The information below comes from the statement of deficiencies compiled by health inspectors and provided to AHCJ by the Centers for Medicare and Medicaid Services. It does not include the steps the hospital plans to take to fix the problem, known as a plan of correction. For that information, you should contact the hospital, your state health department or CMS. Accessing the document may require you to file a Freedom of Information Request. Information on doing so is available here.

Based on observations, interviews and facility document review, the facility failed to ensure patient care in a safe setting as evidenced by the facility's lack of mechanisms in place to monitor persons entering the hospital after visiting hours, and failing to implement corrective action when internal threats were identified for 2 of 2 internal threat incidents, one of which being the fatal stabbing of patient #9.

The findings include:

Review of the hospital's risk management program revealed two internal threat incidents that had occurred at the hospital.
Incident #1 occurred in the facility on 10/31/17 and involved a patient's report of a visitor with a gun. This incident was discovered during the review of the Risk Management Programs documentation which included a copy of "Brief Bites," a newsletter that was disseminated to staff via e-mail. The November 2017 copy of Brief Bites included a full page statement from the Chief Operating Officer (COO) titled "Code Lockdown Event 10/31". The statement included details of an incident that occurred in the facility on 10/31/17, in which a code lockdown was announced via the facility-wide paging system. The lockdown was the result of a patient's report of a visitor "brandishing" a gun. The facility was put on lockdown until the staff could ensure the visitor had left the building. Included in this statement, the COO identified that staff needed clarification of their roles when codes such as "lockdown" or "silver" were called. As a result, he offered "a few key takeaways from the event" in the newsletter, which stated, "we will be developing an emergency preparedness practice schedule in 2018 so that we gain experience responding to such events in the safest possible way. This will include, but not be limited to, potential events such as mass casualty, active shooter, code pink, etc."

Incident #2 occurred in the facility on 02/23/2018, and involved an incident where a visitor entered the hospital, after visiting hours, via the emergency department (ED) and made his way to the patient care floor where he then fatally stabbed his mother. This incident was discovered upon review of the Code 15 Report submitted to the Agency for Health Care Administration on February 27, 2018.

On 02/27/2018 a "Code 15" report was filed with the Agency for Healthcare Administration by the facility to report the fatal stabbing that occurred in the facility on 02/23/18. The Code 15 report indicated the facility had started a root cause analysis to investigate the events leading up to the incident, and to review the facility's processes to prevent or reduce possible reoccurrence.

On 03/05/2018 beginning at approximately 11:40am, an interview was conducted with Staff J, a registered nurse (RN), regarding the facility's visitation policy. Staff J stated she didn't normally question family that came in after hours and that visitors were not required to sign-in when visiting after the 9:00pm, the time visitation hours ended. Staff J stated she did not remember the last time she had hospital codes training, but thought it was when she was hired. She indicated she had concerns for her safety.

On 03/05/2018 beginning at approximately 11:50am, an interview was conducted with Staff K, a RN. Staff K stated that visiting hours ended at 9:30pm and that an announcement was made overhead, but that visiting hours were not enforced. Staff K stated she had found out about the incident that occurred on 2/23/18 two days after it occurred, when she came into work. She stated she had received no training since the incident, and couldn't remember when they had last had code training, but knew it was done upon hire and stated they had the codes listed on the back of their badges.

On 03/05/2018 beginning at approximately 12:45pm, an interview was conducted with Staff E, the Director of Plant Operations. Staff E stated that "visitors come through the emergency department after 9:00pm, and there was not a sign-in and out procedure, but that would be changing, though he was not sure when. He reported that security did sit with patients whenever there was a lack of sitters, but only for violent or security risk patients and for Baker Acted patients.

On 03/05/2018 beginning at approximately 1:00pm, an interview was conducted with Staff L, a RN. Staff L stated that visiting hours stopped at 9:00pm and all doors were locked at that time except for in the emergency department. Staff L said that someone in the ED had to let visitors in after 9:00pm. Staff L stated she was made aware of the incident that occurred on 2/23/18 by a co-worker a couple of days following the incident. Staff L was asked if additional training or education was provided after the incident, and stated they had discussed the incident for about 30 minutes, but was not aware of any additional training or changes that were made.

On 03/05/2018 beginning at approximately 1:15pm, an interview was conducted with Staff M, a RN. Staff M was informed of the incident that occurred on 2/23/18 by email, and there had been no additional training provided since the incident. Staff M indicated visiting hours were from 8am to 9pm, and when visiting hours were ending, an overhead announcement was made to inform visitors. Staff M stated that family members did stay overnight with patients frequently and could come and go through the ED after visiting hours. Staff M stated visitors were sometimes given stickers, but that didn't always happen, and that visitors didn't normally stop at the nurses' station, nor were they required to.

On 03/05/2018 at approximately 1:45pm, an interview was conducted with patient #5. Patient #5 stated his brother was staying overnight with him and could come and go as he pleased with no interruptions from staff. He also stated he had a couple of buddies that had come in to visit the previous night (3/4/18) at 3:00am. The patient said they were not wearing visitor badges on when they came in, and that no one had stopped them or asked who they were coming to visit. They just came in through the emergency room .

On 03/05/2018 beginning at approximately 2:00pm, an interview was conducted with Staff G, the Director of Oncology. Staff G was asked about the facility's visitation policy, and stated that around 9:00pm nightly, an announcement was made that visiting hours were ending. She also stated the hospital did not ask for identification and were not required to stop at any nursing stations. Staff G stated that the facility had increased security after the incident on 2/23/2018, and that security makes rounds 2 to 4 times a shift. She stated that each unit was equipped with a security button, that alerted there was an incident taking place and to come right away, but had not been used the night of 02/23/2018, and security had been contacted by telephone to respond to the incident. Staff G stated that no extra training had been provided for staff, and the facility had not addressed anything differently at that moment.

