Penalty

No penalty information released

The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

Surveyors identified a failure by the facility to maintain the privacy and security of residents’ clinical information for 13 of 93 residents reviewed. On the morning of 2/17/26, resident documents containing protected health information (PHI) were observed unattended and spread out face up on a low table near the front entrance, between the receptionist’s desk and the Executive Director’s office, with no staff present in the area. The documents were not secured and included residents’ names, room numbers, code status, allergies, diet orders, activity of daily living (ADL) assistance needs, behavioral information, fall risk status, elopement risk, presence of medical devices such as catheters and wander guards, wound presence and locations, hospice involvement, dialysis schedule, and other clinical and personal details. The exposed information included, for example, a resident with DNR status and multiple medication allergies, a resident on hospice with high fall risk and behavioral symptoms, a resident with an elopement risk and a wander guard, residents with paraplegia, catheters, wounds, and enhanced barrier precautions, and a resident with a preference for no male caregivers. Another resident’s record noted a left below-knee amputation, use of a brace, and thrice-weekly dialysis appointments. During interview, the Executive Director acknowledged that these resident documents should not have been left out on the table. Review of the facility’s HIPAA and Privacy Compliance and Complaint Policy, dated October 2018, showed the facility is required to maintain the privacy, security, and confidentiality of residents’ PHI in compliance with state and federal laws and regulations.