Business, Legal Drama

Outrageous! “Friends” of Dencia Reveal Liz Garvy Protected and Confidential Medical Records, Linda Ikeji Publishes #Criminal Acts #HIPAA Violation

On the one hand I am honestly dumbfounded about this case I am about to discuss. On the other hand, I am pissed, like really pissed. If such a case walked into my office, I’d be left with no choice but to shut it down i.e. throw a legal grenade on it. Off the hook stuff happening here!

I honestly feel so called “Friends” of Dencia who sent this confidential and protected health information should be locked up while my blogger colleague Linda Ikeji should be slapped on the side of her head and asked “what were you thinking  to publish these documents online? Like are you crazy???!!!”

Beyond potential criminal charges by “friends” of Dencia, depending on what investigations reveal, for their willful acts, which I expect Liz Garvy to aggressively pursue against so called “Friends” of Dencia (not doing so is downright foolish and ridiculous), I wonder why Linda Ikeji and the other bloggers who published the private and protected health information of this  patient along with the charted notes by this patient’s treating physicians, thought it was okay to do so? Forget the civil and criminal liability implications for a second. Isn’t it just  plain common sense that you don’t do this? This is reckless on the part of all bloggers who have done this. On the part of “Friends” of Dencia, this is nothing short of  wicked.

What’s the story?

I logged into my google reader to catch up with news. I subscribe via my google reader to news from my favorite websites and  blogs. Linda Ikeji is one of my favorite blogs. I read her blog regularly, I quote her blog, where applicable, in my writings and link back often. On my even more formal platform,, I have featured and written about her, her model agency, her book and other endeavors, rather extensively, for years now. I also applaud Ikeji’s boldness in bringing a lot of women issues to the forefront that would otherwise be buried. In short,  I  like Ikeji’s online personality, although I have never met her.

As stated, I was catching up with news and specifically clicked my google reader Linda Ikeji tab to read her latest stories and what do I see? A headline that reads,

 ” Liz Gavy had Surgery and we have Proof- Dencia’s Camp”

What followed was not a photo showing over inflated lips or what have you. It was Liz Garvy’s Protected and Confidential Medical Records. As I speak, the records are still visible on my google reader. There are seven documents I see. These documents are intimate and detail Garvy’s medical facility where she was seen for a surgery procedure, the physicians and specialists involve, charted notes taken by both nurses and doctors. I am dumbfounded, absolutely speechless!

Understand this, Linda Ikeji has approximately 1,825 persons that subscribe to her blog via google reader. If I have seen these documents, it means a large percentage of these readers, if not all, have too. Further, even if she were to delete it on her website, the documents and writings stay intact on our google reader page. How outrageous and ridiculous that someone’s medical and protected health information is now revealed to the world? Liz Garvy is not even a celebrity so why was there a need to do this? Even if she was, the law in the USA where the health documents were obtained protects celebrities  from this nonsense.

Further, Linda Ikeji operates a US owned platform, Blogger /Google based in Mountain View California owns, to blog so she along with the people who sent her these documents must comply with and not break US laws.

As an attorney and an officer of the court, for me to get my hands on documents like these, I along with my colleagues need a subpoena. The same holds for law enforcement officers.

How outrageous is this! Unbelievable!


I’ll first discuss the steps that persons in Garvy’s situation should take to deal with a situation like this, and then I’ll discuss the law. Again, if you are in this kind of situation and you do nothing . . . kai! I don’t want to insult anyone so let me leave it alone. But, suffice it to say it would be a foolish act to do nothing. What should you do if this has happened to you?

The legal and medical professions struggle with striking the right balance on when protected health information such as your medical records should be revealed. We believe we have struck that balance. However, the repercussions when your medical information is revealed, especially online and without your consent, can be devastating. It can mean denial of health insurance if you were seeking one, it can mean stigmatization and discrimination depending on if you have a medical health condition: mental health issue, neurological disorders, you are HIV +,  have sexually transmitted diseases, had an abortion or plain cosmetic surgical procedures etc. This in turn can affect your employment,  healthcare, housing and educational opportunities. The stuff is real. Definitely not a laughing matter.

