Stay Ahead of Compliance with Monthly Citation Updates


In your State Survey window and need a snapshot of your risks?

Survey Preparedness Report

One Time Fee
$79
  • Last 12 months of citation data in one tailored report
  • Pinpoint the tags driving penalties in facilities like yours
  • Jump to regulations and pathways used by surveyors
  • Access to your report within 2 hours of purchase
  • Easily share it with your team - no registration needed
Get Your Report Now →

Monthly citation updates straight to your inbox for ongoing preparation?

Monthly Citation Reports

$18.90 per month
  • Latest citation updates delivered monthly to your email
  • Citations organized by compliance areas
  • Shared automatically with your team, by area
  • Customizable for your state(s) of interest
  • Direct links to CMS documentation relevant parts
Learn more →

Save Hours of Work with AI-Powered Plan of Correction Writer


One-Time Fee

$29 per Plan of Correction
Volume discounts available – save up to 20%
  • Quickly search for approved POC from other facilities
  • Instant access
  • Intuitive interface
  • No recurring fees
  • Save hours of work
F0842
E

Unauthorized Disclosure of Multiple Residents’ PHI via Email

Lewisburg, Pennsylvania Survey Completed on 02-19-2026

Penalty

No penalty information released
tooltip icon
The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

The facility failed to maintain the confidentiality of protected health information (PHI) for multiple residents when responding to a medical record request. The facility’s HIPAA Privacy and Security Policy, dated March 20, 2025, states that all workforce members are responsible for safeguarding PHI in any form and defines PHI as information that identifies or can reasonably be used to identify a resident and relates to the resident’s health condition, care, or payment for care. Despite this policy, an administrative employee (Employee 1) sent an email to the responsible party of Resident 1 in response to a request for that resident’s medical record. During an interview and concurrent review of the email, it was determined that Employee 1 erroneously attached and transmitted PHI belonging to multiple other residents, including Residents 3, 5, and 8, in addition to the requested information for Resident 1. The extra attachment contained progress notes from the clinical records of these additional residents, whose responsible party had not authorized this individual to receive their records. The email, sent on February 10, 2026, at 3:01 PM, therefore disclosed confidential medical record information for Residents 3, 5, and 8 to an unauthorized recipient. In a subsequent phone meeting, the Nursing Home Administrator confirmed that sending the PHI for these residents was a mistake.

See complete original report
Long-term care team reviewing survey readiness and plan of correction

We Help Long-Term Care Teams Stay Survey-Ready

We process and analyze inspection reports and plan of correction using AI to extract insights and trends so providers can improve care quality and stay ahead of compliance risks.

Discover our solutions:

An unhandled error has occurred. Reload 🗙