Under the banner of anti-discrimination, recently established advocacy group Do No Harm (DNH) seeks to eliminate diversity initiatives in healthcare. DNH believes that diversity, equity, and inclusion (DEI) practices are plain discrimination against certain demographics of patients, medical students, and healthcare workers, which ultimately harms patient health outcomes. This belief contradicts current healthcare and public health goals of utilizing diversity-conscious practices to promote equity and mitigate disparities in healthcare. Legitimization of DNH’s mission would further politicize equity in medicine and frustrate preexisting efforts to eliminate health disparities.

Background

Retired physician Stanley Goldfarb founded DNH in 2022 to fight for “the elimination of all discrimination in healthcare.” As a national association comprised of like-minded patients, medical professionals, and policymakers, DNH primarily utilizes media, lobbying, and litigation to target pediatric gender-affirming care and DEI practices.

DNH pursues litigation over initiatives like diversity fellowship scholarships, DEI hiring practices, and clinical care practices specialized to meet the needs of racial and ethnic minorities. DNH believes that tailoring healthcare opportunities to racial minorities, women, and other minority groups discriminates against all other “non-minority” groups. DNH grounds its arguments in various combined readings of Title VI of the Civil Rights Act of 1964, Section 1557 of the Affordable Care Act (ACA), and the Equal Protection Clause of the Fourteenth Amendment. These federal provisions prohibit discrimination on the basis of race, color, ethnicity, and sex, and typically resolve cases involving discrimination against a racial, religious, or gender minority. Spurred by changes implemented by the U.S. Supreme Court, DNH wants to use these federal provisions to protect non-minority groups from discrimination.

In the 2023 decision from SFFA v. Harvard, SCOTUS said that “[e]liminating racial discrimination means eliminating all of it”, reinforcing a statement from an 1886 case that the Equal Protection Clause applies “without regard to any difference of race, of color, or of nationality”. The Court held that colleges and universities are now prohibited from considering race as a factor in admissions. After this decision, groups like DNH began filing claims with intent to expand the scope of SFFA v. Harvard to non-university parties, including medical schools and healthcare workplaces.

Like other industries, healthcare evolved over time and gradually implemented diversity-conscious practices to address identified disparities. Medical schools and healthcare employers established policies and opportunities for traditionally underrepresented groups to enter the medical field. Proponents of health equity believed DEI would lead to more accurate, bias-checked medical opinions and treatment decisions, and that a diverse range of physicians caring for a diverse patient population would improve patients’ overall experience and trust in the healthcare system.

DNH discredits diversity initiatives in its own compiled report, which discusses a lack of hard evidence that diversity-conscious practices improve clinical outcomes and “debunks” the methodology of select pro-DEI research. Advocates of diversity initiatives defend the practice by pointing to records of positive subjective patient experiences and a social need to remedy historical inequity in the profession. DNH opposes those exact ideas: first, that diversity in the healthcare workforce results in improved patient health outcomes; and second, that medicine is a practice where equal opportunity matters more than, or as much as, training “the best and the brightest”.

Recent Action by Do No Harm

In March 2024, House Representative Greg Murphy introduced the EDUCATE Act, which proposes a ban on federal funding for medical schools that “force students or faculty to adopt specific beliefs, discriminate based on race or ethnicity, or have diversity, equity, and inclusion (DEI) offices or any functional equivalent.” DNH founder Dr. Goldfarb supported the Act, saying, “If we fail to stop [DEI ideology in medical schools], we risk a generation of physicians ill-equipped to meet the needs of their patients.” Endorsement of the EDUCATE Act reflects DNH’s fear that medical schools are prioritizing diversity and equity over quality medical training, to the detriment of patient health outcomes. The status of the Act has not changed since its referral to the Committee on Health, Education, Labor, and Pensions.

In June 2024, DNH filed a complaint in federal court, challenging a policy of the American Association of University Women (AAUW) that limited eligibility for its fellowship program to women applicants of ethnic minority groups. The court dismissed the case after AAUW agreed to drop race from criteria for consideration of the fellowship. In its August 2024 statement, AAUW acknowledged that “recent Supreme Court decisions have changed how we must fight for equity”, likely referring to SFFA v. Harvard.

