HospitalInspections.org

Bringing transparency to federal inspections

PIEDMONT CARTERSVILLE MEDICAL CENTER

960 JOE FRANK HARRIS PARKWAY

CARTERSVILLE, GA 30120

PATIENT RIGHTS: CONFIDENTIALITY OF RECORDS

Tag No.: A0146

Based on observation, interview, and policy review the facility failed to maintain the confidentiality of outpatient surgical records in the operating nurses station. This could have affected anywhere from 0 (zero) to 10 (ten) patients per day, depending upon timing of the last pickup of records needing to be scanned by the Health Information System (HIM) Department and if the said records were completed in time for the last pickup of the day.

Findings include:

Observation of the operating suite nursing station on 4/7/15 at 1:00 PM with the Director of Surgical Services (DSS) revealed an unlocked drawer at the desk containing un-scanned patient documents. Some computer charting is used, some of the records, inpatient and outpatient, have written documents which are ultimately scanned into the record.

At the time of discovery the staff were in general agreement that housekeeping was in the area off and on all night, long after the patient care staff had departed for the day. There was no consensus as to when the last pickup was made by the HIM department. However the DSS stated that staff would start locking up the records at the end of the day, in a nearby key-coded closet.

Interview at 4:00 PM on 4/8/14 the director of Health Information Management (HIM) stated she would supply the surveyor the policy regarding confidentiality of medical records; however, he/ she stated they were under the impression that regular staff was in the surgical nursing station all night.

On 4/9/15 at 8:45 AM the DSS clearly contradicted the impression of the Director of HIM and stated there as not any patient care staff present on a routine basis at night. Further, The DSS stated that the licensed staff working with the records at the end of day would store any such records in the locked closet, which they had already implemented.

Review of corporate policy entitled Protecting Personally-Identifiable Information (PII), reference number IP.GEN.002 with an effective date of September 1, 2014. The policy states in part on page 3 that "Facilities must insure that the minimum amount of PII (personally identifiable information) is collected to conduct business, the access to and use of PII is limited to those individuals who need the information to perform job duties..."