Failure to Secure Resident PHI on Unattended EMR Screen
Penalty
Summary
A licensed practical nurse (LPN) failed to secure a resident's protected health information (PHI) by leaving the electronic medical record (EMR) screen unlocked and visible on the medication cart while administering medications in the west hall. During this time, multiple staff members and residents walked past the unlocked screen, which displayed the resident's EMR information. The LPN acknowledged that the computer screen should have been locked when unattended. The director of nursing (DON) confirmed that the facility's EMR system includes a lock screen feature and that staff are expected to use it whenever they step away from the computer. Review of the facility's HIPAA policy further emphasized the requirement to log off computers when not in use and to protect PHI from unauthorized access. The incident constituted a breach of the facility's policy and federal HIPAA regulations regarding the privacy and security of resident information.