MERCY HOSPITAL OF FOLSOM

Report ID: NUDR11, California Department of Public Health

Reported Entity: MERCY HOSPITAL OF FOLSOM

Issue:

Based on observations, staff interviews and document review, the facility failed to maintain patient privacy when unattended electronic medical records (computer screens) with patient information were observed at the nurses' station unattended on 4/8/13. Findings: During an Initial Tour of the Progressive Care Unit on 4/8/13 at 9:30 a.m., a computer screen at the nurses' station with a patient's name and clinical information was visible to the public. In a concurrent interview with the Risk Manager (RMR), when asked if it was appropriate for the computer screen to be open to patient information and unattended, the RMR responded, "No, the person should have signed off". The RMR was observed closing the screen and logging off. On 4/8/13 at 4 p.m. an observation was made of the nurses' station on the Progressive Care Unit. The electronic medical record was open to a patient's Medication Administration Record. The computer was observed to be unattended and visible to the public. Review of a 6/12/12 facility policy titled "Patient's Rights and Responsibilities" stated: "You have a right to confidential treatment of all communications and records pertaining to your care and stay in the hospital". According to website "http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities /index.html", "individuals, organizations, and agencies that meet the definition of a covered entity under Health Insurance Information Portability and Accountability Act (HIPAA) must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information".

Outcome:

Deficiency cited by the California Department of Public Health: PATIENT RIGHTS: CONFIDENTIALITY OF RECORDS