According to a report from the U.S. Senate Finance Committee, Vanderbilt University Medical Center did not appropriately respond to a request for medical records of transgender patients.
According to a report by the U.S. Senate Finance Committee, Vanderbilt University Medical Center failed to adequately safeguard the privacy of its transgender patients when the state’s attorney general requested access to their medical records.
According to a recent review, attorneys general in Tennessee, Indiana, Missouri, and Texas have requested trans health records. The review found that VUMC, among the providers who received a demand for records, stood out for complying and providing 65,000 pages of documents to Tennessee AG Jonathan Skrmetti. Shockingly, the medical records of 82 transgender patients were included in those files. The AG initiated the request as part of an investigation into the medical center’s gender-affirming care services.
Committee Chair Ron Wyden, D-Oregon, criticized Vanderbilt University Medical Center for failing to protect their patients’ privacy, despite some hospitals successfully resisting overbroad fishing expeditions.
Patient privacy concerns were cited by a healthcare provider in St. Louis when they refused to share patient records, while a Seattle hospital took legal action to prevent the Texas attorney general from accessing information about trans patients.
According to VUMC leadership, they had expressed their concerns regarding the findings published in mid-April by sending a letter to the Senate Finance Committee, as reported by WPLN News.
Michael Regier, the general counsel of VUMC, stated that they took all possible measures to safeguard their patients while adhering to the law. He emphasized that their actions never breached any privacy laws, and they firmly refute any allegations claiming otherwise.
HIPAA and other health privacy laws have exceptions for law enforcement, which VUMC officials claimed the hospital had to comply with regarding a recent attorney general request. However, the medical center’s compliance with this request has resulted in a lawsuit and a federal investigation by the Department of Health and Human Services and its Office of Civil Rights.
According to the report, the AG’s request stated that certain patient treatment records are required to reconcile them against the billing data. Hence, de-identified data cannot be used for this inquiry.
In addition to the medical records, the Tennessee attorney general’s office also sought and received various other documents. These included employment contracts for physicians, volunteer agreements for the VUMC Trans Buddy Program, and messages that were sent and received through a general LGBTQ email address.
According to the Senate Finance Committee, there is still a lot unknown about what was handed over to the AG. The committee reviewed court documents and discovered that when the investigation by VUMC was made public, a significant number of patients reported experiencing an increase in suicidal thoughts, severe depression, and intense anxiety.
Last year, WPLN News interviewed Jack, a trans patient at VUMC, who shared his perspective on the situation. He urged others to empathize with the marginalized community who constantly face discriminatory legislation. Jack highlighted the fear and terror that comes with having one’s medical history exposed, even if it ends there. He emphasized the gravity of the situation and the need for privacy and protection of personal information.
In just one day, the Rainbow Youth Project received an overwhelming response of 376 acute mental health crises from queer youth in the area. This figure is over 100 times more than the organization’s average call volume, highlighting the urgent need for emergency behavioral health care services.
Upon submission of documents related to an ongoing ACLU lawsuit, transgender patients discovered that the Attorney General had obtained their records. According to HIPAA regulations, healthcare providers are permitted to notify patients if their health records have been disclosed, unless a legally binding “gag” order has been issued by a judge.
The committee observed that the request made by the AG did not align with the aforementioned situation.
According to the report, VUMC deliberately chose to withhold information from patients and only disclosed the investigation after the ACLU had brought it to light. Additionally, when VUMC did finally notify patients, it failed to inform the appropriate individuals, as stated in the report.