When Jason Pierre-Paul suffered a gruesome fireworks mishap during the 4th of July last year, it was big news in the NFL. His exact condition was kept in the dark for a while, and reporters were racing to get the first scoop. After ESPN and Adam Schefter obtained Pierre-Paul’s medical records, which proved finger amputation, they tweeted a photo of them to millions of followers. Pierre-Paul filed a lawsuit, alleging invasion of privacy, Health Insurance Portability and Accountability Act (HIPAA) misconduct, and is in violation of Florida statute § 456.057, which protects against disclosure of private information.
ESPN obtained medical charts that show Giants DE Jason Pierre-Paul had right index finger amputated today. pic.twitter.com/VI5cbS1uCw
— Adam Schefter (@AdamSchefter) July 8, 2015
The lawsuit, which was filed in February, has been allowed to move forward by Miami federal judge Marcia G. Cooke. It seeks $15,000 in damages, not including excess fees, and could cost ESPN a hefty sum in defending itself. ESPN is saying that it was a matter of public concern, and therefore were within their rights to tweet the medical records. We’ve all heard of doctor-patient confidentiality, but what exactly does HIPAA protect?
what is hipaa?
The act, which was passed in 1996, and guarantees privacy of your medical records, for the most part. We say for the most part because there are some entities which do not have to oblige by the rules which HIPAA lays out. Those rules, which were made into law six years after the initial enactment of HIPAA, state that appropriate guards and limits need to be in place to protect patient privacy, and that their information only be released under very special circumstances. Here are the entities that don’t have to follow these rules:
- Life insurers
- Workers compensation carriers
- Most schools and school districts
- Many state agencies like child protective service agencies
- Most law enforcement agencies
- Many municipal offices
Employers are a special case; while they are allowed to request medical information from you, they are not allowed to do so through your provider, unless you give your provider permission to release your records. Most of us have probably had to provide a doctor’s note for an absence, or given other medical information for wellness programs and health insurance. However, they are not allowed to give that information to other people.
Pierre-Paul’s situation is even more unique because he is in the public spotlight, and there are those who argue that his well-being is a matter of public interest. Beyond that, many have noted that ESPN is likely not subject to HIPAA because the act only covers medical personnel, not journalists or their parent companies.
what’s florida’s law regarding medical record privacy?
The statute cited by Pierre-Paul’s attorneys basically says that those not involved with a patient’s care are not allowed to have said patient’s records. However, it bears repeating that neither Schefter nor ESPN actively sought Pierre-Paul’s records; they just reported on what was given to them.
There are certainly ethical concerns here; Schefter probably shouldn’t have released Pierre-Paul’s medical records, especially without his permission. Schefter has expressed in an interview that he doesn’t think what he did was wrong, but the way he did it could have been different. The hospital staff whom leaked the records were subsequently fired, as they are subject to HIPAA violations. In the end, it’s unlikely that he or ESPN will be found guilty of the alleged violations, but as previously stated, the attorney fees is what will likely cost them the most.