The doctor has publicly identified himself as the person who released information to a conservative activist about the transgender care program at Texas Children’s. Citing “whistleblower documents,” the activist published a story in May 2023 saying Texas Children’s provided transgender care, which was legal at the time, “in secret.”

Texas Children’s on Monday declined to comment on the charges against Haim. In previous statements, hospital officials said its doctors have always provided care within the law.

Transgender care has become a popular talking point in Texas and other Republican-dominated states where lawmakers claim such treatment is harmful to children. It describes a range of different social, psychological, behavioral or medical interventions that support people whose assigned sex at birth does not align with their gender identity. This can include mental health counseling, hormone therapy or surgery, which is rare for people under 18.

Such treatment, which is supported by every major medical association in the U.S., was offered at Texas Children’s and other pediatric hospitals in Texas. Lawmakers have since implemented a statewide ban, and Texas Children’s said it would discontinue its program.

Meanwhile, Haim has publicly decried the investigation against him as “political.”

In the arraignment hearing, Ho said the indictment identified three different patients whose health information was compromised. Addressing reporters, Patrick declined to speak about the facts of the case but described the charges against his client as a “huge contradiction.”

  • geekwithsoul
    link
    fedilink
    English
    196 months ago

    You seem very confident in your answer, but the actual text doesn’t seem to match your assertions?

    https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

    There are three exceptions to the definition of “breach.” The first exception applies to the unintentional acquisition, access, or use of protected health information by a workforce member or person acting under the authority of a covered entity or business associate, if such acquisition, access, or use was made in good faith and within the scope of authority. The second exception applies to the inadvertent disclosure of protected health information by a person authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the covered entity or business associate, or organized health care arrangement in which the covered entity participates. In both cases, the information cannot be further used or disclosed in a manner not permitted by the Privacy Rule. The final exception applies if the covered entity or business associate has a good faith belief that the unauthorized person to whom the impermissible disclosure was made, would not have been able to retain the information.

    • @secretlyaddictedtolinux@lemmy.world
      link
      fedilink
      1
      edit-2
      6 months ago

      You’re either partly right at least or I’m at least not up to date on things. It looks like there are recent additions to the rules based on the abortion case Dobbs and in addition, some of the proposed changes I read about in an article may not have been added in. Many people were complaining about HIPAA preventing them from finding out about family members who were hospitalized and there were discussions about changing things, but you may be right and none of those changes were incorporated into the actual HIPAA rules.

      When I read about proposed changes to HIPAA, I figured they would be passed because it seems like the trend is erosion of individual privacy always in the interest of whatever the government says, and I didn’t verify everything prior to my reply.

      Good catch. It appears at least initially I’m wrong and you’re right. I’m going to research it more later, but it likely won’t change things.

    • Also to clarify, under the rules, certain actions may not constitute a breach to begin with and therefore the breach rules may not apply and also the exceptions may not apply.

      • geekwithsoul
        link
        fedilink
        English
        76 months ago

        The big difference is that all those exceptions only apply to an authorized party, i.e. a health care provider authorized to care for the patient. In this case, the doctor in question was never authorized - none of the patients were in his care.

    • @secretlyaddictedtolinux@lemmy.world
      link
      fedilink
      -2
      edit-2
      6 months ago

      It looks like there are updates to HIPPA based on concerns about Dobbs, so I am probably wrong overall.

      But:

      https://www.hhs.gov/hipaa/for-professionals/faq/488/does-hipaa-permit-a-doctor-to-discuss-a-patients-health-status-with-the-patients-family-and-friends/index.html

      “Even when the patient is not present or it is impracticable because of emergency circumstances or the patient’s incapacity for the covered entity to ask the patient about discussing her care or payment with a family member or other person, a covered entity may share this information with the person when, in exercising professional judgment, it determines that doing so would be in the best interest of the patient. See 45 CFR 164.510(b).”

      i may not be wrong after all?

      https://www.law.cornell.edu/cfr/text/45/164.510 (3) Limited uses and disclosures when the individual is not present. If the individual is not present, or the opportunity to agree or object to the use or disclosure cannot practicably be provided because of the individual’s incapacity or an emergency circumstance, the covered entity may, in the exercise of professional judgment, determine whether the disclosure is in the best interests of the individual and, if so, disclose only the protected health information that is directly relevant to the person’s involvement with the individual’s care or payment related to the individual’s health care or needed for notification purposes. A covered entity may use professional judgment and its experience with common practice to make reasonable inferences of the individual’s best interest in allowing a person to act on behalf of the individual to pick up filled prescriptions, medical supplies, X-rays, or other similar forms of protected health information.

      It doesn’t seem like this exception can be waived. What are emergency circumstances or incapacity? What if I don’t want anything disclosed based on someone else’s professional judgment?

      I just still think there is way too much leeway to allow things to be shared based on the ambiguous language of the text.