Failure to Protect Resident Medical Record Confidentiality
Penalty
Summary
A deficiency occurred when a registered nurse (RN) failed to maintain the confidentiality of a resident's personal and medical records. During an observation, the RN left the medication cart unattended with the computer screen open and facing the hallway, displaying confidential medical information including the resident's name and medications. The RN acknowledged that the screen was left open and that anyone passing by, including visitors or other residents, could have accessed the information. The RN also admitted to having received in-service training on HIPAA protocols but did not recall the date and did not follow the required procedures to lock the computer screen when not in use. Interviews with facility leadership, including the Administrator and Director of Nursing (DON), confirmed that the expectation was for all resident information to be kept confidential and for computer screens to be locked when not in use. The facility's policy on safeguarding electronic protected health information requires that workstations be protected from unauthorized access, including placing terminals away from high-traffic areas and automatically locking screens. The failure to follow these protocols resulted in the exposure of a resident's confidential medical information.