Privacy has rarely been a luxury afforded to some of the best professional athletes in the world.
Many have to fight through swarms of press and paparazzi before sitting down to have a meal at a restaurant. Athletes are constantly under a microscope and deal with violations of their privacy repeatedly.
But what happens when these invasions of privacy might violate federal laws? For example, when an athlete’s independent medical history under the Health Insurance Portability and Accountability Act of 1996, better known as HIPAA, becomes public?
Dallas Cowboys star Ezekiel Elliott became the subject of many HIPAA conversations around the sports world when it was reported that he had tested positive for COVID-19, news that, according to Elliot, was released to the public without his knowledge.
HIPAA required national standards to be put into place to protect against a patient’s sensitive health information being leaked to another party by medical professionals and medical record keepers without the patient’s consent.
Under normal circumstances, physicians and healthcare workers could not release someone’s medical information unless authorized by the patient or required by a public health authority. That’s why the first thing your doctor asks new patients to do is to sign is a HIPAA consent form. That allows your doctor the freedom to disclose your health information to others in order to effect treatment.
Such regulations do not apply to team physicians or trainers employed by an organization or franchise. These medical officials are not subject to HIPAA, but to their employer.
“Usually the team physician is not covered by HIPAA as it relates to the team,” said Lynn Sessions, a partner at BakerHostetler and a healthcare privacy law expert for more than 25 years. “That would essentially be within an employment context that the team physician is providing care to the player, so as it relates to the employer that is a different kind of relationship.”
Athletes though, agree to share health information with their employer (even if the athlete visits an independent medical professional) when they sign a contract with a team. The reason we know so much about these athletes’ injuries on any given day is that once the information is provided to the organization through the athlete, or through the team physician, the organization is free to publicize it. Pro sports teams are not covered entities under HIPAA. Rather, they are merely considered employers. But should they be? After all, teams employ doctors and other health professionals and handle employee medical information in a way other employers don’t.
“A player can authorize the release of their information,” said Luke Fedlam, Head of Sports Law at Porter Wright and Morris LLP and Founder of Anomaly Sports Group. “But when you look at player contracts, there are provisions that say that a player is going to agree to provide the team, coach, trainers, physicians, etc., any notice of injury or illness or medical condition that they’ve suffered.”
Fedlam says these injuries or conditions are usually reported to the player’s agent and then disseminated to the team. Once that happens, information can now be leaked to the media or public without violating HIPAA. But Fedlam doesn’t think all such situations are that cut and dry.
“There are different ways that you can look at information coming to light,” said Fedlam. “If the player goes to receive independent private medical treatment and that information solely rests with that doctor that healthcare system or that hospital and doesn’t share that information with the team or authorize the sharing of that information to anyone else then that information should really stay private.”
And he’s right. Especially, when we are in the midst of a global pandemic that has cost over American 125,000 lives and has the potential to stop multi-billion dollar sports leagues from resuming play this year.
Let’s take a look back at just a few weeks ago when news broke about Elliott’s coronavirus diagnosis. Elliott took to Twitter after his diagnosis was reported and denied that his agent broke the story to the media, speculating as to whether his HIPAA rights were violated.
It’s not the first time a prominent NFL player’s HIPAA rights have been called into question.
In 2015, former New York Giants pass rusher Jason Pierre-Paul lost a portion of his right hand after a Fourth of July firework accident, leading to the amputation of one of his fingers.
Following Pierre-Paul’s incident, ESPN’s Adam Schefter acquired a picture of the defensive end’s medical chart which he then posted to Twitter.
The Giants did not know about Pierre-Paul’s injury until it was first reported by Schefter on Twitter. Schefter is not subject to HIPAA regulations because he is not a healthcare professional. But the physician or health worker who provided the information likely was in violation of HIPAA laws.
Pierre-Paul sued ESPN, alleging Schefter had violated his privacy by posting his medical chart on social media. The lawsuit stated that both Schefter and ESPN showed “blatant disregard for the private and confidential nature of plaintiff’s medical records, all so Schefter could show the world that he had ‘supporting proof’ of a surgical procedure.”
In February 2017, both parties agreed on a settlement, the terms of which were not disclosed.
There has been no record of Pierre-Paul suing Jackson Memorial Hospital, but two workers there were fired in February of 2016 for inappropriately accessing his medical records. If Pierre-Paul were to sue the hospital, it would likely have to be under privacy grounds, as no private right of action exists under HIPAA.
“Reporting something to the media outside of all of those proper channels is not appropriate,” said Sessions.
“We used to see a lot in California with celebrities when they would go into the hospital,” continued Sessions. “There was information released about them that was without permission, so the state of California took some pretty significant action at that point to make it be higher penalties to healthcare employers who released that type of information without the permission of the patient.”
In recent years, California amended its Confidentiality of Medical Information Act (CMIA) under former Governor Jerry Brown, which forced employers to protect the security and privacy of employee health information that wasn’t covered under HIPAA.
In 2002, the U.S. Department of Health and Human Services attempted to put to rest any debate as to whether or not a public figure’s medical records should be kept private or made accessible to the public. According to the Health Works Collective, the department decided to reinforce its policies and released a statement saying, “No class of individuals should be singled out for reduced privacy.”
Elliott could find himself in a similar position as Pierre-Paul and pursue litigation against the physician and/or medical facility where he was tested for the coronavirus. But again, any litigation would have to come under general privacy law or a specific state statute, not HIPAA.
The same would go for any athlete who has sought independent treatment away from his or her organization and felt that their privacy had been unlawfully violated.
Even though athletes are public figures, they still have the right to privacy, especially when it comes to their health. And as legalized sports gambling sweeps across the nation, this information will become more important to people looking for intel.
Unfortunately for professional athletes, how much privacy they maintain is still up in the air.