Failure to Safeguard Resident Privacy and Confidential Health Records
Penalty
Summary
The facility failed to protect the privacy and confidentiality of residents' electronic health records (EHR) and personal information. During a survey, it was observed that a note containing information about a resident's authorized visitors and instructions for staff was posted on the computer screens of two medication carts. This note was visible to anyone passing by, thereby exposing confidential resident information. Additionally, during medication administration, the electronic medication administration record (EMAR) for a resident was left open and unattended on a computer screen, making the resident's medical information accessible to unauthorized individuals. Staff interviews confirmed these lapses in privacy. A registered nurse admitted to forgetting to lock the computer screen before leaving the medication cart to administer medications, acknowledging awareness of the requirement to secure the screen when not present. The Director of Nursing (DON) explained that the notes regarding visitor restrictions were intended to inform all staff, including PRN nursing staff, about specific instructions for a resident with challenging family dynamics. However, the notes were supposed to be flipped to the blank side when not in use, but this protocol was not followed, resulting in the exposure of resident information. The facility's own policy on resident rights and confidentiality was reviewed and found to require the protection of personal privacy and confidentiality of records. Despite this policy, the observed actions and inactions by staff led to a failure to safeguard residents' confidential information, as evidenced by the visible notes and unlocked EMAR screens on medication carts. At the time of the survey, there were 44 residents in the facility.
Plan Of Correction
1. Resident #23 posted information was immediately removed on , and a search of the common facility areas was conducted to ensure that no other resident information was visible to outside sources, no other issues were found. 2. Medication carts and computer were checked for identifiable resident information and no other issues were found. 3. The DON or designee will educate current staff to ensure that personal and/or confidential information is safeguarded. 4. HR will be responsible for training new hires on measures to safeguard information and HIPAA compliance. 5. On all departments were re-educated by the DON on the importance of residents' rights to privacy to ensure that residents' names are kept confidential and not posted. 6. The nurse on cart B who left the computer screen open unattended was re-educated by DON on the importance of locking his screen when moving away from the cart. 7. On an in-service was held by the DON with all the nurses on confidentiality and privacy of residents' information related to safeguarding personal and confidential information. 8. Nursing supervisor will monitor for compliance daily and Director of Nursing or designee will make random checks weekly to ensure that residents' rights to confidentiality and privacy are not being violated for the next 3 months. 9. Findings will be reported monthly in the QA meeting until substantial compliance has been determined, to ensure compliance has been achieved.