HospitalInspections.org

Based on interviews and document review, the facility failed to ensure patient or patient representatives were notified if dissatisfied with the investigation findings, the grievance may be referred in writing to the State Agency, in 1 of 1 grievance with a final resolution letter reviewed (Patient A).

This failure created the potential for patients to be unaware of their right to pursue a further grievance investigation.

FINDINGS

POLICY

According to the policy, Patient Complaint and Grievances, the facility will inform the Complainant that the Complainant may submit a request to the Colorado Department of Public Health and Environment, and that he/she may register the Complaint directly with the Department.

1. The facility failed to ensure the resolution letter stated the patient or patient representative, if dissatisfied with the finding, could request the grievance be submitted to the State Agency.

a) Document review revealed on 02/09/17, the Chief Executive Officer, (CEO #2), mailed a letter explaining the investigation findings for the grievance filed by Patient A. A footer located at the bottom of the letter stated a final grievance must be forwarded in writing to Patient Relations Service Center, which was located out of state. The letter did not inform the complainant s/he may submit a request to the State Agency. This was in contrast to policy.

b) On 03/09/17 at 8:45 a.m., an interview via conference call was conducted with the Director of Patient Relations, (Director # 3), who was in charge of the grievance process for the facility. Director #3 explained the facility process for complainants who were unsatisfied with the facilities resolution. The complainant could submit in writing a letter to the Patients Relations Services Center located out of state. S/he identified this information was located on letters sent out to complainants as part of the final resolution letter. S/he also stated if a patient or patient representative had a complaint the facility had posters located throughout the facility that addressed how to lodge a complaint.

The facility policy and state regulations were reviewed with Director #3. Director #3 stated after review of the facility's policy, the facility's final resolution letter to the patient or patient representative should have included information for the State Agency. S/he stated prior to the conversation s/he was unaware the resolution letter needed to include the State Agency information. Director #3 stated the importance of having the State Agency information included, could be patients or patient representatives should have other avenues to file a grievance and potentially receive an unbiased investigation from an outside facility.

Based on observations, interviews, and document review, the facility failed to ensure patient electronic medical records and patient identifiers were safeguarded from unauthorized use.

The failure created the potential for unauthorized individuals to gain access to patient electronic medical records and patient identifiers.

FINDINGS

POLICY

According to the policy, Confidentiality of Computer Desktop and Computer System Uses, facility employees have an obligation to use computer desktops in a manner that minimizes unauthorized or inadvertent access to confidential or restricted data. An expectation for minimizing inadvertent access is to log off the desktop when a session is completed.

1. The facility staff did not close screens on patient electronic medical records in patient care units to prevent unauthorized use.

a) On 03/06/17 at 12:55 p.m., a tour of the Medical, Neuro-Surgical floor was conducted with the Chief Operating Officer (COO #4). During the tour a work station on wheels (WOW) was observed unsecured and unattended by staff outside of room B-473. The surveyor was able to walk up to the unsecured computer and obtain protected health information. This was in contrast to facility policy.

Multiple visitors and family were also observed in the hallway with the unsecured WOW nearby.

b) The tour was continued to the 4 North West patient care unit, where a WOW was observed again unsecured and unattended by staff. Visitors, family and other patients were observed in the hallway. Protected patient information was obtained by the surveyor from the unsecured computer.

A Registered Nurse, who was in charge of the WOW was located and stated s/he was sorry for leaving the computer unsecured and understood the risk of an unsecured WOW would be the risk of patient protected information being breached.

c) On 03/06/17 at 1:00 p.m., a WOW was observed unsecured and unattended by staff outside of room 493. The surveyor was able to obtain multiple patients protected health information and at no time during the observation was staff observed to ensure patient electronic medical records and patient identifiers were safeguarded from unauthorized use. Again visitors were observed in the hallway with the unsecured WOW.

d) On 03/06/17 at 1:11 p.m., the tour was continued to the Intensive Care Unit. A WOW was observed outside of room A-342 unsecured and unattended by staff. Patient protected information was visible to the surveyor. An interview was conducted with the Director of the ICU (Director #5) who stated the risk of unsecured WOW would be, patients protected health information could be violated.

e) On 03/09/17 at 11:31 a.m., an interview was conducted with the Chief Nursing Officer (CNO #1) who was in charge of nursing services for the facility. S/he stated confidentiality of patient medical records was an ongoing discussion with staff at daily huddles on all units. S/he stated, after the observations during the survey of the unsecured WOWs, re-education and monthly audits needed to be done. CNO #1 stated the risk of unsecured WOW's would be the patient's protected information was unsecured. S/he stated the expectation of staff was to follow facility policy and secure WOWs when not in use.