Penalty

No penalty information released

The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

The deficiency involves the facility’s failure to maintain secure and confidential clinical records for two residents on the Kindle Unit. On 1/28/2026 at 9:09 a.m., a surveyor observed the CNA charting station computer on the Kindle Unit with the screen open and unlocked, displaying Resident #2’s personal plan of care information. The screen was visible to unauthorized individuals, including visitors or other residents, although no unauthorized individuals were present at that moment. Resident #2’s face sheet showed he was a 95-year-old male with diagnoses including acute posthemorrhagic anemia, acute kidney failure, and type 2 diabetes mellitus. During an interview later that day at 12:15 p.m., the CNA stated she had received HIPAA in-service training a few months earlier, which included instructions not to discuss residents’ private clinical information with unauthorized individuals and to lock the computer screen when stepping away. She acknowledged that everyone who worked with charting computers was responsible for closing and locking them when not in attendance. She explained that she had been called by another staff member to help with resident care and forgot to close the computer screen, and confirmed she was responsible for shutting down and locking the charting computer when stepping away. She stated that leaving the screen unlocked with clinical information displayed could be harmful because anybody could see it. A second incident was observed on 1/28/2026 at 10:00 a.m., when the RN’s nurse’s station computer on the Kindle Unit was found open and unlocked, displaying Resident #1’s medication administration record, visible to unauthorized individuals, including visitors or other residents, though no unauthorized individuals were present at that time. Resident #1’s face sheet showed she was a 66-year-old female with diagnoses including type 2 diabetes mellitus, myopathy, and polyneuropathy. In an interview at 10:05 a.m., the RN stated that staff working with residents’ personal information were responsible for shutting down charting computer screens when leaving and that he had received HIPAA training several months earlier. He acknowledged that leaving a computer screen without locking it could lead to exposing residents’ private medical information and violating their privacy. The Administrator and Vice President of Clinical Operations both stated in interviews that staff are trained at hire and annually on HIPAA and are responsible for minimizing or locking screens when stepping away, but record review did not show documented HIPAA in-services completed by the CNA and RN before these incidents, despite the facility’s Notice of Privacy Practices stating that all staff are trained at employment, annually, and as needed.