According to a recent report by the U.S. Senate Finance Committee, Vanderbilt University Medical Center failed to appropriately handle a request for medical records of transgender patients.
According to a report by the U.S. Senate Finance Committee, Vanderbilt University Medical Center failed to adequately safeguard the privacy of its transgender patients when the Tennessee attorney general demanded access to their medical records.
According to a recent review, several attorneys general in Tennessee, Indiana, Missouri, and Texas have requested trans health records. The report highlights Vanderbilt University Medical Center (VUMC) for providing 65,000 pages of documents, including the medical records of 82 transgender patients, to Tennessee AG Jonathan Skrmetti. The request was made as part of an ongoing investigation into gender-affirming care services provided by the medical center.
Committee Chair Ron Wyden, D-Oregon, criticized Vanderbilt University Medical Center for failing to protect patients’ privacy, despite some hospitals’ commendable efforts to resist intrusive and overly broad data requests.
Two instances have surfaced where healthcare providers have refused to share patient information due to concerns over patient privacy. In Seattle, a hospital took legal action to prevent the Texas attorney general from obtaining information on trans patients. Similarly, a provider in St. Louis declined to disclose patient records, citing the same reason.
According to VUMC leadership, they had sent a letter to the Senate Finance Committee, expressing their concerns about the published findings in mid-April, as confirmed by WPLN News.
According to Michael Regier, the general counsel of VUMC, they took all necessary measures to safeguard their patients and comply with the law. He vehemently denies any insinuation that they breached privacy laws.
HIPAA and other health privacy laws have exceptions for law enforcement purposes. According to VUMC officials, the hospital was required to comply with the attorney general’s request. However, the medical center’s actions have resulted in a lawsuit and investigation by the Department of Health and Human Services and its Office of Civil Rights.
According to the report, the AG’s request stated that the office needs to request certain patient treatment records to reconcile them against the billing data, which means that de-identified data cannot be used for this inquiry.
In addition to medical records, the Tennessee attorney general’s office also obtained employment contracts for physicians and volunteer agreements for the VUMC Trans Buddy Program, as well as messages received and sent from a general LGBTQ email address.
According to the Senate Finance Committee, there is still some information that has not been disclosed to the Attorney General. The committee referred to court documents that revealed a surge in suicidal thoughts, severe depression, and intense anxiety among patients when the VUMC investigation came to light.
Last year, WPLN News interviewed Jack, a trans patient at VUMC, who urged people to empathize with their situation. Jack explained how they, as a marginalized group, have been constantly targeted with discriminatory legislation. The fact that the attorney general had access to the most private details of their medical history was an alarming thought. Even if the matter ended there, the thought of it was still terrifying for Jack and others in similar situations.
In just one day, the Rainbow Youth Project, which offers critical mental health care to LGBTQ+ youth, received an overwhelming response to 376 acute mental health crises in the area. This surge in calls was over 100 times the project’s typical call volume, highlighting the urgent need for accessible mental health resources for the queer community.
Upon submission of documents related to an ongoing ACLU lawsuit, transgender patients discovered that the Attorney General possessed their records. According to HIPAA regulations, healthcare providers are permitted to inform patients of any disclosure of their health records, unless a judge has implemented a “gag” order.
The committee observed that the Attorney General’s request did not align with this situation.
According to the report, VUMC deliberately chose to keep patients uninformed and only revealed the investigation after the ACLU brought it to light. Moreover, even after being publicly called out, VUMC failed to notify the appropriate individuals. The report states, “VUMC made an active decision to keep patients in the dark and only notify them about the investigation after the ACLU had exposed its existence. Further, once VUMC was publicly shamed into notifying patients, it failed to inform the correct patients.”