Tennessee Identity Data Reporting: The Hidden Implications Behind the Policy Change
Since 2015/2016, I have been loud about Trump and his brand of “Republican” and how they supported a national Muslim registry.
November 20 2015: An NBC News reporter asked if Trump, if elected, would require Muslims to register in a database. He said, “I would certainly implement that. Absolutely.”
The follow-up was asked: Would the registration be mandatory? Trump’s response: “They would have to be.”
He was asked how he would carry out the registration and if people would be registered at mosques – you know, Islamic places of worship. His response was, “I would be just good management. What you have to do is good management procedures, and we can do that […] Different place, you sign them up at different, but it’s all about management, our country has no management.”
November 22, 2015: When he was asked on ABC News if he was ruling out a database, he said “No, not at all.”
The response
People, much like myself, were very concerned by this because we’ve seen this movie before, and it ended badly. If anyone reading this is unaware, here’s a hint: In 1940s Germany, they registered a specific group of people who were systematically killed.
Why is this an ‘I Told You So’ moment?
Because various bills and states are trying to gather data that could be used to create a list of transgender individuals, or those who are not in the “right party.” Which is an issue.
Tennessee HB754/SB676
While it does not expressly say that it would create a list of transgender individuals, stay with me here.
So, what can happen if this passes (or when, as Tennessee is super red) is that it creates a direct data pipeline that could effectively function as one.
1: The bill requires clinics to report every gender transition procedure and submit that data monthly to the Tennessee Department of Health. Meaning, anyone receiving medical transition care is recorded in state data.
2: Insurance providers must also report claims related to transition and detransition procedures, submitting those reports regularly to the DOH.
This means that you have clinical data and insurance data cross-referencing datasets about the same population.
3: The bill says reports to officials can be aggregated (grouped data), but the public website states that the data is not aggregated.
“Not aggregated” means that data may be broken down into very, very small categories, and if it is granular enough, the powers that be can identify individuals individually (especially those in rural areas), and can be used to track cases over time.
4: All this information is sent to the Department of Health, which compiles it into annual reports and maintains the underlying datasets. Even if names aren’t explicitly listed, the state now has access to a centralized dataset of people-related, gender-related care.
How does this create a list if it is statistics?
Technically, it is framed as statistical reporting, sure. But functionally, it is creating a registry-like dataset of who is accessing gender related care, where, when, and possibly how often. With enough detail that can, potentially, be used to identify and track individuals, especially when they are combined with other data sources.
What are the risks?
Re-identification (even without names)
Even if names are not included, it can out/point to specific individuals. The law will require the type of procedure, timing (monthly reporting), location (clinic and regional data), and possibly age-ranged or insurance type.
If the public data is “not aggregated,” this means that very small cells like “1 procedure in County X in [month].” This is an issue because in many Tennessee counties, there may be only one clinic or one known patient. So anyone with local knowledge (neighbors, coworkers, school communities, churches) can infer: “it must be [name].”
This is called a linkage attack – matching anonymous data with real-world knowledge.
The Mosaic Effect
The bill creates two separate reporting streams:
- Clinics → procedures
- Insurance → claims
The risk here is that even if each dataset is “safe,” together they can be cross-referenced and narrow identities down to individuals.
Example:
- Dataset A: “1 mastectomy, age 16–17, County X”
- Dataset B: “1 insurance claim, dependent, same county, same month”
Combining these datasets, there is an extremely high probability of identifying the person. This is the “mosaic effect” in data privacy.
Small Population Exposure (rural amplification)
Tennessee is one of the many states in the US that has low-population counties. Let’s talk about why that matters.
This means there are fewer transgender patients, which means easier identification. Fewer providers mean easier tracing.
If a county reports 2 transitions/year, locals know there are only 2 trans individuals openly receiving care. This dataset will effectively name them without naming them.
Logitudinal tracking (following individuals over time)
Reporting is ongoing and monthly. This means the state builds a time-series dataset.
