With over 7,000 retweets and 3,000 favorites in mere hours, ESPN reporter Adam Schefter’s tweet has prompted a backlash about personal privacy. Many are asking if the content is considered PHI and covered under HIPAA. Many believe the ethics of the tweet are questionable regardless. We felt it helpful to explain the situation through the lens of our HIPAA expertise. Spoiler: This is most likely not a breach of HIPAA regulations.
HIPAA Does NOT Apply to the News Media
As the federal Act states, news media entities are not directly impacted by HIPAA unless the employer serves as a healthcare provider by offering some sort of medical benefit or if a member of media publication was working for a covered entity. Members of the media are permitted to request what is referred to as “Directory Information” if they request the patient’s information by name and the patient has not opted out of the directory. Directory information includes, and is limited to, the name, location on site, and general condition. Media will be unable to get specifics about a patient unless the patient discloses of their own notion, or the patient has given written authorization to the covered entity to publicize their PHI.
Unless Schefter planned a heist to break into the hospital and steal Jason Pierre-Paul’s records, ESPN and Schefter are in the clear from HIPAA legalities because there is nothing unlawful for a reporter to merely do the job of receiving and relaying actionable news items.
The true felonious actions will lie with the clinicians or the institution if the records were shared without consent from Pierre-Paul prior to the leak.
Thanks to the dawn of social media and ease at which information is spread in the modern age, the topic of what holds up to ethical standards and who should face the legalities of HIPAA will be a debate waged for years to come. Just note that there is a difference between what is legal and what is ethical.
Have questions or thoughts? Let’s talk about them! Tweet us at @daticahealth.