HIPAA compliance and the NFL (National Football League)

Featured image

Share this article

HIPAA Compliance and NFL (National Football League) - Paubox

The National Football League (NFL) has endured several high profile incidents around HIPAA compliance and the protected health information of its players.

With 32 teams and up to 53 players on each team, the league, its owners and coaching staff are responsible for the PHI of nearly 1700 athletes. This post is about HIPAA compliance and the NFL.

Thousands of Medical Records Stolen from Trainer’s Car

Last year the NFL reported that thousands of players’ healthcare records were breached after a laptop was stolen from the car of a Washington Redskins trainer.

The stolen medical records encompassed 13 years of current and former players’ protected health information (PHI).

In an official statement from the NFL to the players’ union, NFLPA Executive Director DeMaurice Smith said:

Men,

It has come to our attention that the backpack belonging to a Washington Redskins’ athletic trainer, was stolen from a car following a break-in. We have been advised that the backpack contained a password protected, but unencrypted, laptop that had copies of the medical exam results for NFL Combine attendees from 2004 until the present, as well as certain Redskins’ player records. We have also been advised that the backpack contained a zip drive and certain hard copy records of NFL Combine medical examinations as well as portions of current Redskins’ player medical records. It is our understanding that our Electronic Monitoring System prevented the downloading of any player medical records held by the team from the new EMR system.

The NFLPA has consulted with the U.S. Department of Health and Human Services regarding this matter. The NFLPA also continues to be briefed by the NFL on how they intend to deal with both the breach by a club employee, the violation of NFL and NFLPA rules regarding the storage of personal data, and what the NFL intends to do with respect to notifying those who may be affected. We will keep you apprised of what we hear from the team and League.

All inquiries regarding this matter should be directed to the NFL Management Council lawyers (212-450-2000) and/or the Washington Redskins (703-726-7000).

Thank you,

De

What’s interesting to note in the letter is the admission that although the stolen laptop was password protected, its hard drive was not encrypted.

There are numerous HIPAA fines already on record around stolen laptops and unencrypted hard drives:

The messaging from the U.S. Department of Health & Human Services (HHS) is crystal clear: Password protection is not enough for HIPAA compliance and laptops. You must also encrypt the hard drive.

It will be interesting to follow this story as the HHS conducts its investigation.

SEE ALSO: Free Disk Encryption for Mac OS

SEE ALSO: Free Windows Encryption tools for HIPAA Compliance

Hospital Violates HIPAA after NFL Medical Record Tweet

In 2015 an employee at Jackson Memorial Hospital reportedly leaked PHI of Jason Pierre-Paul, the defensive lineman star for the New York Giants, to an ESPN reporter. That reporter, Adam Schefter, then tweeted his medical record online.

The tweet above confirmed that Pierre-Paul had his right finger amputated at the hospital, a surgery attributed to a July 4 fireworks accident. The injury allegedly led to the New York Giants pulling Pierre-Paul’s $60 million contract.

Pierre-Paul has since sued Adam Schefter and ESPN.

It will also be interesting to see what happens to the employee who leaked the protected health information and the hospital they work(ed) at.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022