Report: Apple Board Should Disclose Jobs’s Liver Transplant On His Return

| Apple Stock Watch

Apple's board of directors should disclose the liver transplant CEO Steve Jobs reportedly underwent on his return to the company, according to a corporate governance expert cited by Bloomberg. Apple is not required to make such a disclosure while he is on a six-month medical leave of absence, which began in January of 2009, but upon his return that could change.

"In the interests of transparency, I think it would be necessary for them to disclose something as serious as a liver transplant," Charles Elson, director of the John L. Weinberg Center for Corporate Governance at the University of Delaware, told Bloomberg. "Investors want to know if he's healthy and if he can continue to run the company."

Mr. Jobs took his leave in January citing a nutritional issue that had caused him to lose weight. Speculation over that weight loss and the pancreatic cancer he had battled two years before became a major issue in both the mainstream press and among analysts, Mr. Jobs stepped down in order to remove himself from the limelight and focus on his health.

Since then, Apple COO Tim Cook has handled day-to-day operations of the company, while Mr. Jobs stayed involved with major product decisions. In May, he attended a meeting of the board of directors, marking his first public return to Apple's campus since his leave began.

Also since then, Apple has released several product upgrades -- on time and as expected -- and successfully executed the biggest World Wide Developer Conference in the company's history without Mr. Jobs at the helm. The company also delivered a solid March quarter and is currently expected to be in line with estimates for the June quarter

Perhaps more important from a corporate governance standpoint, the stock has risen from US$85.33 per share the day he announced his leave to $137.65 per share as of this writing. That's a gain of 61.3% for those doing the math at home, which could well make it difficult for shareholders to mount any kind of challenge to the way Apple's board of directors has handled the situation.

In the meanwhile, Mr. Jobs's six month leave ends in the next week or two, and Apple's only official line has been that Mr. Jobs will return to work at the end of June.


Bosco (Brad Hutchings)

I wonder what Bloomberg thinks about whether TLC has a responsibility to announce whether Jon and Kate are getting a divorce or whether Mikey is leaving OCC.


If SJ permits and is willing to talk about it, yes, but HIPPA regs may contravene what these “experts” think. The board can’t just openly discuss his medical condition and surgery, if any, without serious risk of violation of his medical privacy. The WSJ by printing the article has profited from stolen information. The do not have a signed release from him giving them permission to disclose this publicly, much less use it to sell papers.

Does it rise to the level of a felony? I’m not sure. But accessory to a crime is a pretty good description of what they did considering they use it for commercial purposes and not some benevolent cause. Whether he decides to press the issue will be an important focus to watch. He’s not one to shy away from confrontation.


One big assumption that they are making is that SJ will return as CEO. Personally I think he will return and shortly the board will announce that Jobs is now Design Overlord or some such thing and will appoint a new CEO to take over day to day operations. I’ve gotten the impression that SJ really would like to pull back from the regular daily management squabbles and new product announcements, to concentrate on the big idea, high concept, strategic management part of the company.

Lee Dronick

Reuters is reporting that Steve was at Apple today


HIPAA notwithstanding, an investor invests in a company, it’s brand(s), it’s products and it’s people.

If I run a sports team, I need to know the state of health of my players. Apple shareholders are the team owners and as such have some rights when it comes to the ability to perform of it’s star players. This doesn’t mean we have to know that someone in accounting is having gall bladder surgery, but when that person has a material affect on the company, then I believe there is a right to know something about what’s going on. Should Mr. Jobs step down permanently, then it really is none of our business.

Tiger is in a lather that the Wall Street Journal is somehow criminally liable for it’s report. But the fact is, even the person who leaked the information is necessarily in danger of prosecution. In 2005, the Department of Justice (DOJ) outlined limits on the criminal enforcement of the privacy portions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Wall Street Journal in this case is not a “covered entity” and thus may not be prosecuted. Here’s an article about the DOJ memorandum from a Wiley Rein LLP newsletter called Privacy In Focus.

Here is the memorandum in question from the DOJ called SCOPE OF CRIMINAL ENFORCEMENT UNDER 42 U.S.C. section 1320d-6.


You might want to reread that article.  In particular, the section reading, “The statute prescribes criminal sanctions only for those violations of the standards that involve the disclosure of “unique health identifiers,” id. ? 1320d-6(a), or of “individually identifiable health information,” id., that is, that subset of health information that, inter alia, “identifies the individual” or “with respect to which there is a reasonable basis to believe that the information can be used to identify the individual,” id. ? 1320d(6). More specifically, section 1320d-6(a) provides:

  A person who knowingly and in violation of this part?
  (1) uses or causes to be used a unique health identifier;
  (2) obtains individually identifiable health information relating to an individual; or
  (3) discloses individually identifiable health information to another person, shall be punished as provided in subsection (b) of this section.

