Thousands Of NFL Players' Medical Records Stolen From Skins Trainer

Barry Petchesky | Deadspin | June 1, 2016

In late April, the NFL recently informed its players, a Skins athletic trainer’s car was broken into. The thief took a backpack, and inside that backpack was a cache of electronic and paper medical records for thousands of players, including NFL Combine attendees from the last 13 years. That would encompass the vast majority of NFL players, and for them, it’s a worrying breach of privacy; for the NFL, it’s potentially a costly violation of medical privacy laws.Last month the league alerted the players’ union to the theft.

The circumstances of the car break-in are unclear (Update: see Skins’ statement below), and the players whose medical records were stolen haven’t been informed whether the NFL believes the thief knew what was in the backpack or how to get around the password protection. (The hard copies of the records, obviously, have no protection.) In terms of the NFL’s legal liability—the breach appears to be the NFL’s legal responsibility rather than the Skins’, and we’re told the league is handling investigation of the incident—the final destination of the records doesn’t matter.

Though it was a Washington club employee whose copies were stolen, the records are those of attendees of the NFL Combine. It’s widely understood that the Combine, though operated by a private company, is a league event, involving prospective league employees, and the records are those of current and former players from among all the NFL’s teams. It is thus likely that it is the NFL’s responsibility to protect those records, and the NFL’s obligation to make sure that anyone who has access to them observes federally and locally required medical privacy standards...