December Issue of AIS’s Report on Patient Privacy Covers Case of Alleged HIPAA Violations at a N.M. Medical Center

Share Article

December issue of Report on Patient Privacy offers analysis of a case involving allegations of medical malpractice, civil rights violations, battery, false imprisonment and more at a New Mexico medical center.

Allegations laid out in a federal suit filed in the U.S. District Court in New Mexico against Gila Medical Center in Silver City, N.M., and two of its physicians, along with a handful of local police and sheriff’s deputies and a deputy district attorney, tell of an incident in January in which, according to court records, a man suspected of hiding drugs, including three enemas, abdominal X-rays and a colonoscopy under anesthesia, at Gila Medical Center. The December issue of Atlantic Information Services, Inc.'s (AIS) Report on Patient Privacy (RPP) offers analysis of the case by Health Insurance Portability and Accountability Act (HIPAA) experts on the potential privacy violations the medical center may be liable for and guidance about what covered entities (CEs) can versus must do when faced with law enforcement demands or requests.

The case, Eckert v. City of Deming, et. al. (Case 2:13-cv-00727-CG-WPL), has baffled even longtime HIPAA experts. Jeff Drummond, a partner with Jackson Walker LLP in Dallas, tells RPP that the alleged police demands were “pretty amazing” and went beyond what any of his medical clients have faced. The actions of the hospital, if claims are true, may have violated HIPAA in several ways as well as abrogated medical consent requirements, he says. HIPAA permits certain disclosures to law enforcement officials, but these are mainly for the purpose of identifying a victim of a crime, a suspect or a missing person, he says. CEs “can refuse and should refuse” to share PHI and provide any services for which a competent adult has not consented, or if the CE doesn’t have something that substitutes for that consent — such as a search warrant, subpoena or the word of a parent or legal representative in the case of a minor, Drummond continues.

Further, CEs are required under HIPAA to take other steps to make sure the person wanting the PHI is authorized to receive it. As the HHS Office of Civil Rights states, “[I]f the law enforcement official making the request for information is not known to the covered entity, the covered entity must verify the identity and authority of such person prior to disclosing the information.”

Visit to read the article in its entirety, including an example of a policy a different hospital has in place for sharing PHI with law enforcement.

About Report on Patient Privacy
Report on Patient Privacy is the health industry’s #1 source of timely news and business strategies for safeguarding patient privacy and data security. Published for hospitals and other providers, health plans and other HIPAA-covered entities and business associates, the 12-page newsletter focuses on privacy issues that can result in huge fines, penalties and public relations nightmares, including: security breach notification; business associate relations and agreements; and new federal privacy rules for marketing, fundraising, privacy notices, minimum necessary, patient rights and safeguarding privacy in EHRs. Visit for more information.

About AIS
Atlantic Information Services, Inc. (AIS) is a publishing and information company that has been serving the health care industry for more than 25 years. It develops highly targeted news, data and strategic information for managers in hospitals, health plans, medical group practices, pharmaceutical companies and other health care organizations. AIS products include print and electronic newsletters, websites, looseleafs, books, strategic reports, databases, webinars and conferences. Learn more at

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jill Brown, Executive Editor
Atlantic Information Services
+1 (202) 775-9008 Ext: 3058
Email >
since: 01/2011
Follow >
since: 01/2011
Like >
Atlantic Information Services, Inc.

Visit website