Penalty

No penalty information released

The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

The facility failed to protect the personal privacy and confidentiality of residents' medical records for 10 out of 13 residents reviewed. Surveyors observed that care plans containing protected health information (PHI), including diagnoses, treatments, and Social Security Numbers (SSNs), were left in a public survey binder located in the facility's lobby. Additionally, the binder contained a Post-Investigation Review (PIR) with PHI for two residents, including names, SSNs, Medicaid and Medicare numbers, and health diagnoses. A resident identifier sheet and corresponding survey with PHI for four other residents were also found in the same public binder. Interviews with facility leadership confirmed that these documents should not have been accessible to the public. The administrator acknowledged that only survey tags and plans of correction should have been in the binder, and that care plans, PIRs, and resident identifier sheets containing PHI were not appropriate for public access. The administrator was unaware of who placed these documents in the binder but confirmed that it was the responsibility of all staff to safeguard PHI. The Director of Nursing (DON) and Assistant Director of Nursing (ADON) both stated that staff were trained to protect PHI during onboarding and through regular in-service training. They emphasized the importance of maintaining resident privacy and confidentiality, as outlined in the facility's HIPAA policy, which restricts access to personal medical information to authorized personnel only. Despite these policies and training, the presence of sensitive documents in a publicly accessible area constituted a failure to ensure the confidentiality of residents' medical information.