Penalty

No penalty information released

The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

The facility failed to protect resident-identifiable, personal, and medical information for three sampled residents. During an observation with the Maintenance Supervisor (MS) and the Director of Nursing (DON), five boxes containing invoices with resident names, dates of birth, room numbers, and medical record numbers were found unattended in the facility parking lot. These invoices included information from dietary, lab, intravenous, and equipment services. The MS stated that he had removed the boxes from storage and left them outside in the parking lot approximately two weeks prior, intending to dispose of them later. The DON was unaware of the boxes and stated that documents containing resident information should not have been left outside and should have been shredded. The records reviewed for the three residents included admission records, Minimum Data Set (MDS) assessments, and invoices from pathology and radiology services, all containing sensitive personal and medical information. The residents involved had significant medical conditions such as dysphagia, diabetes mellitus, acute kidney failure, hemiplegia, hypertension, Parkinson's disease, COPD, and major depression, and were all dependent on staff for activities of daily living. The facility's policy required compliance with privacy laws, including HIPAA, and specified that resident information must be kept confidential and properly disposed of, which was not followed in this instance.