Whistleblower surgeon could face 10 years in prison for exposing PHI

Dr. Eithan Haim, a surgeon at Texas Children’s Hospital, was indicted for criminally violating HIPAA after he disclosed confidential documents to a journalist, revealing that the hospital continued providing gender-affirming care to minors despite public claims to the contrary.

What happened

In June 2024, Dr. Eithan Haim, a surgeon finishing his residency at Texas Children’s Hospital, was indicted. Dr. Haim had given documents to journalist Christopher F. Rulo, reporting for the City Journal, revealing that the hospital was quietly continuing to provide gender-affirming care to minors, despite publicly saying they had stopped. 

This came following Texas passing laws against this type of care for minors. The documents showed that treatments like hormone therapies and puberty blockers were still being given out. The Federal Bureau of Investigation (FBI) got involved when the leaked information led to suspicions about Dr. Haim's actions.

In June 2023, FBI agents approached Dr. Haim as he was about to finish his residency at Baylor College of Medicine, informing him that he was under investigation as the potential source of the leak. Despite this warning and a subsequent threat of prosecution from Assistant U.S. Attorney Tina Ansari, Dr. Haim confirmed his role as the whistleblower in a followup interview with Rulo in January 2024.  

In the know

When Dr. Haim shared protected health information (PHI) with a journalist he contradicted HIPAA’s Privacy Rule. HIPAA requires that any PHI, which includes any information that can identify a patient and details about their health condition or treatment, must be kept confidential unless consent is obtained. Dr. Haim shared documents to expose the hospital’s continued provision of gender-affirming treatments to minors, despite public claims of stopping these services. 

Even though he redacted personal details from these documents, sharing them without proper authorization constitutes a violation. This breach undermines the foundational goal of HIPAA, which is to protect patient privacy and maintain trust in healthcare confidentiality. Dr. Haim could face severe penalties, including criminal charges, substantial fines, and possibly prison time.

What was said 

The DOJ press release stated, “According to the indictment, Haim was a resident at Baylor College of Medicine and had previous rotations at TCH as part of his residency. In April 2023, Haim allegedly requested to reactivate his login access at TCH to access pediatric patients not under his care. The indictment alleges he obtained unauthorized access to the personal information of pediatric patients under false pretenses and later disclosed it to a media contact. If convicted, Haim faces up to 10 years in federal prison and a $250,000 maximum possible fine.”

Why it matters

In cases like Dr. Eithan Haim's, the desire to shed light on potentially undisclosed medical practices can conflict with the imperative to safeguard patient confidentiality. Gender-affirming care for minors is a particularly sensitive area, as it involves vulnerable patients who may face societal stigma and personal risk if their medical treatments become publicly known. A physician's ethical duty is to treat and protect their patients.

Dr. Haim, by sharing documents related to this care, failed in this responsibility. Despite his intentions to expose what he viewed as wrongdoing, his actions could have unintended consequences, such as deterring minors from seeking necessary medical care out of fear their privacy will not be respected. His decision to go public with confidential information—even redacted—potentially put at risk the very individuals he might have aimed to protect. This breach goes against the core ethical principles of medicine: to do no harm and to respect patient autonomy and privacy. 

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a whistleblower?

A whistleblower is an individual who exposes information or activities within a private, public, or government organization that are deemed illegal, unethical, or incorrect.

Are whistleblowers offered any sort of protection under Federal or state law?

Yes, whistleblowers are often protected under various federal and state laws, which can shield them from retaliation when they report illegal activities.

What is the ethical code for healthcare providers?

The ethical code for healthcare providers is made up of principles such as confidentiality, patient autonomy, beneficence, nonmaleficence, and justice to guide their professional conduct and decision making.