Stay Ahead of Compliance with Monthly Citation Updates


In your State Survey window and need a snapshot of your risks?

Survey Preparedness Report

One Time Fee
$79
  • Last 12 months of citation data in one tailored report
  • Pinpoint the tags driving penalties in facilities like yours
  • Jump to regulations and pathways used by surveyors
  • Access to your report within 2 hours of purchase
  • Easily share it with your team - no registration needed
Get Your Report Now →

Monthly citation updates straight to your inbox for ongoing preparation?

Monthly Citation Reports

$18.90 per month
  • Latest citation updates delivered monthly to your email
  • Citations organized by compliance areas
  • Shared automatically with your team, by area
  • Customizable for your state(s) of interest
  • Direct links to CMS documentation relevant parts
Learn more →

Save Hours of Work with AI-Powered Plan of Correction Writer


One-Time Fee

$29 per Plan of Correction
Volume discounts available – save up to 20%
  • Quickly search for approved POC from other facilities
  • Instant access
  • Intuitive interface
  • No recurring fees
  • Save hours of work
F0583
D

Unencrypted USB With Resident PHI Lost in Mail

Van Nuys, California Survey Completed on 03-16-2026

Penalty

No penalty information released
tooltip icon
The penalty, as released by CMS, applies to the entire inspection this citation is part of, covering all citations and f-tags issued, not just this specific f-tag. For the complete original report, please refer to the 'Details' section.

Summary

The facility failed to protect the confidential personal and medical information of one resident by copying the resident's complete facility records onto an unencrypted USB drive and mailing it to the resident's family member. The resident had been admitted with diagnoses including malignant neoplasm of the ribs, chronic obstructive respiratory failure, and autistic disorder, and a History and Physical documented that the resident did not have the capacity to understand and make decisions. The resident's authorized representative requested copies of the complete medical record, including medical charts, nursing notes, MARs, physician orders, care plans, incident reports, therapy notes, vital signs, admission/transfer/discharge records, and internal communications related to care. The Medical Records Director attempted to send the requested records via email, but the files were too large, so she saved all requested documents to a USB flash drive that was not password protected or encrypted and mailed it via certified mail to the address provided by the family member. The envelope containing the USB drive was later returned to the facility marked "Return to Sender; Attempted - Not Known Unable to Forward" and was torn open, with the USB drive missing. The Administrator confirmed that the USB drive with the resident's medical records was lost in the mail and that it was not encrypted or password protected, resulting in an unauthorized exposure of the resident's PHI. The information on the USB drive included the resident's Level 1 PASSR screening, insurance eligibility, History and Physical, MD/NP progress notes, all electronic health records (including admission record, MD orders, MAR, nursing progress notes, social services notes, dietary notes, change of condition documentation, IDT meeting notes, and care plans), rehabilitation notes, NOMNC, and copies of the physical paper chart such as consent forms and hospital records. The facility's Privacy Notice policy required the facility by law to maintain the privacy of PHI.

See complete original report
Long-term care team reviewing survey readiness and plan of correction

We Help Long-Term Care Teams Stay Survey-Ready

We process and analyze inspection reports and plan of correction using AI to extract insights and trends so providers can improve care quality and stay ahead of compliance risks.

Discover our solutions:

An unhandled error has occurred. Reload 🗙