge or magistrate are considered unreasonable under the amendment, with very few “specifically established and welldelineated exceptions.” The protection of the amendment extends “to guard against searches and seizures of items or places in which a person has a reasonable expectation of privacy.” The court cited 2 prior cases at the US Court of Appeals level where use of an administrative subpoena had been overturned because the person affected had an expectation of privacy that society would consider to be reasonable.
The court concluded that each of the patients represented by the ACLU had a reasonable expectation of privacy regarding prescription information, as did the prescriber. To quote the judge in the case, “By reviewing [a] doctor’s prescribing information, the DEA inserts itself into a decision that should ordinarily be left to the doctor and his or her patient.” The court concluded that medical records, and hence prescription records, which form a significant part of the patient’s medical record, have long been treated with confidentiality. Privacy protections for health care records existed in both state and federal statutes.
While it is reasonable that “patients expect that physicians, pharmacists, and other medical personnel can and must access their records, it is more than reasonable for patients to believe that law enforcement agencies will not have unfettered access to their records.” The DEA attempted to draw a distinction between “medical records and prescription information.” In the view of the judge deciding the case, “This distinction is very nearly meaningless.”
The court noted that “patients and doctors are not voluntarily conveying information to the PDMP.” Submission of the specified information is required by law. “The only way to avoid submission of prescription information to the PDMP is to forego medical treatment or to leave the state.”
Dr. Fink is a professor of pharmacy law and policy and the Kentucky Pharmacists Association Endowed Professor of Leadership at the University of Kentucky College of Pharmacy, Lexington.