NFL players' medical records on stolen unecrypted laptop

Medical records for most players in the NFL were taken in the theft of a backpack from a Washington Redskins athletic trainer, which contained an unencrypted laptop and paper records, according to a report by Deadspin.

The NFL Players Association notified players in an email that called the incident a "violation of NFL and NFLPA rules regarding the storage of personal data." The NFLPA has reported the matter to the U.S. Department of Health and Human Services.

The laptop contained medical exam results for NFL Combine attendees from 2004 to the present, which would include most current NFL players, according to Deadspin, as well as records for certain Redskins players.

The Redskins told Deadspin the theft occurred April 15 in Indianapolis, where the window of the athletic trainer's locked car was broken and the backpack taken. The team said, however, that no Social Security numbers, protected health information (PHI) under HIPAA or financial information were stolen.

The NFLPA email asked the NFL about its plans to handle the situation.

According to Deadspin, because the combine is considered a league event, protection of those records likely will fall on the NFL. In the past, the article notes, HHS has disagreed with the NFL's argument that athlete medical records are "employment records," writing in a previous case that "[n]o class of individuals should be singled out for reduced privacy."

Last summer, the medical record of New York Giants defensive end Jason Pierre-Paul, who had his right index finger amputated following a mishap with fireworks, was tweeted out by ESPN NFL reporter Adam Schefter. Pierre-Paul had been treated at Miami-based Jackson Health System. In February, a nurse and a secretary at the hospital were fired for accessing the record, the Miami Herald reported.

To learn more:
- read the Deadspin article
- here's the Miami Herald piece