Christopher Wiggins at The Advocate:

A Houston-based surgeon stands accused of betraying the privacy of transgender kids who weren’t under his care by stealing their medical information and handing it over to a far-right extremist who vehemently opposes transgender rights. The federal indictment, unsealed on Monday, details Dr. Eithan Haim’s alleged unauthorized access and disclosure of sensitive patient information at Texas Children’s Hospital. Haim, 34, completed his residency at Baylor College of Medicine and reportedly reactivated his access to the hospital’s electronic records system in April 2023. He is accused of illicitly obtaining patient names, treatment codes, and attending physician details, which he then shared with conservative activist Christopher Rufo. Rufo, known for his hardline stance against transgender rights, used the information to publish an exposé claiming the hospital continued to provide gender-affirming care for minors despite a public announcement to halt such services.

The indictment alleges Haim accessed this sensitive information under false pretenses and with malicious intent, aiming to harm Texas Children’s Hospital. Haim’s actions followed a 2022 opinion from Republican Texas Attorney General Ken Paxton, labeling gender-affirming care for minors as a form of child abuse. Gov. Greg Abbott, a Republican, subsequently directed the Texas Department of Family and Protective Services to investigate parents seeking such care for their children. In response, Texas Children’s Hospital announced it would pause all gender-affirming services for minors to comply with these directives and protect its staff and patients from potential legal consequences.

Dr. Eithan Haim, who leaked the health records of trans kids to far-right anti-LGBTQ+ extremist Christopher Rufo, is facing charges of violation patient privacy.

The problem with most identity verification systems is that they're designed to prevent financial fraud by strangers, rather than privacy violations (and resulting interference/abuse) by family members, partners, and acquaintances. You let me pick up my prescriptions by giving my name and phone number? Do you think my abusive husband doesn't know my phone number? You let me verify my bank account with my name and birthdate? Do you think my controlling parents don't know my birthdate? You confirm my doctor's appointment with my name and address? Do you think my meddling daughter doesn't know my address? Other people have written about the sexism inherent in "mother's maiden name" as a verification question (the assumption that everyone's mother is married, that every married woman changes her name, that every child has their father's and not their mother's surname), but the bigger problem is: Do you think my abusive mother doesn't know her own name? This is why I like photo ID requirements -- my response to "Not everyone has or can afford photo ID" is "Then fix THAT, and make state ID unrelated to driving." We should all demand universal, free state ID cards. In the meantime, of course, we should support policies that offer alternative ID options for things like voting and healthcare -- but we should not compromise on mandatory individuation. Before my father passed away, his motor disabilities left him with limited abilities to write or type or speak, so he signed over power of attorney to me (which wouldn't have been necessary if he'd had access to universal design forms of communication, but that's another day's topic). I was horrified to discover that he needn't have bothered, because no one (with one exception) ever asked for the power of attorney paperwork. I signed documents for him, took money from his bank account, and consented to surgery on his behalf, and through all of it, no one ever asked for evidence that I was acting with his consent. I was horrified by how easy it was. No one questioned me. They assumed that as his daughter and caregiver, I had a right to control him. Most people, by default, are ableist, ageist, and sexist. Most people, by default, assume that people have a right to make decisions on behalf of their family members, especially if those family members are disabled. Most receptionists, doctors, nurses, bankers, and other professionals will, without a second thought, share information about a client to the client's family member, especially if the client is disabled. It doesn't occur to them to question it. Of course you can tell a wife's information to her husband -- he's her husband. Of course a woman can make an appointment for her disabled elderly father -- she's his daughter. Of course a mother can ask if her 23-year-old disabled son has picked up his medication -- she's his mother. If the decision is left to the individual professionals, most of them will, unquestioningly, defer to their own ableist, ageist, sexist biases. Individuation has to be enforced. Intra-family privacy has to be enforced. And identity verification requirements that don't protect against family members don't do that.

I want everyone - every single one of you - to reach out to your healthcare providers and ask them what third-party tracking they use on any online portals you use to access your medical charts. I received a letter today from my local healthcare network ("local" in that they serve the entirety of the 300sq miles of Indianapolis and many of the surrounding cities) letting me know there had been a breach of my protected medical information. Everyone's, in fact. See, apparently they use both Facebook and Google tracking in their internal systems. This was never disclosed to me in the years I have been a patient there. I did not know that these megacorporations that are completely unrelated to healthcare could access my information, nor that every bit of communication I have had with my doctors over the online MyChart portal is run through their third-party tracking without my consent.

This information should be disclosed to the public long before you sign off to be a patient somewhere, but apparently it is not. So please ask your healthcare companies what tracking of your information there is in their systems, what it is for, and why it cannot be done without third parties like Facebook knowing about your reproductive healthcare. Or transition/gender healthcare. Or your HIV treatment. Demand these answers and do not take "because it's easy" as an answer. I am hoping that this will cause a class-action lawsuit, and if it does not, I will be taking legal action myself.

There is no reason third-party tracking needs to be used internally with sensitive documents. I urge you to find out what your healthcare providers are doing with your information and who else can access it. I will never be taking for granted that my medical documents will be protected, as clearly HIPAA is not enough to make these companies guarantee my privacy.

.

The DeSantis style anti-LGTBQ in education legislation has made it to the federal level and New York LGBTQ+ organizations are rightfully pissed at politicians who are even attempting to support this.

One of them had a very public meeting with Congressman Lawler (NY-17) for being the massive hypocrite he is.

I want to have some faith in the Democrats in the Senate, many who are up for re-election in 2024 and 2026, to block this garbage of a bill.

