Vanderbilt University Medical Center is facing a federal civil rights investigation after turning the medical records of transgender patients over to Tennessee’s attorney general, hospital officials have confirmed.

    • lostinapotatofield
      link
      fedilink
      221 year ago

      It likely fell under a permitted disclosure, as the AG stated they were pursuing a billing fraud investigation. Maybe still a case, if the disclosure was unnecessarily broad though.

      Per Health and Human Services:

      Health Oversight Activities. Covered entities may disclose protected health information to health oversight agencies (as defined in the Rule) for purposes of legally authorized health oversight activities, such as audits and investigations necessary for oversight of the health care system and government benefit programs.

      https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

    • chaogomu
      link
      fedilink
      171 year ago

      General bigotry.

      It is a HIPAA violation, but the bigots say that trans people aren’t people, so HIPAA doesn’t apply. They fucked around and now just might find out. Sadly, they’ve already done a lot of damage be releasing this information.

      • @deranger
        link
        4
        edit-2
        1 year ago

        This does not sound like a HIPAA violation to me. Records were released to the AG for a fraud investigation; whether or not this investigation is a sham or not I can’t tell, but legally that sounds within the scope of release. It’s only released to the AG and only for the purpose of whatever investigation. That’s likely why this isn’t being tried as a HIPAA violation and instead they’re suing.

        Skrmetti’s office added that they chose to investigate after being tipped off in the summer of 2022 “that a VUMC doctor publicly described her manipulation of medical billing codes to evade coverage limitations on gender-related treatment.”

        Again I’m not saying the initial accusation of fraud is just, but it seems perfectly normal to release medical treatment records to investigate a case of claims fraud.

        The fraud case is likely the bigoted part, but I think they’re completely within the lines of HIPAA here.

        • Doug Holland
          link
          31 year ago

          Patients’ personal info was not redacted, the article says. That’s HIPAA territory.

          • @deranger
            link
            0
            edit-2
            1 year ago

            Not if it’s for legal purposes and shared with only those who need to know.

            You are correct that this is protected health information (PHI). It is not, however, a violation of HIPAA.