Administrator Disclosed Resident's Code Status in Public, Violating Privacy Policy
Penalty
Summary
The facility failed to maintain the privacy and confidentiality of a resident's personal and medical records when the Administrator disclosed the resident's change in code status from full code to Do Not Resuscitate (DNR) to a family member who was not the resident's Durable Power of Attorney (DPOA), and did so in a public setting. The disclosure occurred while the Administrator was at a golf course, where the resident's family member and another unrelated individual were present. The Administrator informed the family member of the resident's change in code status, which led to a misunderstanding that the resident had experienced a code event. The family member subsequently shared this information with others and went to the facility, only to find the resident awake and confused. The resident's DPOA later stated that they did not want the resident's medical information shared with anyone else, emphasizing that the Administrator should not have disclosed the change in code status to other family members or in a public place. The Administrator acknowledged that she should not have shared the resident's personal medical information with anyone other than the DPOA, recognizing that this action violated both the resident's privacy and the facility's privacy policy. The facility's policy and federal law require that all resident information be kept confidential and only disclosed in accordance with privacy regulations.