Penalty

No penalty information released

The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

Staff failed to maintain the privacy and confidentiality of residents' medical information when a report sheet containing personal health details for 20 residents was left unsecured at a resident's bedside. The report sheet included names, room numbers, diagnoses, medication administration details, and code statuses. A resident discovered the sheet, took a photograph of it, and expressed distress upon seeing their own diagnosis listed inaccurately. Another resident reported receiving a letter about the breach, which included their vital signs, diagnoses, and address, and expressed concern about the potential for this information to be shared online. During an observation, a report sheet with two residents' weights, room numbers, and bed locations was also found unsecured on a central nurses' cart. The facility's own policy required staff to protect confidential information and not disclose it inappropriately. However, the incident review documented that approximately 18 individuals were affected by the breach when a nurse left the report sheet at a resident's bedside, and the resident took a photo of the form. Interviews with staff revealed that the Director of Nursing was unaware of the incident, while the Regional Director of Clinical Services acknowledged the HIPAA violation and stated that report sheets should be safeguarded for privacy.