Penalty

No penalty information released

The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

A facility failed to maintain the privacy and confidentiality of a resident's protected health information (PHI) for one of two residents reviewed. The resident in question had diagnoses including Alzheimer's disease, heart disease, and a history of lung cancer, and was assessed as having severely impaired cognition and being incapable of making informed medical decisions. A complaint was filed alleging that a facility employee disclosed the resident's diagnosis and personal information to other family members without authorization. The Durable Power of Attorney (DPOA) for the resident reported that a Certified Nursing Assistant (CNA) had video chatted with her cousin while at work, during which the cousin could see the resident and other residents. Additionally, the CNA disclosed to another family member at a store that the resident was not doing well and was expected to pass soon. The DPOA confirmed that she had not given permission for the CNA to share this information and specifically wanted to inform the resident's sister herself. Review of facility records showed that the CNA was no longer employed at the facility, having been terminated for disclosing confidential and privileged information to a family member not authorized to receive it. The facility's policy defined health information and disclosure, and the administrator confirmed that all employees were educated on HIPAA requirements. However, the incident demonstrated that the resident's PHI was shared inappropriately with unauthorized individuals, violating the facility's policy and federal privacy regulations.