Complexities of HIPAA Compliance in a Surgical Center Dispute

This case study delves into a dispute at a surgical center, where a surgeon was terminated for sharing redacted medical records with an external expert after his concerns about patient care were dismissed.

ByExpert Institute


Updated onNovember 13, 2023

Doctor taking notes

Case Overview

In this case study, we explore a complex dispute surrounding HIPAA compliance within a surgical center. A concerned surgeon questioned the quality of patient care provided at the facility, specifically targeting certain procedures.

The surgeon sought an external opinion from a neurosurgeon expert after the practice’s founder dismissed these concerns. For review, he shared redacted medical records.

In response, their employer abruptly terminated them, citing HIPAA compliance violations as grounds for termination. In this case, the question is whether sharing redacted medical records under such circumstances violates HIPAA.

Questions to the EMR expert and their responses


Please describe your professional background in HIPAA compliance.

I am a credentialed health information management and information systems professional with over 15 years’ experience as a Privacy and Compliance Officer.


When is it appropriate and compliant with HIPAA standards for a treatment provider to share redacted medical records with a qualified expert?

The standard for when it is appropriate and compliant for a treatment provider to share redacted medical records with a qualified expert is covered under § 164.514(a) of the HIPAA Privacy Rule.

Generally, a covered entity may use and disclose protected health information (PHI) without their own treatment, payment, and healthcare operations (TPO). TPO includes quality improvement purposes, utilization management, physician and provider credentialing, and other activities that assure appropriate treatment and/or payment.


What are some exceptions to HIPAA standards when patient care concerns arise?

HIPAA provides certain exceptions where disclosure of PHI is permitted without consent, particularly when it pertains to improving patient care or ensuring healthcare quality. However, these exceptions are subject to strict conditions and must be handled with the utmost care.

About the expert

This expert boasts an impressive 30 years of experience in healthcare compliance and electronic health records, underpinned by a strong academic background that includes an MBA and a post-baccalaureate certificate in clinical informatics. They hold certifications in healthcare information and management systems, professional healthcare quality, and are a certified electronic discovery specialist. Their extensive career has seen them serve as the director of medical records and utilization management, director of clinical informatics, and currently as a compliance and privacy officer at a physicians association.

Expert headshot



About the author

Find an expert witness near you

What State is your case in?

What party are you representing?

background image

Subscribe to our newsletter

Join our newsletter to stay up to date on legal news, insights and product updates from Expert Institute.