Id. ? 1320d-6(a). Subsection (b) sets forth a tiered penalty scheme. A violation of subsection (a) is punishable generally as a misdemeanor by a fine of not more than $50,000 and/or imprisonment for not more than one year. Id. ? 1320d-6(b)(1). Certain aggravating circumstances may make the offense a felony. Subsection (b)(2) provides for a maximum penalty of a $100,000 fine and/or five-year imprisonment for violations committed under false pretenses. Id. ? 1320d-6(b)(2). And subsection (b)(3) reserves the statute’s highest penalties?a fine of not more than $250,000 and/or imprisonment of not more than ten years?for those offenses committed “with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm.” Id. ? 1320d-6(b)(3).”

Continue reading Section II. A., and you’ll see that the ‘covered entities’ described earlier in the statute are not the same as ‘a person who’ described in the quoted section.  The WSJ and its source, fully fit the description of people liable for criminal penalties, and may even fall afoul of 1320d-6(b)(3).  (“intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm.”



Nice job with the scary penalties. But I feel pretty confident that the Wall Street Journal’s lawyers understand HIPAA pretty well.

I my earlier post I meant to say that “even the person who leaked the information (to the Wall Stree Journal) is *NOT* necessarily in danger of prosecution. I didn’t mean that you had to be a person. It’s clear that entities (companies etc.) can violate the act. In fact it’s mostly entities. But most specifically NOT news entities.

Ok so let me pick apart the DOJ memo…

In that same section II A Voice mentions it goes on to say “Section 1320d-1(a) makes clear that the standards promulgated under Part C apply only to covered entities” They then go on to quote the relevant text: “Applicability. Any standard adopted under this part shall apply, in whole or in part, to the following persons: (1) A health plan. (2) A health care clearinghouse. (3) [Certain] health care provider[s.]”

Then it states specifically that a note in 42 U.S.C. section 1320d-2"HIPPA applies only to ‘covered entities,’ such as health care plans, providers, and clearinghouses. HIPAA regulations therefore do not apply to other organizations and individuals that gain access to protected health information . . . .”

Oh hell let me just copy and paste the rest of the paragraph:

And these provisions require only “each person to whom the standard or implementation specification applies”?i.e., the covered entities?to comply with it. Id. section 1320d-4(b). Because Part C makes the standards applicable only to covered entities and because it mandates compliance only by covered entities, only a covered entity may do one of the three listed acts “in violation of this part.” Other persons cannot violate Part C directly because the part simply does not apply to them. When the covered entity is not an individual, principles of corporate criminal liability discussed infra will determine when a covered entity has violated Part C and when these violations can be attributed to individuals in the entity.

So yes, an entity can violate the act, but I contend that the Wall Street Journal, The Mac Observer and Ctopher “cannot violate Part C directly because the part simply does not apply.”

Am I a lawyer? No.



I still think you’re misreading that document.  For the simplest illustration of that, I ask that you read the summary (right before the signature).

“For the foregoing reasons, we conclude that covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. ? 1320d-6 and that the “knowingly” element of the offense set forth in that provision requires only proof of knowledge of the facts that constitute the offense.”

If only ‘covered entities’ could violate that portion of the HIPPA regulations, the entire phrase, “... and those persons rendered accountable by general principles of corporate criminal liability ...” would be utterly meaningless.



I don’t know if you’re getting hung up on the “entities” vs “persons” but the memo seems to make it clear that “entities” and “persons” can be corporations, groups, -or- individuals.

But I think they state just as clearly that those corporations, groups or persons have to be somehow involved in health care. Lets go back to the tape smile

The first paragraph of the DOJ memo appears to be an executive summary of the memo. An outline of their thesis. In the middle they state:

We conclude that health plans, health care clearinghouses, those health care providers specified in the statute, and Medicare prescription drug card sponsors may be prosecuted for violations of section 1320d-6. In addition, depending on the facts of a given case, certain directors, officers, and employees of these entities may be liable directly under section 1320d-6, in accordance with general principles of corporate criminal liability, as these principles are developed in the course of particular prosecutions. Other persons may not be liable directly under this provision.

(Bold emphasis mine)

The memo then goes on to discuss persons, entities, knowingly etc. But it seems pretty clear. You, me, The Mac Observer, the Wall Street Journal are NOT “health plans, health care clearinghouses, those health care providers specified in the statute, and Medicare prescription drug card sponsors” and thus may not be liable.