This enables the tracking of repeat procedures and observes detransition cases. This would tie patterns to specific individuals. Essentially, reconstructing a medical timeline for a person.
Example:
- The same rare procedure appears 3 times over 6 months in the same county
→ Likely the same patient
Government access beyond “public reports”
The public aspect is only part of the issue. This is a law that allows the Attorney General to conduct investigations and issue document demands (civil investigative demands).
Meaning, the non-public dataset likely includes much more information and potentially identifiable records. So, even if the public data is semi-anonymous, the state itself may have identifiable records of transgender individuals.
Function creep (data beyond the original purpose)
The stated purpose is statistical reporting and oversight. But once the data exists, it can be reused.
Secondary uses for the data could be enforcement of future restrictions, audits of providers, targeting of specific clinics or regions and the supporting of new legislations (using HB754/SB646 as a ‘precedent’ similar to how Roe v Wade used Griswold v Connecticut to be passed).
This is how data collected for “health statistics” becomes policy enforcement infrastructure.
Behavior Changes due to Surveillance
Even if no one is explicitly being identified, patients may avoid care. Providers may reduce services. Families may avoid insurance claims. This is due to fear of being tracked or exposed.
Per the Williams Institute, transgender people are at a much higher rate than their cisgender counterparts to be victims of violence (86.2 per 1000 vs 21.7 per 1000). In 2024, specifically, 52% of tracked anti-LGBT+ incidents were specifically directed at transgender or gender-nonconforming people.
Additionally, nearly 25% of transgender individuals have faced discrimination in medical settings, and 10% of young transgender individuals have experienced violence from family members or were kicked out of their homes.
This is a behavioral risk, not just a privacy one. The system doesn’t need to identify a person – just the possibility can change decisions.
Public data misuse (third-party exploitation)
As the law requires public release in downloadable format and non-aggregated data, this opens the door to activist groups mining the data. It means that journalists can narrow down cases and that data brokers can combine it with other datasets.
Each step, if legal, can still be targeted identification.
Security Risks
Now, as is the case with security breaches (how many letters do people get discussing a data breach in the mail?), centralized data includes a hacking risk, insider misuse, or accidental exposure, meaning that the dataset becomes far more dangerous than intended.
Disproportionate impact on minors
The bill focuses on minors, but that only increases the risk.
Smaller population → easier identification
This also means that school/community visibility is higher, and that parents/legal guardians are indirectly exposed to.
Does it violate HIPAA?
The bill creates a highly granular, multi-source, longitudinal dataset about a very small, identifiable population, published in a partially disaggregated form.
And to discuss if it violates HIPAA – it does not inherently, as HIPAA allows disclosures required by law. However, it creates a significant risk of HIPAA violations if the publicly released data is not properly de-identified, especially given the requirement that it be “not aggregated.”
How is this similar to 1940s Germany?
I made the analogy to 1940s Nazi Germany, why? They did the same thing.
In the Third Reich, the government systematically identified Jewish people using census data, religious records, and civil registries.
This bill requires systematic reporting about people receiving gender-related care and centralizes that data into a state agency. It is the state building datasets on a specific population.
They both used the “function creep” of state data. The data under Hitler started as an administrative policy and later enabled discrimination, exclusions, and persecution, a la the Nuremberg Laws. This is because once a dataset exists, it can be used for future policies beyond the original purpose.
The Nazis used the linking of multiple data sources to identify individuals. People were not always identified by a single “list,” but instead, identity was reconstructed from birth records, Synagogue membership (similar to Trump’s words about registration by mosque in 2015), and ancestry documentation.
The way this bill is identified via medical records, insurance claims, and small datasets.
Bottom Line
This is very much a slippery slope to the registration of US citizens. Which is an issue. Last time we saw people catalogued, it didn’t look good, and it didn’t end well.
This is where I ask the question: Are you cool with this being the precedent? Where does it stop? Once transgender people are categorized, what about women? Or anyone else in the LGBT+? What happens to them? Other states are already trying to categorize and make datasets of women who seek abortions.
Why does it stop?