In August 2024, DNH filed a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), urging an investigation into the Cleveland Clinic. Since 2019, Cleveland Clinic’s Minority Stroke Program“tailor[ed] treatment and prevention services to Black and Latino patients, including medical referrals and post-stroke care” to address the disparity that “Black men and women are at least two times as likely as white Americans to die from strokes.” DNH alleged that the minority-focused programming violates non-discrimination mandates under Title VI and Section 1557 of the ACA. In September 2024, OCR announced it would investigate the complaint.

Discussion

DNH’s litigation efforts against pro-DEI organizations indicate that any program with DEI initiatives is susceptible to equal protection challenges and discrimination claims. Data, studies, and research in support of one side or the other are frequently met with scrutiny by the opposing side. For example, DNH itself lauded research that “debunked” an influential study on racial concordance and newborn mortality that was often cited by scholars and administrators to justify DEI-conscious admissions at medical schools. The public is adversely affected by apparent discord among medical scholars and health policymakers, with one study attributing a lack of trust in public health agencies to perceptions of political influence within the agency, which risks undermining public health efforts. Further politicization of equity and other healthcare goals frustrates actual progress towards improving health for all.

Updates are slow in this area of health, law, and equity. The ongoing focus and frequency of DNH activity should put organizations on notice to carefully consider existing DEI practices and prepare to either defend or drop diversity-conscious language from any program goals and requirements. Choosing to defend risks the possibility of a court applying the SFFA v. Harvard prohibition on race considerations to this specific healthcare context, or even extending the reach of SFFA v. Harvard to DEI-centered fellowships, research programs, and pipeline programs in every industry, not just healthcare. No court has definitively ruled on the merits of a claim alleging discriminatory diversity-conscious healthcare and medical school programming. Like the AAUW case described above, most cases are dismissed for procedural reasons without judicial comment on discrimination and DEI. However, every lawsuit DNH files against pro-DEI organizations is a step in that direction.

Here in Illinois, DNH has not filed any lawsuits alleging discriminatory practices by healthcare corporations and medical schools. In August 2022, DNH did file an administrative complaint with the Department of Education, Office of Civil Rights (Chicago OCR) against Loyola University Chicago Stritch School of Medicine (Loyola), calling out an internship program that “intended to encourage medical students from racial and ethnic groups that are underrepresented in medicine to consider pursuing a career in academic surgery” in violation of Title VI. Eligibility requirements for the program included the criterion of “African American/Black, Hispanic/Latinx, American Indian/Alaska Native, Native Hawaiian/Pacific Islander”. Chicago OCR dropped its investigation in February 2023 because Loyola removed the contested criterion from its eligibility requirements. Now, the program “invites outstanding students who self-identify as underrepresented in Surgery from a social, economic, or educational perspective” to apply.

In October 2024, DNH Senior Fellow Mark Perry submitted a complaint to Chicago OCR on behalf of DNH against Midwestern University over its dental school scholarship program, which is open to students from “underrepresented minority groups”. According to Perry, the program violates Title VI and is “not legal”. Other than a November 2024 news clip on the DNH site, no further updates are currently available on this matter. Perhaps like Loyola and the AAUW, Midwestern University will eventually rephrase or omit the challenged language from its program requirements.

Other than scholarship programs, minority-focused clinical care and research programs are prime targets for DNH attention. The University of Illinois at Chicago College of Medicine currently runs the Institute for Minority Health Research, which aims to promote research and other interventions to “improve the health of vulnerable minority populations living locally, nationally, and internationally.” DNH could attack the Institute for its apparent catering to “minority populations” over non-minorities, similar to its argument in the Cleveland Clinic investigation.

DNH continues to submit complaints against organizations with DEI practices, condemning claims that minority representation in healthcare contributes to improved patient health outcomes. By pursuing its goal of ending discrimination against non-minorities in healthcare, DNH is polarizing what could be a collaborative discussion on the optimal ways to improve health. “Equity” is now a politicized term rather than a fundamental principle of health and medicine. If any judicial or legislative action legitimizes the goals of DNH and specifically applies SFFA v. Harvard and equal protection to this healthcare context, DEI healthcare and medical programs risk total invalidation —something to keep an eye on in the upcoming years.

