Unattended Laptop Exposes PHI of Multiple Residents
Penalty
Summary
The facility failed to ensure the privacy and confidentiality of personal and medical records for 11 residents. During an observation, a medication cart was found unattended in a hallway with a laptop computer on top, actively displaying protected health information (PHI) for these residents. The laptop was left unsupervised and unlocked for at least five minutes, during which time several staff members, including a housekeeper, a driver, and a CNA, walked past the exposed information. The surveyor eventually alerted an LVN, who then notified the DON, resulting in the computer being locked and closed. Interviews with the DON and the medication aide assigned to the cart confirmed that the computer contained PHI and should have been secured when not attended. The medication aide stated she believed she had locked the computer and was unsure how it became open, acknowledging the risk to residents' privacy. A review of the facility's HIPAA Sanctions policy indicated that leaving a secured application unattended while logged on is a violation of facility policy.