I’m pretty sure that this knowledge of Mr. Jobs’ medical condition is newsworthy and thus limits the liability of these media outlets.

While you and I are arguing, LOTS of media outlets are printing and disseminating this information. You think they don’t know the law? I *know* I don’t know the law, I’m just reading a DOJ memo I found using Google. For all I know NOTHING in the memo applies. But I would bet a fair amount that the memo does come into play here. I also feel pretty good in my position and interpretation of that memo given that large media outlets feel free to spread this information far and wide.

But I tell you what, if the Wall Street Journal is brought up on criminal charges, I’ll… well I’ll publicly say I was wrong.


Honestly?  I think most reporters (and editors) are still used to the pre-HIPPA days, and those that bother to think about it are simply betting that the ‘target’ won’t bother to press charges because of the pain involved in the discovery process and trial, during which every little potentially embarrassing bit of information about you that the defense can dig up can be brought up in open court.

As for the sports-team-owner scenario you cited early on, that’s handled by requiring your players to sign contracts allowing you access to, and giving you permission to release their medical information so far as it applies to their ability to perform their jobs.  When HIPPA passed, there was a whole bunch of talk about just that.



I think you’re letter your wishes get in the way of the law.

There’s a document from the state of Ohio thatdefines in many pages what a covered entity is. You’ll not find the Wall Street Journal mentioned.

Check the wikipedia. I mean, if it’s there it *must* be true. Not a statement about the privacy rules covering anyone OTHER than “covered entities”.

Can you find a reference to players signing contracts allowing access to medical information? Read this. It’s about A-Rod and steroids testing.


My wishes have nothing to do with this.  The law in question talks about ‘covered entities’ and ‘person’s.  The term ‘covered entity’ is defined in the law, and the analysis you’ve pointed to directly says that ‘person’ is distinct from that definition.  (That is as expected, if ‘person’ weren’t supposed to be distinct from ‘covered entity’, they wouldn’t have changed terms.  That’s why laws are written they way they are.)

If ‘person’ is not the same as ‘covered entity’, and the law provides penalties for a ‘person’ who violates the law, it obviously doesn’t only apply to the actions of a ‘covered entity’.



Blinders man, take off the blinder and read with an open mind.

Let me repeat one sentence from the DOJ memo:

And these provisions require only ?each person to whom the standard or implementation specification applies??i.e., the covered entities?to comply with it

Note that it uses “person” and “covered entities” in the same sentence. There are only one set of penalties, and they cover both individual persons and companies. But only those companies that have something to do with healthcare.

Now, earlier you stated:

If only ?covered entities? could violate that portion of the HIPPA regulations, the entire phrase, ?... and those persons rendered accountable by general principles of corporate criminal liability ...? would be utterly meaningless.

I believe that the phrase “general principles of corporate criminal liability” indicates that when it’s a corporation that violates the act, you treat it the same way you treat any corporate criminal act. The phrase indicates that not only individuals can be criminally liable under this act but so can corporations.


Now, I believe you were arguing that either the Wall Street Journal as a corporation or the reporter as an individual are potentially guilty of criminal wrongdoing by disseminating the news of Mr. Jobs’ liver transplant without Mr. Jobs’ approval. So individual, corporations, whatever, that’s not the point. The point is I am arguing that the law does NOT apply to either the reporter as an individual nor the Wall Street Journal as a company.

If parsing the DOJ memo is too difficult, I give you the “Association of Health Care Journalists.” These are people who write about health care and have a vested interest in disseminating health information while staying on the right side of the law. In their Tip Sheet entitled “Understanding HIPAA: A brief overview” they state in no uncertain terms:

Covered entities are health plans (including health insurance companies and employer sponsored health plans), health care clearinghouses, and health care providers that engage in defined electronic standard transactions, which generally relate to insurance reimbursement. Examples include hospitals, ambulances/EMTs, private physicians and social workers. The Office of Civil Rights Web site ( provides detailed guidance on who is covered by the law.

The following are NOT covered entities: reporters and editors, police and fire departments (except EMTs), patients and their relatives, clubs and associations (which are not health care providers), and religious organizations (except to the extent they provide health care services).


Seems clear to me.

But what does the department of health and human services say about HIPAA and who needs to watch what they reveal? In their FAQ  they make it clear as well.

You may want the Wall Street Journal to pay, but they’re not liable. Is their source? Maybe, we don’t know, but HIPAA doesn’t extend to the newspaper or it’s reporter. It could not be made more clear.

(Sorry this was 3 posts but TMO would not allow it in one. Too many links?)

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account