Patient privacy is one of the staples of health care, and one that is increasingly posing a major concern to patients. The knowledge that the information is so exclusive and only accessible to a trusted number of people is an essential part of treatment, as it makes patients more willing to share and gives doctors a better understanding of their health. In the wake of the Supreme Court’s ruling in Dobbs vs. Jackson’s Women’s Health Org., there has been growing uncertainty and fear regarding the future of a Constitutional right to privacy, with healthcare being a central issue. More recently, however, patient privacy has faced further challenges: it is being breached through cyberattacks.

In February 2024, Change Healthcare, which is affiliated with UnitedHealth Group, a large scale company with a wide reach across many healthcare sectors across many different sectors of the health-care system, was hacked by a ransomware group. This led to issues with billing. Some providers and hospitals were unable to bill for their services, leading to loss of revenue. Other problems resulting from the cyberattacks including an inability to discharge patients from hospitals and security issues in a world of digitized patient records.

This is not the only example of cyberattacks in the healthcare industry. Also in February 2024, Lurie’s Children’s Hospital in Chicago fell victim to a hack that prohibited hospital staff from accessing patient records and patient-doctor communication. Additionally, the popular ancestry-tracking website 23andMe was hacked in December of 2023. While 23andMe is not necessarily associated with the healthcare industry, 23andMe accounts hold user’s DNA information including family trees and user-health information associated with their accounts, further breaching health privacy.

This raises important questions about how patients can feel safe in continuing to share their information with providers and hospitals. How does a patient know if their information is safe, or will stay safe? Appointments can fall into a routine, where the patient is brought into the exam room to answer questions about themselves and their lifestyle without much thought about what might happen to that information. Some of the questions may seem more related to the appointment than others, but all that information is notated and accessible to the care team in hospital records, more digitally accessible in today’s world than ever before.

There are laws and regulations that physicians must follow in regard to patient privacy, but they may not be enough to instill confidence in patients following the cyberattacks, prevent them from happening, or take the responsibility off of patients’ shoulders. What can patients expect from their healthcare providers, and what do patients have to take upon themselves to protect their medical privacy?

There are a number of authorities that physicians turn to regarding patient privacy, some in the legal field and some not. Under federal law, the Privacy Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) places several restrictions on the use and disclosure of individual patient information and medical records. Therefore, hospitals and hospital employees are legally prohibited from sharing sensitive patient information (with some exceptions involving public health). Additionally, the Privacy Rule under HIPAA sets criminal penalties for those who unlawfully obtain individually identifiable medical records, so hacking aside, it is possible that there are individual criminal punishments in store if the cyber-attackers are caught. However, this does not provide much quell growing concerns about the safety of patient records, as criminal punishment after the fact does not prevent hackers ahead of time – it only provides possible support after the cyberattack takes place if the hackers are caught and prosecuted.

The American Medical Association (AMA) Code of Ethics has policies set in place to protect patient privacy. The AMA determines that doctors are to notify patients if there is a major privacy breach on their medical records. Therefore, in theory, patients should not have to worry about cyberattacks happening completely without their knowledge. However, this also does not do much to protect patient data ahead of time or give personal legal recourse after falling victim to a cyberattack.

Beforehand, professionals say patients can also monitor their privacy themselves. General security protections can help avoid cyberattacks, like complicated passwords and monitoring medical billing activity can keep them aware. This faces the same problems as the other protections and does not actively give any guarantee of safety or legal recourse if a cyberattack does happen.

In all, with medical privacy and rights being called into question after Dobbs, cybersecurity concerns are escalating fears and insecurity in a digital world. The preventative measures available may only affect the extent of the hack and provide the patient with notice if they are targeted, but there are not sufficient measures and protections ahead of time or legal recovery after the fact. After a cyberattack, patients may feel violated and scared, but the ability to bring a successful lawsuit or see a criminal indictment may be slim. Going forward, patient privacy needs to take priority, and the health law field across the board must take more steps to help digital medical records remain protected in a time where some privacy in healthcare faces an uncertain future.