GuardWell Compliance

New Mexico Healthcare Compliance Requirements

State-specific breach notification rules, medical records retention periods, PDMP requirements, and mandatory reporting obligations for medical practices operating in New Mexico.

45-day breach deadline10-year retentionNM PMPStricter than HIPAA

Breach Notification Rules

Notification deadline

45 calendar days

Notification must be made no later than 45 calendar days following discovery of breach. AG must be notified if 1,000+ New Mexico residents affected.

AG notification threshold

1000+ affected individuals

Notify: AG

Harm analysis required

Yes — breach presumed unless risk assessment shows low probability of compromise

Penalty range

Up to $25,000 per violation under Unfair Practices Act

Stricter than federal HIPAA
View statute

Medical Records Retention

Record typeRetention periodMeasured from
General medical10 yearsLast treatment

PDMP Requirements — NM PMP

Check required

All controlled substances

Check frequency

Every prescription

Delegation allowed

Yes — authorized staff can check on provider's behalf

Penalty range

Licensing board discipline; civil penalties up to $5,000 per violation

Exemptions

Hospice patients, cancer treatment, ≤48 hour supply in ER, inpatient hospital administration

Register for NM PMP

Mandatory Reporting Obligations

Mandated reporters

All persons including healthcare professionals who know or have reasonable suspicion of child abuse

Report to

Children, Youth and Families Department (CYFD) or local law enforcement

Timeline

Within 24 hours

Penalty for failure

Misdemeanor, up to $1,000 fine and/or 1 year jail

Immunity provision

Good faith reporters immune from civil and criminal liability under NMSA 32A-4-3

Mandated reporters

All persons including healthcare professionals

Report to

Adult Protective Services, Aging and Long-Term Services Department

Timeline

Within 24 hours

Penalty for failure

Misdemeanor, up to $1,000 fine

Immunity provision

Good faith reporters immune from civil and criminal liability

Mandated reporters

Healthcare providers treating injuries from suspected criminal violence

Report to

Local law enforcement

Timeline

Immediately / as soon as possible

Immunity provision

Good faith reporters immune from civil liability

Mandated reporters

Physicians, laboratories, and healthcare facility administrators

Report to

New Mexico Department of Health, Epidemiology and Response Division

Timeline

Within 24 hours

Penalty for failure

Misdemeanor, up to $1,000 fine

Immunity provision

Good faith reporters immune from civil liability

Mandated reporters

All healthcare providers treating gunshot wounds or stab wounds

Report to

Local law enforcement

Timeline

Immediately / as soon as possible

Penalty for failure

Petty misdemeanor

Immunity provision

Good faith reporters immune from civil and criminal liability

Guides & Articles

HIPAA

HIPAA Compliance Checklist for Small Medical Practices in 2026

OSHA

OSHA Requirements for Medical Offices: A Complete Guide

HIPAA

HIPAA Breach Notification: Rules, Timelines, and Penalties

Training

How to Build a Healthcare Compliance Training Program

Stay compliant in New Mexico

GuardWell tracks New Mexico-specific breach deadlines, PDMP requirements, retention periods, and mandatory reporting obligations automatically.

Free compliance scoreSee a demo

View all state compliance guides HIPAA Compliance OSHA Compliance DEA Compliance

GuardWell

Healthcare Compliance Assistant

Hi! I'm GuardWell's sales assistant.

I can answer questions about our healthcare compliance platform, pricing, and features. How can I help?

Powered by GuardWell AI