On February 7, 2023, a former case manager at the Washington University Transgender Center at St. Louis Children’s Hospital provided a sworn affidavit to the state's attorney general Andrew Bailey claiming that the clinic was rushing children into transition-related care and hiding possible side effects from parents. The staffer, Jamie Reed, also wrote an essay about her claims for The Free Press, the online outlet founded by “anti-woke” journalist Bari Weiss, detailing her allegations, all of which remain unproven. “By the time I departed, I was certain that the way the American medical system is treating these patients is the opposite of the promise we make to ‘do no harm,’” Reed wrote in the piece.
Reed’s essay was immediately lauded by prominent anti-trans and right-wing pundits for providing "proof" that kids were being pushed into transition, as the American Prospect reported. This so-called evidence contained leaked confidential details about individual patients’ history and care, so intimate that at least one mother, who used only her first name Heidi in interviews for privacy, was able to identify her own child’s unique information from the insufficiently redacted material. Even worse, however, was that the nature of her and her husband's communications with their child’s healthcare provider was being wildly misrepresented, as she told reporters.
That family’s nightmare experience was just one case within a growing trend of trans youths’ private medical information being leaked, twisted, and used by right-wing media to argue that transition-related healthcare for minors is dangerous. “We are aware that there are individuals who possess access to [medical records] and who have been violating HIPAA and leaking to conservative media,” Sarah Warbelow, legal director for the LGBTQ+ advocacy group Human Rights Campaign, told Them.
According to Warbelow and other LGBTQ+ advocates, the roots of this issue lie partially in efforts by red-state attorneys general—including Bailey as well as Tennessee’s Jonathan Skrmetti and Texas’ Ken Paxton—to ban the right to gender-affirming care in their states.
The recent trend of Republican lawmakers trying to get their hands on trans patients’ records reached such a pitch that in April 2024, a Senate Finance Committee issued a report delving into the issue. It argued that conservative attorneys general are abusing their health oversight authority by requesting wide swaths of private data from transgender children and adults. The report named Indiana, Missouri, Tennessee, and Texas as states in which AGs requested patients’ private health records with no clear justification for why such data was needed, as part of investigations aimed at furthering “ideological and political goals.”
“Framed as civil investigations seeking to determine if there has been misuse of Medicaid funds…these campaigns investigate medical providers on their provision of transgender medical care. In their sweeping anti-LGBTQIA+ campaigns, Attorney General offices demand a host of invasive items such as unredacted physical and mental health records, photographs of children’s bodies, correspondence to hospitals’ general email addresses for LGBTQIA+ patients, and lists of people referred for transgender health care,” the report states.
In order to make these requests, AGs have at times used laws intended to combat billing fraud to get their hands on unredacted records. That was the case when Bailey requested unredacted patient records from Washington University Transgender Center at St. Louis Children’s Hospital, citing the claim that the clinic might be engaged in “fraudulent billing.” Yet a press release from Bailey’s office about that investigation made clear the true intent: “These documents are critical to exposing that children were subject to irreversible, life-altering procedures without full and informed parental consent,” the release quotes Bailey as saying. The release makes no mention of potential fraud. In the end, St. Louis Circuit Court Judge Joseph Whyte ruled that Bailey has no right to access the records of trans minors and that the request itself was outside the boundaries of the Missouri Merchandising Practices Act, the state’s consumer protection law.
Meanwhile, in Texas, the Texas Tribune and ProPublica released an investigation about Paxton in May that found he was “stretching the boundaries of consumer protection laws to pursue political targets” and detailed the AG’s attempts to use such laws to target LGBTQ+ groups, hospitals, and pharmaceutical companies.
In early 2024, Paxton attempted to get the medical records of Texan trans kids who received treatment in other states. As the Georgia telehealth company QueerMed told the Texas Tribune in January, Paxton requested private information about Texas residents that the clinic had treated in Texas before the state banned gender-affirming care as well as patients who received care outside Texas once the ban went into effect. Before that, in November 2023, Paxton also made a similar request of Seattle Children’s Hospital. In that case, both parties eventually reached a settlement that required Paxton to drop his request for information about trans patients from Texas and the hospital to withdraw its business license in Texas.
- Answers & AdviceHow to Squirt: Everything You Need To Know About Getting Off
“It’s hard not to see this as part and parcel of the AG’s scorched-earth approach to persecuting trans kids and their parents who are being forced to undertake travel outside of Texas to get their kids the medically necessary care they need,” Lambda Legal attorney Karen Loewy told the Texas Tribune in January.