Now that you know, what should you do?

1. Give the bloggers or website  TAKE DOWN NOTICE, effective immediately! They should have less than 24hours to take that mess down! Your team and the blogger’s team should also contact google to take down cached or archived pages on google.  If the bloggers refuse, contact their Internet Service Provider  and get the site shut down. It is not personal, it is business. Your personal and intimate medical information is online, on the world wide web for the world to see, best believe it is and should be war zones.

2. Next, get in touch with the police department in the city where the incident occurred and file a criminal report. In your criminal report, be sure to indicate your protected health information was revealed when you obtained treatment at a medical facility. Specify the medical facility. Indicate the staff, hospital and medical doctors who you dealt with, provide information you have about contacts, addresses etc. Also be sure to have a screen capture of offending websites, especially the bigger sites, that published these protected health information.

3. Next, contact the medical records department in the hospital/medical center you received medical treatment and demand an investigation into who among their staff compromised your medical records in violation of HIPAA laws. We will get to HIPAA soon.

4. Contact the treating physician office and all the MDs that treated you and have them also investigate and let you how the heck your medical information and records got leaked???!!

5. Contact the California Medical Board that regulates physicians  and lodge an official complaint.

6. Finally, which would probably be actually your #1 thing to do, contact a lawyer. Your lawyer’s office would easily take care of the steps above  plus they would file a civil law suit against  “friends” of Dencia and Dencia’s camp under tort law theories, among other possible theories, claiming, among other things, an invasion of privacy. They would also stay relentless to make sure all parties, especially the police, do something about this.  This is not a case that one just sits back and takes it. I don’t care if you are African and have never seen the inside of a courtroom. Get over it  and do something about a  conduct that is so aggriegious, criminal, offensive and just straight evil!

Bloggers, you can be held liable for your actions. I REPEAT Bloggers, you can be held liable for your actions. Step off the gas pedal and the impulsiveness with some of the stories you publish. You can be held liable in Nigeria and the USA or wherever you reside, depending on who you are dealing with.

Privacy Laws – HIPAA
I started my legal career as a health law attorney. During my tenure as Health Law Attorney, the HIPAA Privacy Rule went into effective on April 14th, 2003.

What Does HIPAA Stand For?
HIPAA means Health Insurance Portability and Accountability Act

What Does it Do?
It governs/regulates health care providers, among others, on how they use your Protected Health Information (PHI). PHI includes information about your health status, provision of health care, payment for health care etc.

What Specific Organizations Does HIPAA Regulate?
HIPAA regulates “covered entities” and includes: health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers (doctors, hospitals etc) that engage in certain transactions. It says there is a certain way these organizations and those who work for them should be using PHI.

Can You Obtain Your Medical Records From Service Providers?
Yes. Medical service providers must honor your request within 30days, if you ask for your medical records.

Typically doctors do not give patients handwritten notes placed in their medical files, among other things, unless a specific request is made by the patient for all medical records including doctor’s and nurse’s hand written notes. In our case here, we have handwritten notes made by doctors/nurses that were published.

Who Else Can Get Your Protected Health/Medical Information?
Lawyers and other law enforcement officers i.e. officers of the court, in furtherance of litigation  i.e. a lawsuit where your medical records becomes relevant. These professionals can obtain your medical records through a subpoena.

In addition, a “covered entity,” for example your treating physician who has his/her own office and goes to a hospital where he/she is “peer credentialed”  can reveal your PHI to the nurses and other staff of that hospital to facilitate treatment, payment, or health care operations etc.

Even when such disclosure is made, a reasonable effort must be made to disclose only the minimum necessary information required to achieve its purpose.

These “covered entities” are required to let you know when and how your information is used, have internal privacy policies that document and track disclosure of your health information, among other things. They must also take necessary steps to keep your information confidential.

Let’s stop on the general rules because it is rather extensive and detailed. I’ll provide a link below where you can read all about it. Let’s get to what happens if you break these rules?

