When a public figure like Damar Hamlin is injured and 23 million people are watching, does he have any HIPAA privacy rights left?
We watched in real time as medics and doctors assisted Damar on the field, and then we heard medical updates later that day and as the days went by. Why was this information public? Who made the decisions about when and what to disclose – was it the media, the NFL, the hospital or Damar’s family? Does it matter?
A shocking injury like this grabs the public’s attention. There was a huge outpouring of grief, compassion and concern nationwide among football fans and non-fans. A big swath of the public is invested and interested in football and even if we don’t watch it all the time – it’s undeniably part of this country’s popular culture.
The NFL disseminates massive amounts of public information about the games and the players, and much of it is personal because fans are invested in the players, and are curious. NFL players surrender a certain amount of privacy in their contracts in exchange for their employment in the public arena. But when it comes to medical privacy, HIPAA governs what healthcare providers can disclose, not the NFL contract.
The HIPAA Privacy Rule Sets the Stage
The fundamental rule is that covered entities may not disclose an individual’s protected health information (PHI) without authorization to anyone except the individual to whom it belongs. There are three exceptions, namely, it may be used or disclosed for purposes of treatment, payment or health care operations.
The NFL is not a covered entity so it is not governed by HIPAA. News media outlets are not covered entities and are not governed by HIPAA. There are other state privacy laws, and as mentioned, there is likely a contract that outlines how publicity and privacy will be handled for an NFL player by his employer.
So all the initial news reports from various news outlets covering the game did not violate HIPAA when reporting information they received from the Buffalo Bills organization or the NFL. The Bills and the NFL did not violate HIPAA because they are not covered entities either. HIPAA only applies to the doctors, the medics and the hospital.
Celebrities Have the Same Rights to Medical Privacy as the Rest of Us
Although hospital spokespersons and treating physicians generally are the ones speaking publicly about the patients’ medical condition, they are doing so strictly in line with an authorization provided by the patient. It is never appropriate for a health care provider to reveal more than what has been authorized.
The reason we’ve been hearing details about Damar Hamlin’s condition is likely because he and his family chose to allow the information to be disclosed. In the beginning he was unable to communicate, so a family member or close friend may have been serving as his personal representative and gave the authorization on his behalf.
From the time of his injury on January 2 until today, January 10, University of Cincinnati Medical Center regularly gave press conferences to update the public about Damar’s condition, and likely did so because Damar (or his personal representative) had consented to, or authorized these updates. By January 8, Damar was tweeting his own messages to fans, including pictures of himself in recovery. He has the freedom to do that because he may choose to share information about himself without violating HIPAA.
Key Takeaway about HIPAA and Celebrities
Because someone is in the public eye does not mean the public is entitled to private medical information about them. We learned details about Damar Hamlin’s condition because he consented to our learning about it.