Contact your US Congressperson and tell them not to support HR 5/Parents Bill of Rights Act. This act is literally terrifying.

back at work for all of 1 hour and im already at this stage

Also if you, like me, have been hesitating on getting adhd diagnosis or treatment or having trouble locally seeing someone, I used Circle Medical on a friend’s recommendation and it took two weeks to get diagnosed and treated. If it hadn’t been so accessible, I might never have done this, and I can already see the positive effect!

Not every state is supported, but if you’re in the USA it might be worth looking into. All the app does is connect you to in-state providers for telehealth, but it makes it super easy!

Long article, but if you are able to become pregnant, you probably need to read it.

Annelise Hanshaw at Missouri Independent:

A St. Louis judge on Friday determined Missouri Attorney General Andrew Bailey has no right to access unredacted private health information of transgender children treated at the Washington University Transgender Center at St. Louis Children’s Hospital. St. Louis Circuit Court Judge Joseph Whyte ruled that Washington University does not have to provide the unredacted medical records sought by the attorney general’s office as part of his investigation into the clinic’s practices.  Whyte found that the health information sought in Bailey’s demands is protected, and the data is not relevant to an investigation under the Missouri Merchandising Practices Act, which is the state’s consumer protection law.  A third layer of protection for the information, the judge ruled, is the Health Information Portability and Accountability Act, or HIPAA, which prohibits the disclosure of personal health information without authorization.

[...] Bailey began looking into gender-affirming care at the Washington University Transgender Center in March 2023 after the center’s former case manager Jamie Reed provided an affidavit alleging rushed treatment. The attorney general’s office sent civil investigative demands, which are similar to subpoenas, for health records to Washington University and other providers of gender-affirming care to minors, and four facilities filed suit against his requests for information.

Missouri AG Andrew Bailey (R) lost yet another of his frivolous lawsuits, as Bailey had no right to access unredacted private health information of trans children at WashU’s Transgender Center.

See Also:

The Advocate: Judge blocks Missouri AG from accessing medical records of transgender minors

I did not come into work to be recorded in a tiktok by my coworkers

Shattered Chains: Breaking the Silence on Patient Rights and the Liberation of HIPAA Statements

HIPPA Compliance is a culture that that mandatory for healthcare organizations to implement in business to protect the patient rights, security, privacy, and integrity of protected health information. It is a culture that requires the full participation of staff members and staff commitment to ensure the safety of patients. So, it takes abatement measures to encounter the need for more teamwork, patient-centered focus, and positive communication between healthcare providers and patients. HIPAA is essential for healthcare organizations to avoid legal and financial penalties. “Breaking the Silence on Patient Rights and the Liberation of HIPAA Statements” is a phrase or concept that links with patients’ rights and interpretation of protected information under The health insurance portability and accountability act. The article highlights the information related to it that may help. Read More…

For further details and daily updates, Follow us on LinkedIn or Visit.

Mood

Consumer Privacy Update: What Organizations Need to Know About Impending State Privacy Laws Going into Effect in 2024 and 2025

Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some counts. Many of these state laws will go into effect starting Q4 of 2024 through 2025. We have previously written in more detail on New Jersey’s comprehensive data privacy law,…

Josh Marshall at TPM (07.16.2024):

This spring, HHS finalized new regulations under HIPAA to limit law enforcement access to medical records tied to reproductive health. The rule was first proposed in the aftermath of the Dobbs decision as a way to limit the ability of state and local law enforcement agencies to access medical records to stymie or criminalize access to legal reproductive health services, most specifically abortions, but not only abortions. It also applies to contraception and the full range of other endangered reproductive care.

So for instance, consider the ability of a woman from an abortion-ban state to travel to another state to get a legal abortion, or her ability to receive legal abortion drugs through the mail. The news has been filled with proposed or actual laws which would attempt to restrict travel to receive abortions in other states, charge those who travel or criminalize those who might facilitate such travel or facilitate the legal shipment of prescribed abortion drugs through the mail. Of course, local police agencies might simply take it upon themselves to pull records to see who had unexplained disruptions to their menstrual cycles. Your local sheriff might just want to know. And so does JD Vance, it turns out.

But to enforce these laws or know when there’s something to enforce you really need access to medical records. You need to know and be able to prove when a woman was pregnant and then, before the end of normal gestation, stopped being pregnant. So if you live in Texas and you’re pregnant, can you go to your OB-GYN or will that be held against you if you’re found to have ceased being pregnant after a visit to Kansas? Does your OB have to report you to law enforcement if they believe there’s a real and present risk that you’ll go out of state to get an abortion or seek a prescription from an out of state doctor for mifepristone? And what about contraception, which some states are now also making moves to limit? Or how about IVF? This was the context of the HHS rule which was proposed in spring of 2023 and came into effect this spring. It applies to all of those questions.

Now when this rule was first proposed back in 2023, a group of 28 members of Congress wrote to HHS Secretary Xavier Becerra demanding he withdraw the proposed rule “immediately.” (I was reminded of this letter when I saw this write up this morning.) They argued that the proposed rule ���unlawfully thwarts the enforcement of compassionate laws” and “creates special protections for abortion that limit cooperation with law enforcement, undermine the ability to report abuse, restrict the provision of public health information … erase the humanity of unborn children” and “interfere with valid state laws protecting life.”

Ohio Senator and Trump VP Pick J.D. Vance (R) supports a menstrual surveillance regime that would make anti-abortion extremists happy.

This is why no one with a brain should vote for Trump/Vance.

HIPAA Compliance Documentation Toolkit

The HIPAA Compliance Documentation Toolkit provides comprehensive templates and guidelines to help healthcare organizations and businesses ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). This toolkit includes essential documents such as privacy policies, security protocols, risk assessment templates, employee training materials, and audit checklists. Designed for easy customization, the toolkit aids in safeguarding patient information, ensuring legal compliance, and minimizing the risk of breaches.