Privacy Breach of Resident Information
Penalty
Summary
The facility failed to ensure the privacy and confidentiality of residents' personal and medical records, as required by federal regulations. During a survey, it was observed that two out of four computer screens on the East side nursing station were left unlocked and unattended, displaying resident information. This breach of privacy was noted on the East side medication cart #1 and at the East side nursing station, where resident information was easily accessible and visible to unauthorized individuals. At 7:39 AM, a surveyor observed an unlocked, unattended computer screen on the East side medication cart #1. The Registered Nurse (RN) responsible for the cart returned at 7:41 AM and acknowledged the protocol breach, stating that they forgot to lock the screen due to being preoccupied with finding a supervisor for the surveyor. Similarly, at 8:08 AM, another unlocked, unattended computer screen was observed at the East side nursing station. A Licensed Practical Nurse (LPN) was informed of the situation at 8:09 AM and immediately locked the screen, indicating that another staff member had left it open. The facility's policy on patient privacy, which aligns with the Health Insurance Portability and Accountability Act (HIPAA) and state-specific regulations, mandates that all patient information be treated as confidential. Unauthorized access, use, or disclosure of patient information is prohibited, and access to such information should be restricted to authorized personnel only. Despite these policies, the facility failed to adhere to the required standards, resulting in a deficiency in maintaining the privacy and confidentiality of residents' information.
Plan Of Correction
This Plan of Correction does not constitute admission or agreement by Miami Shores Nursing & Rehabilitation Center of the truth of the facts alleged, or conclusions set forth in the statement of deficiencies. This Plan of Correction is prepared solely because it is required by State and Federal Laws. F583 Personal Rights and Confidentiality Identify patients that were at risk and what did: Immediately, once identified by the surveyor, all Department managers were notified and asked to meet with their staff and go over HIPPA and protection of patient privacy. A facility wide Inservice was held on through /2025 that reviewed HIPPA privacy and all staff were started on individual HIPPA training. The assessment completed included the issue, Root Cause Analysis and Performance improvement Plan, Staff Were trained on specific Education related to HIPPA with acknowledgement forms. Regarding the Nurse that left the computer unattended at med cart was counseled on the importance of HIPPA and protecting privacy, counseling was completed on. How will you identify other patents that are at risk? A full house audit was completed on, to determine that no other Privacy screens were being left unattended by not only nurses but staff that use the tablets for documentation as well. Staff and Managers were reminded of HIPPA Policy and Department managers were tasked to keep vigilant about any screens with patient information being left unattended. Thereafter the DON created the Audit checklist to spot check for computer security during use. Measure put in place: A facility wide Inservice was held on and /2025 that reviewed HIPPA privacy and all staff were started on individual HIPPA training. The assessment completed included the issue, Root Cause Analysis and Performance improvement Plan. Staff Were trained on specific Education related to HIPPA with acknowledgement forms. Training will continue upon Hire and annual review. A new system tool has been created whereby the Nurse manager that covers 24 hrs per day has a form that was developed and included the surveillance of HIPPA Compliance with all electronics including computers and tablets. The DON created an audit checklist which will be located at Nurses desk and is a daily spot checks for computer security during use. All department heads are also required to monitor for the same on their daily rounds and when finding any non-compliant staff, to report to managers and provide ongoing education and progressive discipline if rules are not adhered to. We posted a sign at nurses' station and on med carts as a reminder to Lock screens before leaving long term prevention through inclusion and annual training and Orientation. How will you monitor? The DON and All department Heads are also required will use the form to track compliance. The DON and or designee will be responsible for bringing the finding and summary to the QAPI Committee. This will occur daily for 30 days, then Monthly for 3 months, then quarterly and or if any variances are reported ongoing.