fbpx
Skip to content
  • Facebook
  • Instagram
  • Linkedin
  • Threads
Connect

Connect

Inspire. Empower. Change.

  • Home
  • Us
    • About Us
    • Advertise
    • Connect Brand Sponsors
    • Connect Community Foundation
    • Contact
    • Giveaways
    • Media & Press Resources
    • Podcasts
    • Prism Job Network
    • Privacy Policy
    • Subscribe to e-Newsletter
  • Read
    • Arts
    • Business
    • Community
    • Entertainment
    • Health
    • Life
    • News
      • News By Location
        • Middle Tenn
          • Murfreesboro
          • Nashville
        • East Tenn
        • West Tenn
    • People
  • Events
    • Calendar of Events
      • Submit an Event
    • Event Photos
    • Connect Community Health Fair
    • Bark in the Boro
    • HoliGAY Market
  • Business Directory
  • Community Resources
  • Virtual Issues
  • Shop
  • TPC Visitors Guide
  • Home
  • Health
  • Privacy Matters: Legal Battle Brews as VUMC Faces Lawsuit Over Release of Patient Records
  • Health
  • Life
  • Local
  • News

Privacy Matters: Legal Battle Brews as VUMC Faces Lawsuit Over Release of Patient Records

Vanderbilt University Medical Center is under scrutiny for allegedly revealing transgender patients' medical records to Tennessee's Attorney General in a potential violation of HIPAA. Consequently, the institution is facing potential lawsuits and damaging trust within the LGBTQ+ community.
Lauren Means 2 years ago 5 min read

By Lauren Means (she/her)

The protection of patient confidentiality and sensitive medical information is a cornerstone of healthcare ethics and the law. The Health Insurance Portability and Accountability Act (HIPAA) sets stringent regulations to ensure the privacy and security of medical records. In June 2023, Vanderbilt University Medical Center (VUMC) came under scrutiny for allegedly releasing the medical health records of transgender patients to Tennessee Attorney General (AG) Jonathan Skrmetti. This incident has ignited concerns about potential HIPAA violations and the potential consequences that VUMC may face as a result.

The AG’s office said VUMC began providing relevant records in December 2022 in response to a civil investigation alleging VUMC of medical billing fraud. It wasn’t until June that VUMC finally began to notify patients about their turning over of records.

An important point to this story is that the AG was specifically looking into the billing related to transgender patients on Medicaid (TennCare).

As you may recall, there has been a lot of hostility within our state legislature to try to stop individuals from getting gender-affirming care when it’s needed.

Many LGBTQ+ individuals in Tennessee and neighboring states seek care at VUMC as they have a reputation for being forward-thinking in their care for the community and even have a center dedicated to LGBTQ+ health.

This is what makes this story especially devastating. People sought out a place where they thought they could bring their full selves and get the care they deserved without fear of discrimination. Now, it seems like they are becoming a pawn in a legal game.

Understanding HIPAA

HIPAA, enacted in 1996, is a federal law designed to protect the privacy and security of patients’ health information. It establishes national standards for safeguarding protected health information (PHI) and grants patients certain rights to privacy regarding their medical records. Covered entities, including healthcare providers like VUMC, must adhere to these standards rigorously to maintain the confidentiality and integrity of patient data.

The alleged release of patients’ medical records by VUMC has raised concerns about potential HIPAA violations, primarily under the Privacy Rule. The potential violations include:

  • Unauthorized Disclosure: Releasing PHI to a third party without the patient’s consent or a valid legal basis constitutes an unauthorized disclosure under HIPAA. This action typically amounts to a breach of privacy unless mandated by law or for specific purposes, such as public health.
  • Lack of Patient Consent: HIPAA regulations require covered entities to obtain explicit written consent from patients before disclosing their PHI to external parties.
  • Failure to Safeguard PHI: The Security Rule demands that healthcare institutions implement stringent security measures to protect electronic and traditional methods of PHI from unauthorized access. Any failure to adequately secure these records could be deemed a HIPAA violation.

Protecting Patients?

Even if VUMC was within the scope of the law when it released the records without patient consent, it raises the question of whether VUMC should’ve fought a little harder to protect its patients’ information.

We asked Nashville attorney Abby Rubenfeld about this situation and if VUMC violated HIPAA with the record release. She said, “When any of us go to the doctor, regardless of our gender identity, we assume, and rely on that assumption, that what we tell the doctor or hospital is strictly confidential — otherwise we might not go to the doctor and/or tell them the truth. What Vanderbilt did was to violate that trust, and violate it without notice to the people damaged. They released people’s records upon a simple letter from the AG – no subpoena, no lawsuit, no court order.”

That is an important point. While there are specific instances where information can be released, there are still specific steps that must be taken. The law states information can be released in response to an order of a court or administrative tribunal but only the protected health information expressly authorized by such order can be released.

If information is to be released in response to a subpoena, discovery request, or other lawful process and isn’t accompanied by a court order, the individual whose records are being requested for release must be contacted to advise of the potential release and be given an opportunity to object to the release.

Rubenfeld explained, “They [VUMC] made no effort to write patients and ask their permission. They did not ask the attorney general how he could get whatever information he needed by a less intrusive means.” She also noted the information being requested must be relevant to a legitimate purpose and, because this AG has shown to have an anti-transgender agenda, she said his motives are definitely suspect.

“They were asked and they turned it over. Period. That is wrong and in my opinion a violation of HIPAA. Hospitals are required to use the least intrusive means if they are going to breach HIPAA, and Vanderbilt made absolutely no effort to do that. And it does not appear they were ever even going to tell the people affected — this only came out six months after the fact as a result of another lawsuit against the state,” said Rubenfeld.

