Are you suggesting that alleged medical malpractice justifies breaching patient confidentiality?
That is a very tough question with no black-and-white answer. I would suspect sometimes malpractice would be a good cause for whistleblowing. Different countries will have different rules on whistleblowing.
Does it justify the actions of the Singal? IDK. worth reading (the Cass review is publicly available and not partisan) about similar situations and drawing your own conclusions.
Strong disagree. Not a tough question at all. HIPAA rules are there to protect patient confidentiality. There was no hint of consent, and in fact this was done in an effort to injure the patients in question. (I’m sorry, to “protect” them from life-saving treatment which is well researched and supported by all major medical groups.) There is no bothsidesing this at all.
And as anyone who does any kind of research knows, well-researched does not mean free of bias. How you organize and present your research can do a lot of heavy lifting on helping the reader come to particular conclusions, and it can be made to seem objective in it’s orientation, when it very well might not be… “well-researched” in other words, doesn’t no mean “accurate” or “neutral” in political point of view.
The reality is that there are people who would pull the lever even if no-one could wander on to the track. Some of them have even commented on this BBS.
Look - you can’t trust the decades of studies and the recommendations of all medical and psychological societies when it comes to treating trans people. And you can’t trust trans people about their own lives. They’re clearly all deluded liars.
The only action possible is to eliminate them. It makes some people feel slightly better about themselves. Though there’s no actual studies about the extent that eliminating trans people improves the lives of people who feel discomforted by our existence- is it really worth the risk to open them up to lifetimes of ruminating about trans people being happy?
Not at all. It is possible to be a whistleblower (reporting the malfeasance of your employer to the authorities or, if you work for the government, reporting them to courts or news organizations) without breaching patient confidentiality. Reed did not report her employer to authorities nor did she work for the government. She essentially reported patients to pseudo-journalistic fronts for anti-trans groups. She is not a whistleblower.
And in this case, the patient protection law she specifically violated is HIPAA.
HIPAA violations are very serious - but that’s what is contested here. Worth reading the next couple of paragraphs from the article, after the one that thomdunn picked:
“Information she shared with news media was meticulously vetted and, if necessary, thoroughly redacted to prevent even speculative interpretive efforts at identifying patient health information. Finally, none of the information provided is remotely contained or included within any definition of ‘identifiers’ listed in the HIPAA safe harbor rule.”
You selectively quoted that paragraph to hide that fact that it is a remark by Reed’s lawyer. You did leave the quotation marks in, but you didn’t indicate who was speaking.
In an email sent last week, Ernie Trakas, an attorney for Reed and a member of the St. Louis County Council, said he was confident his client “has not violated any HIPAA patient identifying protections.”
Trakas, with the Child and Parental Rights Campaign, continued: “Information she shared with news media was meticulously vetted and, if necessary, thoroughly redacted to prevent even speculative interpretive efforts at identifying patient health information. Finally, none of the information provided is remotely contained or included within any definition of ‘identifiers’ listed in the HIPAA safe harbor rule.”
And that lawyer is unfamiliar with HIPAA or is lying on behalf of her client. No patient data of any kind may be used in any published work without written consent of the patient, regardless of whether it is anonymized and/or identifiers are redacted.
This is clinical trials 101. If anything, lay media publications have less freedom in this regard than scientific journals and conferences.
That is not how HIPAA works. It doesn’t matter if the medical information was supposedly de-identified. Even if it was successfully de-identified, which is actually very hard to do, the information is still subject to HIPAA protections and that woman who revealed it is not permitted to reveal any health information of patients at the clinic. At all. Ever.
When health information is released for statistical purposes there are specific protocols in place that proscribe how to de-identify the data, the entities permitted to release the de-identified data, and the entities that may receive that data.
This woman was not authorized to release any PHI.
The information was not de-identified in accordance with established protocols. Which means it was not effectively de-identified at all.
Random transphobe with a blog or podcast or whatever is not authorized to recieve the information. That is reserved for researchers and regulatory entities.
Merely making her own personal records with the PHI of the child patients was a HIPAA violation. Releasing it was another violation.
That woman is also not a whistleblower within the legal definition of that term in either federal law or state law. She gave this information to some random asshole. To be a whistleblower, a person must report suspected illegal conduct to an authority with the responsibility for such a violation. If they did that, they are protected from retaliatory action by their employer or government. That’s it. Whistleblowing isn’t a get out of jail free card. If the whistleblowing involved illegal acts, those acts remain illegal.
Why are you trying to defend this person? Even if this wasn’t a HIPAA violation, she took the private health information of children and released it to a person known to hurt people. She placed those children and their families at risk for absolutely fuck all. Random transphobe asshole isn’t going to be able to actually do anything about the clinic practices, even if they did deviate from the standard of care. All he can do is use the information to enrage other random transphobe assholes who will then threaten and hurt the kids.
This is how families get hurt and children’s hospitals get bomb threats.
The Cass interim review has also been weaponised by right-wing MPs and media pundits in the UK into a vehicle that supports that horror show known as conversion therapy (now re-branded as “exploratory therapy”).
Anyone who believes that things will go any differently in the U.S. now that the likes of Bad-Faith Bari Weiss and fascist Senator Josh Hawley are involved is a fool.
[Thanks also to those here who’ve thoroughly de-bunked the ridiculous claim that this was not a HIPAA violation.]
All major medical groups. AAP, AAFP, AMA, ACOG, APA and on and on. It is dangerous to hang your argument on a single study or report, especially when it stands in contradiction to mountains of evidence and experience.
Signal, nothing, it is a perfectly decent communications application. Jesse Singal on the other hand is probably open to a class of lawsuits called communications torts, specifically public disclosure of private facts and intrusion come to mind. A practicing first amendment lawyer would be able to speak better to if they would stick, but I can walk through the rough ideas.
Public disclosure of private facts - generally covers
The information disclosed is private. Medical records are frequently given as an example.
The information was disclosed to a wide audience. The Atlantic is a national magazine with an international read website. The substack of a known writer is a pretty wide audience.
The disclosure would be offensive to a common person. The selective release of children’s medical records to score political points seems to clear the bar.
Intrusion generally includes
The defendant, without authorization, intentionally invaded the plaintiff’s private matters. You know, like medical records.
The invasion is offensive to a reasonable person. Again, medical records, but of kids.
The intrusion caused the plaintiff mental anguish or suffering. International publication of your medical records seems pretty troubling.
HIPAA would probably not apply to Singal directly. He isn’t likely to be a covered entity and there is no accusation that he lied to Reed and pretended to be a doctor. Singal would likely only be hit by HIPAA insofar as it makes it really easy to demonstrate a ton of other offenses because the information is so obviously private. Reed on the other hand seems to have pretty clearly breached HIPAA with malice and would probably be eligible for the maximum penalties.
Which one of those is relevant to disclosing private patient information? Or just because you don’t like the treatment are medical privacy rules out the window?
Not a thing being done here.
Neither the UK (your examples) nor the US (the actual story) would qualify this as whistleblowing, so which set of rules do you think should be relevant? It’s lots of fun to talk about the hypothetical standards of unnamed places, which one are you suggesting is relevant, rather than masking your lazy caping for bigots in just asking questions handwaving garbage?