What happens if an organization violates HIPAA rules?
They can be fined really heavy fees and even fail certification renewals etc., depending on the gravity of the harm.

What happens if an individual violates HIPAA?
“A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Privacy Rule.”

Further, on the civil end, they can be slapped with a civil lawsuit stemming from tort law causes of actions that have no bearing on HIPAA laws.

Back to Dencia and Liz Garvy. “Friends” of Dencia as reported by Linda Ikeji and a few other blogs had no business snooping to collect and reveal Garvy’s protected health information. Given the information revealed, it appears there was an insider who provided these information to them, which is why investigations described above need to be conducted. If it is a situation where they stole the information from Garvy who obtained it from her doctors, then we are dealing with tort law. Although, we could still get into criminal laws under harassment statutes and the new cyber bullying criminal laws that also include a fine and misdemeanor charges.

Frankly, these “Friends” of Dencia  are dangerous and need to be investigated and tracked down, Linda Ikeji would be required to comply with the police to provide that information, once caught and investigations reveal there is something, then they would be charged and prosecuted. Also, Linda Ikeji should NOT have published these medical records. Especially since she also questioned the source in her writeup. 1,825 google readers not counting her blog readers are privy to this protected medical information of this  individual.This is absolutely wrong. People expect when they go to their doctors, regardless of  whether society deems what they do to be morally good or bad, that they have privacy with their doctors.

In the USA, we hold this expectation of privacy to be so important and so highly regarded much the same way we hold the relationship between an attorney and his/her client that we also accord a special privilege/relationship between a doctor and his/her patient. If a doctor acquires information during the time such doctor provides medical services to a patient, the doctor may not reveal that information even if summoned to court to testify in a trial. Ever heard of Physician-patient privilege?

“Documents sent to me by ‘friends’ of Dencia to ‘prove’ Ms Gavy had surgery in the US last year. For one, I don’t know how they got hold of these documents and secondly, what’s the big deal about having surgery, it’s not like it’s a crime or anything.

Anyway, more documents when you continue…”- Linda Ikeji

Common sense dictates these medical documents should not have been published. There is no right to this information as a blogger. There is no news value and it is an invasion of this woman’s privacy and an aggriegious violation. Bloggers, especially Nigerian bloggers, get educated on the law both within and outside Nigeria if you will blog. If that was a client of mine this happened to, it would be the end of blogging for you, beyond other aggressive measures I would take plus working hand in hand with law enforcement.

I am again dumbfounded and pissed. I do not know Liz Garvy and do not believe based on her own information placed online, that she is of good character or can discern good character both with the friends she chooses and how she exposes her business online. However, whether I like Garvy or not is irrelevant. Her protected and private medical records and what she does with her doctor is simply not up for negotiations to be revealed to the public, period.

This action here was just so low and so horrible on the part of “Friends” of Dencia and ridiculous on the part of Linda Ikeji to have published such information. I certainly hope Garvy does something about it.

Gosh Naija and Africans, sometimes we just be straight trippin’ fo’ real tho.


NOTE: Read up on HIPAA here.

Africa Music Law™

AFRICA MUSIC LAW™ (AML) is a pioneering music business and entertainment law website, livestream and podcast show empowering the African artist and Africa's rapidly evolving entertainment industry through its brilliant music business and entertainment law commentary and analysis, industry news, and exclusive interviews.

For general inquiries, advertising, licensing, or to appear on the show as a guest, please email ([email protected]). Thank you for visiting.


Credited for several firsts in the fashion and entertainment industry, Uduak Oduok (Ms. Uduak) is a fashion and entertainment lawyer, speaker, visionary, gamechanger, trailblazer, and recognized thought leader, for her work on Africa’s emerging global fashion and entertainment markets, and the niche practice of fashion law in the United States. She is also the founder of ‘Africa Music Law,’ an industry go-to music business and law blog and podcast show empowering African artists. Her work in the creative and legal industries has earned her numerous awards and recognitions, including an award from the American University Washington College of Law for her “legal impact in the field of intellectual property in Africa." She has also taught as an Adjunct Professor at several institutions in the United States. For more information, visit her at

You may also like...