It puts us all on notice that this state administration will not protect us or our private medical information if we are not part of the non-gay, white majority.”

— Abby Rubenfeld

Lawsuit and Long-Lasting Repercussions

In July of this year, VUMC was sued by two people claiming they were among the patients whose records were turned over. According to the complaint, the plaintiffs allege that VUMC turned over non-anonymized medical records to the state without the patients’ knowledge and that the state’s request for information was part of an effort “negatively targeting the transgender community.”

The suit alleges that the medical records likely included things like x-rays, medication lists, photos of genitalia as well as patients’ sexual histories. A few weeks after the suit was filed, VUMC and the AG became the target of the Department of Health and Human Services for an investigation into potential Civil Rights violations related to the records release.

The actions by VUMC will have long-lasting effects on both the individuals affected and the LGBTQ+ community as a whole. Rubenfeld said, “It puts us all on notice that this state administration will not protect us or our private medical information if we are not part of the non-gay, white majority. It makes all of us — or should make all of us — question the commitment to privacy and confidential records by other
medical providers.”

Protecting the confidentiality of patient information is paramount in healthcare, and any breach of trust in this regard can have severe repercussions. This break in privacy could take years for the community to trust in VUMC, and healthcare providers in general, again.

Rubenfeld said they are still seeking plaintiffs for the class action lawsuit they have filed against VUMC over this breach. If you or someone you know has been or may have been affected, contact Abby Rubenfeld or her co-counsel in the lawsuit, Tricia Herzfeld.

Share This Story:
Tags: Health law legal issues lgbtq health lgbtq law trans health vumc

Continue Reading

Previous: Protecting What Matters Most: Ryan Peacock Talks Estate Planning
Next: In This Issue: Making a Plan for Your Wedding Day is Within Reach

Related Stories

Colorful poster for Nashville Pride 2025, featuring event details, a rainbow, city skyline, and Kim Petras as the concert headliner. Nashville Pride Unveils 2025 Festival Lineup: Kim Petras, 4 Non Blondes, Big Freedia & More 5 min read
  • Community
  • Entertainment
  • Events
  • Nashville
  • News
  • Pride Festivals

Nashville Pride Unveils 2025 Festival Lineup: Kim Petras, 4 Non Blondes, Big Freedia & More

Lauren Means 1 week ago
Stylized graphic for the Tennessee Pride in Business Awards 2025, featuring colorful stars and a modern design. Tennessee Pride Chamber Announces 12th Annual Pride In Business Awards At Saint Elle  2 min read
  • Business
  • Community
  • Events
  • News

Tennessee Pride Chamber Announces 12th Annual Pride In Business Awards At Saint Elle 

Editor Connect 1 week ago
A group of friends enjoy colorful drinks at a lively gathering, promoting the "Dining Out for Life" event in Nashville on May 1st. Dining Out For Life® Returns To Nashville May 1 2 min read
  • Community
  • Events
  • Food
  • Fundraising
  • Health
  • Local
  • Nashville
  • News

Dining Out For Life® Returns To Nashville May 1

Lauren Means 2 weeks ago
Colorful heart with wings surrounded by the text "We Are One Recovery" on a black background, symbolizing unity and healing. We Are One Recovery Opens New Recovery Residence with Rainbow Ribbon Cutting 2 min read
  • Community
  • Health
  • Local
  • Nashville
  • News
  • People

We Are One Recovery Opens New Recovery Residence with Rainbow Ribbon Cutting

Lauren Means 2 weeks ago
The Pope, dressed in white robes, raises his right hand in greeting against a blurred outdoor background. A yellow ribbon adorns his attire. ​Pope Francis Dies at 88: A Complex Legacy on LGBTQ+ Inclusion​ 2 min read
  • International
  • Life
  • News
  • Religion

​Pope Francis Dies at 88: A Complex Legacy on LGBTQ+ Inclusion​

Lauren Means 3 weeks ago
Historic library building with grand columns, brick facade, and surrounding greenery on a bright, sunny day. Vanderbilt University and Medical Center Remove DEI Initiatives Amid Federal Pressure; Harvard Stands Firm 2 min read
  • Education
  • Local
  • Nashville
  • National
  • News
  • Politics

Vanderbilt University and Medical Center Remove DEI Initiatives Amid Federal Pressure; Harvard Stands Firm

Editor Connect 3 weeks ago

Search

Recent Posts

  • REVIEW: ‘MJ’ is a Thrilling Tribute to a Legend
  • Nashville Pride Unveils 2025 Festival Lineup: Kim Petras, 4 Non Blondes, Big Freedia & More
  • Tennessee Pride Chamber Announces 12th Annual Pride In Business Awards At Saint Elle 
  • Lips Speak Louder Bring the Noise — and the Heart — on ‘Consolation Prize’
  • Dining Out For Life® Returns To Nashville May 1

Connect is an inclusive community and media brand committed to providing information and access to resources for the LGBTQ+ community.

Connect is owned and published by S&L Companies, LLC. ©2020-2024 | All rights reserved.

  • News
  • Contact
  • Privacy Policy
  • Subscribe to Newsletter
  • Facebook
  • Instagram
  • Linkedin
  • Threads
Copyright Connect© 2020-2024 | All rights reserved.

Accessibility Bar

    • visibility_offDisable flashes

    • titleMark headings

    • settingsBackground Color

    • zoom_outZoom out

    • zoom_inZoom in

    • remove_circle_outlineDecrease font

    • add_circle_outlineIncrease font

    • spellcheckReadable font

    • brightness_highBright contrast

    • brightness_lowDark contrast

    • format_underlinedUnderline links

    • font_downloadMark links

    • Reset all optionscached

    • Accessibility Light