These privacy breaches aren’t confined to attorneys general, however. As was the case with Reed, they are also coming from medical professionals. In May 2023, for instance, Texas surgeon Eithan Haim used his relationship with Texas Children’s Hospital to procure records showing that some doctors continued to see their trans youth patients after the hospital had announced that it would pause provision of gender-affirming care. The hospital made the announcement a few weeks after AG Paxton published a non-binding legal opinion stating that gender affirming care could constitute child abuse. (The clinic was forced to shut down entirely in September 2023 when the state’s gender-affirming care ban went into effect.)
Last month, Haim was indicted in federal court on charges relating to the leaks. Prosecutors allege that he asked for an old login to be reactivated for the sole purpose of accessing private information about pediatric patients and passing that information to a media contact — right-wing culture warrior Chris Rufo, who is a major proponent of “grooming” rhetoric that equates LGBTQ+ visibility and rights with sexual abuse and indoctrination of children.
But the damage was already long done. On May 23, 2023, Rufo published and promoted the documents online. According to Media Matters, although Rufo “insisted” that he had made redactions in compliance with HIPAA, some identifiers remained. Three days later, Paxton announced an investigation into Texas Children’s Hospital, and the right-wing media had a new story to tell.
Such is commonly the case. Once the information is made public, the media often runs with it. Stories such as “Texas Children’s Hospital Restarts Child Gender Mutilation Procedures” or the Daily Mail behemoth “Children's gender clinic whistleblower tells Dr Phil patients were begging 'to have breasts put back on' and bosses told medics to 'keep silent' on de-transitioners,” which mischaracterize, exaggerate, and distort patient information to frame gender-affirming care as a lurid national scandal are common in the right-wing news ecosystem.
- Answers & AdviceHow to Squirt: Everything You Need To Know About Getting Off
Of course, the use of private medical information as outrage fodder in the culture wars is hardly new. Concerns about privacy have a long history in the LGBTQ+ rights movement. That can be seen in the history of orgs like the Missouri-based LGBTQ+ advocacy group PROMO, which was formed to defend the right to privacy after the Supreme Court upheld laws criminalizing gay sex in 1986.
Personal communications between doctors and patients related to abortion and HIV/AIDS have also been politicized by the Right for decades — and continue to be. “Truthfully, it’s everyone,” explained Robert Fischer, the Director of Communications for PROMO. “We’re not just hearing [concerns about medical privacy] from trans people or parents of trans youth but from the larger LGBTQ+ community, because what’s to stop them from coming after all our records?” Speaking with Them by phone, Fisher tied breaches of patient privacy in Missouri to wider threats to patient privacy at large, particularly the risks to patients who access abortion care in a post-Roe era.
The U.S. justice system has given some reason for hope in its response to threats to trans patients’ privacy, including the indictment of Haim in Texas and the decision to bar Bailey from accessing patient records in Missouri. However, experts say that U.S. law is insufficiently protective of Americans’ privacy, and that the law we do have, HIPAA (the Health Insurance Portability and Accountability Act), is falling far behind the times.
Those wide gaps in protection are in part because these laws were simply not developed for a political climate in which trans people’s bodies are being used as political currency. “In 1996, HIPAA was passed to give you the ability to bring your medical records with you when you changed doctors, not to protect your privacy,” said Carmel Shachar, an Assistant Clinical Professor of Law at Harvard Law School and an expert on privacy and healthcare law. “It’s a relic, it’s like riding in a Model T. It applies to what happens in your electronic medical records but nothing outside of them.” As one example, Professor Shachar said that therapy notes would count as private health information under HIPAA, but only if they were taken electronically. The U.S. has no legal protections for handwritten notes, or other privacy protections for health data outside of electronic medical records.
- Answers & AdviceHow to Squirt: Everything You Need To Know About Getting Off
Sarah Warbelow agrees. “There’s a critical need for Americans to have greater privacy protections across the board,” she said. “Not just in healthcare but all lawful behavior online deserves protection."
Thus far, concerns about the privacy of medical records have flown somewhat under the radar, but as the country contemplates the possible return of Donald Trump to the presidency in 2024, LGBTQ+ organizations say the issue is increasingly becoming among the top community concerns. LGBTQ+ people are clamoring for more protection, from both anti-trans actors and a hostile federal government, if Republicans regain control. Decisions currently being made by the courts in these cases from Missouri, Texas, Tennessee, and other states on whether medical data requested by attorneys general is protected by HIPAA and other laws may have much wider implications than most Americans realize.
An effort to build on the protections in HIPAA and enshrine wider privacy protections in U.S. law has been ongoing for years, says Warbelow. But at the moment, LGBTQ+ community concerns are not among the priorities of lawmakers sponsoring data privacy bills, which are primarily focused on standardizing regulations around commercial collection of consumer data.
“No politician should be able to have access to these records without consent,” said Fischer. “They’re trying to bend the laws that give them oversight to reach into exam rooms and take control of what you and your doctor decide.”
Get the best of what’s queer. Sign up for Them’s weekly newsletter here.
