Skip to content Skip to navigation

Report: NFL Players’ Medical Records Stolen from Trainer’s Car

June 2, 2016
by Rajiv Leventhal
| Reprints
Click To View Gallery

Thousands of National Football League (NFL) players’ paper and electronic medical records dating from 2004 were stolen from a Washington Redskins’ trainer’s car earlier this year, according to a report from sports and news media site Deadspin.

According to an email obtained by Deadspin that was allegedly sent on May 27 by NFL Players Association (NFLPA) Executive Director DeMaurice Smith to each team’s player representatives, “In late April, the NFL recently informed its players, a [Redskins] athletic trainer’s car was broken into. The thief took a backpack, and inside that backpack was a cache of electronic and paper medical records for thousands of players, including NFL Combine attendees from the last 13 years. That would encompass the vast majority of NFL players, and for them, it’s a worrying breach of privacy; for the NFL, it’s potentially a costly violation of medical privacy laws.”

The Washington Post confirmed the Deadspin report. In a statement, per the Post story, the Redskins team said that the theft occurred mid-morning on April 15 in downtown Indianapolis, “where a thief broke through the window of an athletic trainer’s locked car. No social security numbers, Protected Health Information (PHI) under HIPAA, or financial information were stolen or are at risk of exposure.”

The statement from the Redskins also attested that the team is working with the NFL and NFLPA to locate and notify players who may have been impacted. The statement continued by noting that the laptop was password-protected but unencrypted, but they have no reason to believe the laptop password was compromised. The NFL’s electronic medical records system was not impacted, the statement said.

The Deadspin report further notes that the NFL Combine, “though operated by a private company, is a league event, involving prospective league employees, and the records are those of current and former players from among all the NFL’s teams. It is thus likely that it is the NFL’s responsibility to protect those records, and the NFL’s obligation to make sure that anyone who has access to them observes federally and locally required medical privacy standards.”

The report’s authors mention that because the NFL is not a covered entity under HIPAA, the law wouldn’t apply directly to the league. The U.S. Department of Health and Human Services (HHS) website verifies that health plans, healthcare providers, and healthcare clearinghouses are the groups that are covered by the privacy rule, and are subject to penalties if they release medical information without the patient’s consent. Rather, in this case, “any potential litigation would likely take place on the state level, where courts routinely cite HIPAA standards,” according to Deadspin.



ONC National Coordinator Gets Live Look at Carequality Data Exchange

Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.

American Red Cross, Teladoc to Provide Telehealth Services to Disaster Victims

The American Red Cross announced a partnership with Teladoc to deliver remote medical care to communities in the United States that are significantly affected by disasters.

Report: The Business of Cybercrime in Healthcare is Growing

While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.

Phishing Attack at Baystate Health Potentially Exposes Data of 13K Patients

A phishing scam at Baystate Health in Springfield, Mass. has potentially exposed the personal data of 13,000 patients, according to a privacy statement from the patient care organization and a report from MassLive.

New Use Cases Driving Growth in Health Data Exchange through Direct

In an update, DirectTrust reported significant growth in Direct exchange of health information and the number of trusted Direct addressed enabled to share personal health information (PHI) in the third quarter of 2016.

Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.