In the last 24 hours, two high-profile individuals have questioned how news organizations gained information about their COVID-19 test results and raised questions about a potential HIPAA violation.
Only HIPAA-covered entities, including hospitals and medical providers, can breach HIPAA. If a noncovered entity shares medical information with the media, it is not a HIPAA violation. On June 15, Ian Rapoport, an NFL reporter, posted on Twitter that Dallas Cowboys running back Ezekiel Elliott tested positive for COVID-19. Mr. Elliott responded by tweeting: "HIPAA??"
Sports blogging network SB Nation reported that the source of Mr. Rapoport's information is undisclosed, but Mr. Elliott's agent confirmed the diagnosis after being contacted about it.
St. Martinsville (La.) Mayor Melinda Mitchell had a similar experience recently. On June 15, a local newspaper reported that she tested positive for COVID-19 and KLFY, a CBS affiliate, reported that her lawyers are looking into whether HIPAA laws were violated as a result.
The mayor's team reportedly was not the source of the leaked information, and her lawyers said they would take "appropriate action" if HIPAA was violated.
More articles on cybersecurity:
Health systems can use PHI to contact former COVID-19 patients on blood, plasma donation without violating HIPAA: 3 details
10 common reasons for HIPAA violations
MU Health Care reports PHI breach due to affiliated students' email accounts