Report: NFL Players’ Medical Records Stolen from Trainer’s Car | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: NFL Players’ Medical Records Stolen from Trainer’s Car

June 2, 2016
by Rajiv Leventhal
| Reprints
Click To View Gallery

Thousands of National Football League (NFL) players’ paper and electronic medical records dating from 2004 were stolen from a Washington Redskins’ trainer’s car earlier this year, according to a report from sports and news media site Deadspin.

According to an email obtained by Deadspin that was allegedly sent on May 27 by NFL Players Association (NFLPA) Executive Director DeMaurice Smith to each team’s player representatives, “In late April, the NFL recently informed its players, a [Redskins] athletic trainer’s car was broken into. The thief took a backpack, and inside that backpack was a cache of electronic and paper medical records for thousands of players, including NFL Combine attendees from the last 13 years. That would encompass the vast majority of NFL players, and for them, it’s a worrying breach of privacy; for the NFL, it’s potentially a costly violation of medical privacy laws.”

The Washington Post confirmed the Deadspin report. In a statement, per the Post story, the Redskins team said that the theft occurred mid-morning on April 15 in downtown Indianapolis, “where a thief broke through the window of an athletic trainer’s locked car. No social security numbers, Protected Health Information (PHI) under HIPAA, or financial information were stolen or are at risk of exposure.”

The statement from the Redskins also attested that the team is working with the NFL and NFLPA to locate and notify players who may have been impacted. The statement continued by noting that the laptop was password-protected but unencrypted, but they have no reason to believe the laptop password was compromised. The NFL’s electronic medical records system was not impacted, the statement said.

The Deadspin report further notes that the NFL Combine, “though operated by a private company, is a league event, involving prospective league employees, and the records are those of current and former players from among all the NFL’s teams. It is thus likely that it is the NFL’s responsibility to protect those records, and the NFL’s obligation to make sure that anyone who has access to them observes federally and locally required medical privacy standards.”

The report’s authors mention that because the NFL is not a covered entity under HIPAA, the law wouldn’t apply directly to the league. The U.S. Department of Health and Human Services (HHS) website verifies that health plans, healthcare providers, and healthcare clearinghouses are the groups that are covered by the privacy rule, and are subject to penalties if they release medical information without the patient’s consent. Rather, in this case, “any potential litigation would likely take place on the state level, where courts routinely cite HIPAA standards,” according to Deadspin.

Topics

News

NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.