Failure to Secure Electronic Medical Records Exposes Resident Information
Penalty
Summary
A medication aide (MA) failed to maintain the privacy and confidentiality of a resident's personal and medical records by leaving a computer unlocked and unattended for seven minutes, with the screen displaying the resident's morning medication list. The incident was observed during medication administration, and the computer was left facing the hallway, making the information potentially visible to unauthorized individuals. The MA later stated she was unaware of the requirement to lock the computer screen and believed that minimizing the screen was sufficient to protect the information. The resident involved had a history of chronic obstructive pulmonary disease, heart failure, and atrial fibrillation, and was assessed as having moderate cognitive impairment. The Director of Nursing (DON) was not aware of the incident until informed and stated that the expectation was for all nursing staff to lock computer screens when unattended, in accordance with HIPAA regulations. Facility policy required that protected health information be kept safe, confidential, and protected.