Katelyn Ringrose is a visiting fellow at the Tech & Public Policy Program at Georgetown University’s McCourt School of Public Policy. CJ Larkin is a Public Policy Scholar at Georgetown University. Os Keyes is a Postdoctoral Fellow in the Department of Political Science at the University of Massachusetts, Lowell. Jay T. Conrad is a PhD in Law student at the University of Washington.

Recent litigation and rulings across the United States are doing more than restricting access to services for transgender and gender diverse individuals; they are actively reengineering administrative and legal systems to undermine privacy and expose sensitive personal data. This multi-front policy effort originates from the White House, the Department of Justice, and various federal agencies, creating a high-risk environment where individuals’ identities, personal information and medical histories are leveraged for political gain.

The institutionalized levering of data poses an urgent threat for everyone—not just for the transgender and gender diverse community that increasingly relies on digital spaces for crucial information, services, and connection, and already faces systemic barriers to entry.

Federal identity systems as a tool of erasure

The White House’s January remit to “Defend Women from Gender Ideology” took concrete form with the State Department’s decision to upend a decades-old gender marker protocol for US passports in what The New York Times called a “blunt and sweeping message to trans Americans.” The Supreme Court’s November 6, 2025, shadow docket ruling requires applicants to list their sex assigned at birth (“M” or “F”), and ends the option for an “X” (unspecified) designation. This administrative rollback, which the Supreme Court allowed to proceed by staying a lower court injunction, immediately impacts one of the most fundamental pieces of government-issued personal data.

In a digitized society, passport data feeds into countless systems, from travel and financial services to security checks. When an official document misrepresents a person’s identity and forces transgender and gender diverse individuals to carry IDs that contradict their day-to-day lives, it undermines both personal security and data integrity. Requiring individuals to carry mismatched IDs heightens the risk of harassment, discrimination, and potential violence during travel, when obtaining employment, or when interacting with law enforcement.

The new federal policy fosters dangerous interactions while embedding identity inconsistency into federal record-keeping, all to prioritize a politicized and inaccurate definition of gender over a citizen’s identity. This erasure is additionally harmful at a time when LGBTQ+ individuals need so badly to be accurately counted, to help ensure against bias and drive resources to where they are needed the most.

Turning healthcare into a surveillance system

The DOJ has also leveraged federal fraud statutes to extract sensitive patient data in another recent aggressive policy action targeting the privacy of the transgender and gender diverse community. In its sweeping investigations into healthcare providers who offer gender-affirming care for minors, the DOJ has relied on the False Claims Act (FCA) and the Food, Drug, and Cosmetic Act (FDCA) to systematically extract sensitive patient data from providers.

In July, the DOJ announced it had sent over 20 subpoenas to doctors, hospitals and clinics across the nation. These investigations are focused on numerous civil and criminal theories, including “miscoding” or “misbilling,” alleging that providers may have committed fraud by using diagnosis codes for covered conditions—like an endocrine disorder—instead of gender dysphoria, to ensure payment for treatments such as hormone therapy. The strategy of leveraging existing laws has already had a profound chilling effect, contributing to several major hospital systems’ decision to halt or severely restrict the provision of gender-affirming care.

The subpoenas extended far beyond financial records, explicitly demanding deeply personal patient identifiers. The DOJ’s actions exploit a crucial privacy gap in the Health Insurance Portability and Accountability Act (HIPAA), which permits disclosures to law enforcement for investigative purposes. In at least one documented case, the request sought the names, dates of birth, social security numbers, and intake forms of patients who received care. This practice transforms routine medical billing—which relies on billing codes that are meant to feed into a system of insurance—into an investigative tool, making the routine act of seeking healthcare a predicate for federal scrutiny.

These actions are buttressed by actions from other federal agencies. The Federal Trade Commission (FTC), the nation’s primary privacy regulator, deviated from its traditional consumer protection role to hold a workshop attacking gender-affirming healthcare for minors. The event was conspicuously one-sided, aggressively scrutinizing transgender healthcare, while sidelining any discussion of patient privacy.

The inevitability of data abuse

Government actions that foster and create new risks to how people engage online—whether through subpoenas targeting telehealth providers to gain access to patient data or through content censorship— disproportionately harm those already affected by the digital divide. In a climate where in-person healthcare access is actively being dismantled, the transgender and gender diverse community’s reliance on digital options, such as telehealth, has only intensified. Research by LGBT Tech underscores the importance of digital resources: 92% of transgender adults use the internet to search for health information, and 81% report utilizing telehealth services for care.

Yet structural inequities continue to limit access. Device costs, gaps in digital literacy, and, critically, unreliable internet service and other barriers to broadband access. While the federal government could—and should—be prioritizing privacy protections and everyone’s ability to access the services they need online, it has instead tasked itself with prying into and litigating the confidential health information of transgender and gender diverse individuals. This surveillance is especially alarming given the now-routine purchase of personal data by government agencies from commercial brokers.

Declining trust in in-person healthcare settings helps explain why individuals of all ages are relying more on digital lifelines than ever—especially when educational settings are rife with their own issues, from school book bans to attempts to limit K-12 funding for gender-affirming schools. The Supreme Court has repeatedly chosen to avoid establishing a national standard for privacy in schools. By declining to hear cases like Lee v. Poudre School District R-1, which involved a conflict over a school facilitating a student’s social transition without parental notification, the Court dodged the fundamental question of who controls a student’s gender-related data stored in educational and administrative databases.

Taken together —identity erasure on passports, aggressive demands for user data, and the framing of transgender and gender diverse individuals as threats to children, all while disregarding the needs of LGBTQ+ children—these actions represent a comprehensive policy of enmity against the transgender community. This enmity is marked by systematic attempts to compromise data integrity and privacy across multiple federal functions. Regardless of which data will be targeted next, gender identity information will continue to be exploited for political advantage in an environment where state-sponsored discrimination and harassment have become increasingly normalized.

While the actions of the administration arise directly from its hostility toward the transgender community, they are also the predictable consequence of earlier policy choices. From linking healthcare funding to record digitization to centralizing licensing data in the name of fighting terrorism, administrations of both parties have consistently failed to take privacy (or the inevitable abuse of data to carry out formalized state violence and oppression) seriously. The result has provided fertile ground for government efforts attempting to erase transgender and gender diverse lives.

Fighting against these systematic forms of oppression, which paradoxically rely on both erasure of identities and intensified forms of surveillance and data collection, requires genuine solidarity, particularly with other movements fighting for bodily autonomy and privacy. Further, it requires those fighting to recognize how data collection efforts, even those started with the best of intentions, create new mechanisms for surveillance, violence and control.

While the threat the federal government poses is immense, the ability of state-level actors to successfully defeat federal subpoenas for patient data shows that resistance is possible and underscores the urgent need for comprehensive federal privacy protections that serve all individuals.