Penalty

No penalty information released

The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

The facility failed to follow its privacy policy regarding the handling of protected health information (PHI) for one resident. An Assistant Director of Nursing (ADON) sent a text message from her personal cell phone to a group that included the facility Administrator, Regional Nurse Consultant, and inadvertently, a former LPN who was no longer employed at the facility. The text message contained the resident's first and last name along with detailed medical information, including the resident's confusion, recent removal of a midline, ongoing treatment for EBSL in urine, and concerns about potential sepsis. The text message was not encrypted or secure, and the facility's policy prohibits the transmission of PHI via unsecured text messaging. Multiple staff, including the former LPN and the Regional Nurse Consultant, recognized the privacy violation and identified the use of unsecured text messaging as a breach of HIPAA regulations. The ADON acknowledged that she sent the message in error, including the wrong recipient, and admitted awareness that such communication was not permitted. The facility's HIPAA policy, dated 6/1/2025, clearly states that all staff are prohibited from sharing PHI through unsecure means and that violations may result in disciplinary action. There was no documentation in the resident's nursing notes regarding the transmission of this information via text message.