Privacy Breach Due to Unattended Computer Screens
Penalty
Summary
The facility failed to ensure the privacy of residents' information, as evidenced by observations of unlocked and unattended computer screens displaying resident information. On two separate occasions, surveyors observed computer screens left unlocked and unattended, with resident information visible. The first incident occurred at the East side medication cart, where a Registered Nurse (RN) left the screen unlocked while attending to other duties. The RN acknowledged the oversight, attributing it to being preoccupied with finding a supervisor for the surveyor. The second incident was observed at the East side nursing station, where another computer screen was left unlocked and unattended, displaying resident information. A Licensed Practical Nurse (LPN) was informed of the situation by the surveyor and promptly locked the screen, indicating that another staff member had left it open. These observations highlight a breach in the facility's policy to protect patient privacy and confidentiality, as outlined in their Patient Privacy Policy. The facility's policy mandates that all patient information be treated as confidential and that unauthorized access, use, or disclosure is prohibited. It requires that electronic records be stored in password-protected systems with encryption to prevent unauthorized access. The policy applies to all employees, contractors, volunteers, and other personnel working in the nursing home, emphasizing the importance of safeguarding personal, medical, and financial information of residents.
Plan Of Correction
This Plan of Correction does not constitute admission or agreement by Miami Shores Nursing & Rehabilitation Center of the truth of the facts alleged, or conclusions set forth in the statement of deficiencies. This Plan of Correction is prepared solely because it is required by State and Federal Laws. N202 Right to Privacy Identify patients that were at risk and what did: Immediately, once identified by the surveyor, all Department managers were notified and asked to meet with their staff and go over HIPAA and protection of patient privacy. A facility-wide in-service was held on through /2025 that reviewed HIPAA privacy and all staff were started on individual HIPAA training. The assessment completed included the issue, Root Cause Analysis, and Performance Improvement Plan. Staff were trained on specific education related to HIPAA with acknowledgement forms. Regarding the Nurse that left the computer unattended at the med cart, they were counseled on the importance of HIPAA and protecting privacy; counseling was completed on. How will you identify other patients that are at risk? A full house audit was completed on , to determine that no other privacy screens were being left unattended by not only nurses but staff that use the tablets for documentation as well. Staff and Managers were reminded of HIPAA Policy, and Department managers were tasked to keep vigilant about any screens with patient information being left unattended. Thereafter, the DON created the Audit checklist to spot check for computer security during use. Measure put in place: A facility-wide in-service was held on and /2025 that reviewed HIPAA privacy and all staff were started on individual HIPAA training. The assessment completed included the issue, Root Cause Analysis, and Performance Improvement Plan. Staff were trained on specific education related to HIPAA with acknowledgement forms. Training will continue upon hire and annual review. A new system tool has been created whereby the Nurse manager that covers 24 hours per day has a form that was developed and included the surveillance of HIPAA Compliance with all electronics including computers and tablets. The DON created an audit checklist which will be located at the Nurses' desk and is a daily spot check for computer security during use. All department heads are also required to monitor for the same on their daily rounds and when finding any non-compliant staff, to report to managers and provide ongoing education and progressive discipline if rules are not adhered to. We posted a sign at the nurses' station and on med carts as a reminder to lock screens before leaving long-term prevention through inclusion and annual training and orientation. How will you monitor? The DON and all department heads are also required to use the form to track compliance. The DON and/or designee will be responsible for bringing the findings and summary to the QAPI Committee. This will occur daily for 30 days, then monthly for 3 months, then quarterly and/or if any variances are reported ongoing.