Senior Communications Manager
Kirk Nahra Discusses HIPAA and Data Security Issues Related to Theft of NFL Players’ Medical Records
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a HealthcareInfoSecurity.com article focusing on the recent theft of a laptop computer containing medical information of National Football League players. The laptop contained players’ medical exam results and other records; though health information was apparently involved, the article points out the incident appears to be outside the regulatory range of the Health Insurance Portability and Accountability Act (HIPAA).
“It is unlikely HIPAA is relevant,” said Mr. Nahra. “A football team isn’t a covered health care provider, and I doubt this involved the team ‘health plan,’ certainly for players that are not on the team. So this is an issue of the HIPAA gaps, where HIPAA does not apply to all medical information but only to certain information in certain contexts when held by certain people.”
Because the incident involves medical records dating back more than a decade, the issue of data retention policies was also addressed in the story. “Why would 10-year-old medical information about players, most of whom are not on your team, ever still be retained on a laptop like this?” Mr. Nahra asked. “It may not be a legal issue, but it certainly raises this data management question for any kind of business entity.”
To read the complete article, please click here.