HIPAA and Jason Pierre-Paul’s Medical Chart – Setting the Record Straight

Daniel O'Brien
Benesch
Contact
LinkedIn
Facebook
X
Send
Embed

Last night, ESPN reporter Adam Schefter tweeted a photo of New York Giants defensive end Jason Pierre-Paul’s medical chart, which chart indicated that Pierre Paul had his index finger amputated. The amputation was apparently the result of a fireworks accident on the Fourth of July. Prior to the Schefter’s report of the amputation, the injury was already a major offseason story for the NFL, as Pierre-Paul is a pro-bowler, and initial reports indicated that the New York Giants withdrew an outstanding $60 million contract offer as a result of the Fourth of July injury.

Football aside, the Pierre-Paul story is yet another example of a celebrity patient’s medical information being disclosed to the media. Right now, the internet is ablaze with news stories and comments suggesting that Adam Schefter and/or ESPN violated HIPAA by posting a copy of Pierre-Paul’s medical chart. Despite the public outcry, this view highlights a fundamental misunderstanding of HIPAA and its prohibitions. Adam Schefter and/or ESPN are not the ones that should be concerned about a HIPAA violation – the hospital and its employee(s) that leaked Pierre-Paul’s medical chart, however, should be.

At its most basic level, HIPAA provides certain federal protections for protected health information (“PHI”) held by covered entities and their business associates. The definition of a “covered entity” includes health care providers, health plans, and health care clearinghouses. See 45 C.F.R. 160.103. A “business associate,” in turn, is generally defined to include a person or entity that creates, receives, maintains or transmits PHI on behalf of a covered entity. Id.

Clearly, neither ESPN nor Adam Schefter constitutes a covered entity or business associate. Absent evidence of a conspiracy with hospital employees to obtain the documents in violation of HIPAA, ESPN and Adam Schefter should be in the clear with respect to HIPAA. On the other hand, unless Pierre-Paul appropriately authorized the disclosure of his medical chart, the hospital and its employee(s) that leaked the medical chart to Adam Schefter could face significant civil and/or criminal penalties in connection with a HIPAA violation.

It is also important to note that although HIPAA does not authorize a private right of action (meaning that only the Department of Health and Human Services Office of Civil Rights or State Attorneys General can enforce HIPAA), private individuals have had some success with lawsuits alleging state law privacy violations that utilize HIPAA to establish the standard of care.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Benesch | Attorney Advertising

Written by:

Benesch
Benesch
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Benesch on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide