HospitalInspections.org

Based on observation, staff interview and document review, the Critical Access Hospital (CAH) radiology management staff failed to ensure radiology staff tested 2 of 2 disinfecting solutions (Cidex OPA) for efficacy before each use as required by the manufacturer. The CAH radiology staff identified an average of 60 ultrasound procedures per week.

Failure to test the disinfecting solutions prior to each use could result in the disinfecting solution not containing a sufficient strength of the active ingredient to kill all microorganisms, potentially resulting in the spread of infectious microorganisms between patients.

Findings include:

1. Observations during a tour of the Radiology Department ultrasound room on 3/21/12 at 1:25 PM, revealed 1 of 1 Cidex OPA testing logs containing information showing the ultrasound staff tested the Cidex solution daily for sufficient strength to kill microorganisms.

2. During an interview on 3/21 at 2:35 PM, Staff D, Radiology Director stated the radiology staff test the Cidex once a day, before completing ultrasound exams. Staff D acknowledged the radiology staff did not follow manufactures guidelines in testing the Cidex solution prior to each use.

3. During an interview on 3/21 at 1:25 PM, Staff C, Ultrasound Technologist said staff test the Cidex solution 1 time a day prior to using the solution for disinfecting equipment. Ultrasound staff do not test the Cidex solution between patients if completing more than one pelvic ultrasound a day.

4. Review of the policy "Ultrasound Probes", effective 3/12, revealed a lack of guidance for staff to test the Cidex OPA solution prior to each use and between each patient.

5. Review of the manufacturer's directions for Cidex, revealed in part... "Concentration of this product during its reuse life must be verified by the Cidex OPA Solution Based Test Strip prior to each use to determine the efficacy of the solution."

Based on observation, policy and document review, and staff interviews, the Critical Access Hospital (CAH) Health Information staff failed to ensure security of medical records stored in the basement of the hospital against unauthorized access.

The Chief Nursing Officer reported an average daily census of approximately 8 patients.

Failure to secure medical records against unauthorized access could result in identify theft or unauthorized disclosure of personal and medical information.

Findings include:

1. During an interview on 3/21/12, at 3:30 PM, Staff F, Director of Facilities said the northeast corner of the hospital basement contained a variety of closed medical records stored on shelving units.

2. During a tour of the hospital basement on 3/22/12 at 8:10 AM, accompanied by Staff F,
revealed the following:

a. 2 boxes containing information including but not limited to patients' names, dates of birth, social security numbers, confidential patient information, and cardiac stress test results. Staff F said the boxes contained "hundreds" of closed medical records. Staff F acknowledged 7 of 7 maintenance staff could access information contained in the boxes and did not have a need to know the patient's medical information.

b. 1 box containing pediatric patient information including but not limited to patients' names, dates of birth, social security numbers and confidential patient information. Staff F said the box contained approximately 3 dozen medical records. Staff F acknowledged 7 of 7 maintenance staff could access information contained in the boxes and did not have a need to know the patients' personal and medical information.

c. 2 boxes containing information including but not limited to patients' names, dates of birth, social security numbers and confidential patient information. Staff F said the boxes contained "hundreds" of closed medical records. Staff F acknowledged 7 of 7 maintenance staff could access information contained in the boxes and did not have a need to know the patients' personal and medical information.

d. 6 boxes containing information including but not limited to patients' names, dates of birth, social security numbers and confidential patient information. Staff F said the boxes contained "hundreds" of closed medical records. Staff F acknowledged 7 of 7 maintenance staff could access information contained in the boxes and did not have a need to know the patients' personal and medical information.

2. Review of documentation provided by the staff, dated 3/22/12, revealed in part, "The NE (northeast) corner of the hospital basement has medical records being stored. Maintenance staff has access to the basement to check heating and cooling equipment on a daily basis...All records currently stored in the basement will be moved to a room in 14 days. This room will be secured with access limited to Medical Records staff only. The departments affected by this move will be notified any and all future access to their records must be coordinated through the Medical Records Director or assigned Medical Records staff."

3. Review of policy, "Confidentiality" revision date 12/11, revealed the following in part, ..."Data Security Classification...recommended guidelines regarding how...information should be...stored...secured...access limited to need-to-know basis...information is very sensitive and should be closely controlled from creation to destruction...all primary health records should be housed in physically secure areas under the immediate control of the Director of the Health Information Management Services."

4. During an interview on 3/22/12 at 9:45 AM, Staff E, Director of Medical records said health information staff went to the basement to determine what medical records were there 3 months ago but did not move any of the medical records at that time. Staff E acknowledged maintenance staff could access the medical records in the basement and did not have a need to know the patients' personal and medical information. Staff E confirmed the hospital medical records department staff failed to follow the confidentiality policy."