HospitalInspections.org
Bringing transparency to federal inspections
SAINT JOHN HOSPITAL
MEDICAL RECORD SERVICES
Tag No.: A0431
Based on staff interviews and policy and procedure review, the Hospital failed to protect the confidentiality of patient records by allowing medical and nursing staff to text patients' protected health information and orders using personal cell phones that are not on a secured or encrypted platform.
This deficient practices places all patients receiving services at this hospital at risk for release of their confidential, protected health information by hospital staff to unauthorized persons.
Findings include:
Staff O, Registered Nurse (RN) interviewed in a sitting area on the Geriatric Psychiatric Unit on 10/2/2017 at 3:00 PM disclosed the nurses at times will use their personal cell phones to text the doctors concerning patient needs.
Staff F, Registered Nurse Supervisor interviewed in his/her office on 10/2/2017 at 3:31 PM disclosed Staff J, physician will text orders and updates on patients to the nursing staff on their personal cell phones.
Staff J, Physician interviewed in his/her office on 10/3/2017 at 9:58 AM disclosed s/he does text from his/her personal cell phone to the nursing staffs' personal cell phones.
Staff A, Administration interviewed in his/her office on 10/3/2017 at 10:19 AM. Staff A did not know if texted orders can be taken by the staff, or if the physicians are texting orders. Staff A explained it is not part of the facility's policy and hopes that patient information is not shared.
- The Hospital policy titled "Cell Phones, Cell Phone Usage and Pagers" directed, "guidelines for employees, physicians...regarding cell phone and pager usage to ensure patient privacy, promote organization's service behaviors; create a safe and productive work environment, and compliance with the HIPAA and applicable state statutes...personal cell phone...is not permitted...use of these features is considered a HIPAA violation and subject to the highest forms of discipline, to include termination.
Refer to A-0441 for more details.
PROTECTING PATIENT RECORDS
Tag No.: A0441
Based on staff interview, policy and procedure review the Hospital failed to ensure Protected Health Information (PHI) was safeguarded. The Hospital failed to ensure the confidentiality of their patients' records by allowing hospital staff and physicians (Staff L, O, F, and J) to use their personal cell phones to communicate patient's medical information. This deficient practice puts all patients at risk for exposure of their personal and medical information to social media and personal contacts of the medical and nursing staff.
Findings include:
Staff L, Support Staff for the Geriatric Psychiatric Unit interviewed on 10/2/2017 at 1:08 PM, She explained the communication for the staff works by using headsets for the nurse aides, and either a hand held phone or headset for the nursing staff, and the nursing staff can text on their personal phones.
Staff O, Registered Nurse (RN) interviewed in a sitting area on the Geriatric Psychiatric Unit on 10/2/2017 at 3:00 PM. Staff O disclosed the nurses will use a hand held phone or head set for communication and at times will use their personal cell phones to text the doctors concerning patient needs.
Staff F, Registered Nurse and Supervisor interviewed in his/her office on 10/2/2017 at 3:31 PM. Staff F disclosed Staff J, physician will text orders and updates on patients to the nursing staff on their personal cell phones.
Staff J, Physician interviewed in his/her office on 10/3/2017 at 9:58 AM. Staff J disclosed s/he does text from his/her personal cell phone to the nursing staffs' personal cell phones. Staff J explained they protect the Health Insurance Portability and Accountability Act of 1996 which is United States legislation that provides data privacy and security provisions for safeguarding medical information (HIPAA) by not using real names of the patients so their real identity is not shared. Staff J gave the example of using "Alice in Wonderland" for a patient with something in their name to relate to that.
Staff A, Administration interviewed in his/her office on 10/3/2017 at 10:19 AM. Staff A did not know if texted orders can be taken by the staff, or if the physicians are texting orders. Staff A explained it is not part of the facility's policy and hopes that patient information is not shared.
- The Hospital policy titled "Cell Phones, Cell Phone Usage and Pagers" directed, "guidelines for employees, physicians...regarding cell phone and pager usage to ensure patient privacy, promote organization's service behaviors; create a safe and productive work environment, and compliance with the HIPAA and applicable state statutes...personal cell phone...is not permitted...use of these features is considered a HIPAA violation and subject to the highest forms of discipline, to include termination.
- The article titled "Healthcare Providers May Violate HIPAA by using Mobile Devices to Communicate with Patients" directed, the use of mobile devices to exchange protected health information (PHI) triggers the HIPAA security rule...according to the Department of Health and Human Services, the HIPAA Security Rule outlines national standards to protect individual's electronic protected health information ("ePHI") this is "created, received, used or maintained by a covered entity.
- The article titled "A Nurse's Guide to the Use of Social Media" directed, any patient information learned by the nurse during the course of treatment must be safeguarded by that nurse...confidential information should be shared only with the patient's informed consent...a nurse if obligated to safeguard confidential information...privacy relates to the patient's expectation and right to be treated with dignity and respect...any breach of this trust, even inadvertent, damages the nurse/patient relationship and the general trustworthiness of the profession of nursing...improper use of social media by nurses may violate state and federal laws established to protect patient privacy and confidentiality.