Stay Ahead of Compliance with Monthly Citation Updates


In your State Survey window and need a snapshot of your risks?

Survey Preparedness Report

One Time Fee
$79
  • Last 12 months of citation data in one tailored report
  • Pinpoint the tags driving penalties in facilities like yours
  • Jump to regulations and pathways used by surveyors
  • Access to your report within 2 hours of purchase
  • Easily share it with your team - no registration needed
Get Your Report Now →

Monthly citation updates straight to your inbox for ongoing preparation?

Monthly Citation Reports

$18.90 per month
  • Latest citation updates delivered monthly to your email
  • Citations organized by compliance areas
  • Shared automatically with your team, by area
  • Customizable for your state(s) of interest
  • Direct links to CMS documentation relevant parts
Learn more →

Save Hours of Work with AI-Powered Plan of Correction Writer


One-Time Fee

$49 per Plan of Correction
Volume discounts available – save up to 20%
  • Quickly search for approved POC from other facilities
  • Instant access
  • Intuitive interface
  • No recurring fees
  • Save hours of work
F0583
E

Improper Disposal of Medical Records Breaches Resident Confidentiality

Waverly, Missouri Survey Completed on 07-18-2025

Penalty

No penalty information released
tooltip icon
The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

The facility failed to maintain personal privacy and confidentiality of residents' personal and medical records by disposing of protected health information (PHI) in a public dumpster. This incident involved 136 residents, with medical records dating from 2008 to 2018 being placed in closed boxes and discarded off-site at a laundry building. The boxes were labeled with residents' names and years, making the information easily identifiable. The maintenance director was responsible for placing the records in the dumpster, and the administrator was notified of the breach after the records were discovered. Interviews revealed that the maintenance director was not aware of HIPAA regulations at the time of the incident and mistakenly disposed of the records in the dumpster. Other staff members, including an LPN and a housekeeper, demonstrated awareness of HIPAA requirements and stated that protected information should be placed in designated shred boxes or given to a charge nurse for proper disposal. The facility's policies required that PHI be managed and protected to prevent unauthorized release or disclosure, but these procedures were not followed in this instance, resulting in a breach of confidentiality.

See complete original report
An unhandled error has occurred. Reload 🗙