National Football League

NFL could be in big trouble after thousands of players' medical records stolen

Published Jun. 1, 2016 3:06 p.m. ET

share

facebookxredditlink

foxsports

The NFL could be facing a large, multi-faceted legal battle thanks to the theft of a backpack containing the unencrypted medical files of thousands of current, former and prospective NFL players.

Deadspin's Barry Petchesky reports that NFL Players Association executive director DeMaurice Smith sent out an email on May 27th explaining the recent and unprecedented breach of security.

Smith wrote that a thief broke into the car of an unnamed Washington Redskins athletic trainer and made off with a backpack containing the physical and electronic medical records of Redskins players as well as the records of thousands of players from every NFL Combine since 2004:

It has come to our attention that the backpack belonging to a Washington Redskins' athletic trainer, was stolen from a car following a break-in. We have been advised that the backpack contained a password protected, but unencrypted, laptop that had copies of the medical exam results for NFL Combine attendees from 2004 until the present, as well as certain Redskins' player records. We have also been advised that the backpack contained a zip drive and certain hard copy records of NFL Combine medical examinations as well as portions of current Redskins' player medical records.

Where this gets bad for the NFL is the NFLPA's followup investigation and the potential aftermath.

According to Smith, the data's lack of protection is in direct conflict with the league's agreement with the NFLPA on medical record safeguarding and preservation.

The NFLPA has consulted with the U.S. Department of Health and Human Services regarding this matter. The NFLPA also continues to be briefed by the NFL on how they intend to deal with both the breach by a club employee, the violation of NFL and NFLPA rules regarding the storage of personal data, and what the NFL intends to do with respect to notifying those who may be affected. We will keep you apprised of what we hear from the team and League.

It's unclear if the records were intentionally targeted by the thief. It's also unknown whether the medical records have since switched hands.

What is possible, however, is that the NFL, not the Redskins, will be deemed legally responsible for the protection of these documents, as they were put together in conjection with the league's annual Combine (the NFL Combine is operated by National Football Scouting, an independent company, but, as Petchesky notes, it is considered "a league event"). As such, the NFL could potentially face state-level legal recourse for the improper storage of employees' medical documents in their care.

The real question is how far the NFLPA will press the league on the breach and the exact burden of liability the NFL can be held to as presumed guardian of players' medical documents. 

But rest assured, this is a large and unprecedented breach of sensitive personal documents, and could be a big thorn in the league's side from a financial and bargaining perspective.

Dan is on Twitter. Who just walks around with 12 years of other people's medical records?

share

Get more from National Football League Follow your favorites to get information about games, news and more

in this topic

National Football League