On 03/05/2018 beginning at approximately 2:20pm, an interview was conducted with Staff N, a RN. Staff N stated visiting hours ended around 8:30pm, and an announcement was made to alert visitors that the main door would be closed at 9:00pm. When asked about the facility's afterhours procedure, staff N stated that if a family member wanted to visit after hours, they would come in through the ED. They would be asked who they were there to see, and then receive a badge to enter the hospital. The ED staff would then push a button for the visitor to enter the hospital through a locked door. Staff N also confirmed that elevators were accessible, even the service elevator. Staff N also stated that there had not been any training received by the staff in response to the incident.

On 03/05/2018 beginning at approximately 4:00pm, hospital administrative staff, including the risk manager, were interviewed. The risk manager had no idea what the process was in the ED for visitors after hours and said there was no policy to address afterhours visitation. The COO, who was also responsible for direct oversight of the security department, was also unaware of any policies and procedures related to afterhours visitation for patients within the hospital. The risk manager was asked about what action had been taken by the facility, in which she stated they had started a root cause analysis and had increased security. She confirmed there had been no other action taken by the facility in regards to either of the internal threat incidents that had occurred on 10/31/17 or 2/23/18. The facility was not able to provide any additional documentation to determine where they were in the root cause analysis process. The COO indicated that the root cause analysis was a "fluid" analysis and was ever changing. The COO stated the administrators of the hospital met on 02/27/2018 to begin implementation of the root cause analysis and had drafted a security action plan. None of the documents presented by the hospital were dated, and the COO admitted that some of the plan was added and implemented after the survey team entered the facility to conduct their review, including implementation of a stationed security guard in the ED to log and badge visitors after 9:00pm.

A review of the security schedule was conducted to verify the facility's increase in security. Documentation identified that security was increased from 3 security guards to 5-7 guards for 2 days only, and then went back to 3 security guards.

The facility's Risk Manager (RM), Staff A, was interviewed on 03/06/2018 at approximately 8:30am about the Code 15 report and where the facility was on their investigation and actions to reduce risk and increase patient safety. The RM reviewed a copy of the Code 15, which identified the facility's plan to "double security officers onsite with continuous rounding throughout the hospital, review visitation policy and associated processes for visitation hours, and review of current code alerts and staff education." The RM stated the facility's investigation was ongoing, and that they had not put any formal corrective actions in place since either of the internal threat incidents (10/31/2017 and 02/23/2018). She was able to confirm that security had been temporarily increased in the hospital following the 02/23/2018 incident, but was not able to demonstrate that any of the other items listed on the Code 15 report had been looked at or addressed by the facility.

On 03/06/2018 beginning at approximately 10:00am, the video surveillance footage from 02/23/2018 was reviewed. The surveillance video showed the patient's son entering the ED on 02/23/2018 at approximately 09:52pm, after visiting hours, and was wearing sunglasses, carrying rosary beads and was wearing a hospital identification (ID) bracelet. ED staff were witnessed on the video surveillance, but failed to acknowledge or question who the son was, or who he was there to see. He was able to access the hospital through a door in the ED that was opened by a visitor who was exiting the hospital via the same door. No staff identified that the son had entered the hospital. Once the son reached the 4th floor, he passed by the main nursing station before stopping at the nursing substation to retrieve some gloves, and then entering his mother's hospital room. None of the 4th floor staff, observed on the video, stopped the son or questioned the son, despite the fact he was wearing sunglasses, carrying rosary beads and was wearing a hospital ID bracelet.

On 03/06/2018 beginning at approximately 6:40am, an interview was conducted with Staff O, a registered nurse (RN) who worked the 7pm-7am shift on the 4th floor. She stated that visiting hours were up until 9:00pm, but there were often visitors after 9:00pm. She stated she was not sure what the process for afterhours visitation was, but stated she knew the visitors had to come through the ED because the front door was locked at 9:00pm. She stated that she had been working at the hospital for about two years and that she believed she had received training on hospital "codes" at the time she was hired, but stated that the codes were listed on the back of their badges.

On 03/06/2018 beginning at approximately 7:00am, an interview was conducted with Staff P, the charge nurse for 7pm-7am shift on the 4th floor. Staff P stated that the visiting hours were up until 9:00pm and that about 30 minutes before then, an announcement was made that visiting hours were ending at 9:00pm. Anyone entering or leaving the hospital after 9:00pm had to go through the ED. Staff P did not know what the process was for visitors who came in after hours, but stated that as a result of the incident on 2/23/18, the ED was checking in visitors and putting more focus on who is entering the building after hours.

On 03/06/2018 beginning at approximately 7:15am, an interview was conducted with Staff Q, a RN who works the 7pm - 7am shift on the 4th floor. He stated that the mother, patient #9, had been a patient on the floor numerous times and was well known to staff. He stated he had seen the patient's son once before, on a previous admission. He said the night of the incident, the son came in and never made eye contact with anyone. He stopped and grabbed some gloves that were at the nursing substation, and then disappeared into this mother's hospital room. He stated he was in the nursing substation with Staff V, who was the nurse for patient #9 that night. He stated the patient's heart rate shot up to 170 beats per minute, and then went back to her normal 100. Staff V thought maybe the son had upset the patient and went to get her some medication and check on her. He stated that shortly after that, the medical emergency button for the room of patient #9 was activated, and he along with another nurse grabbed the crash cart and began heading towards the patient's room, while a certified nursing assistant (CNA) went to alert security. He said they got the crash cart to the patient's room when they realized they had passed the patient's son in the hallway. He stated there was no internal threat code called overhead.

On 03/06/2018 beginning at approximately 1:10pm, a telephone interview was conducted with Staff R, the Security Guard who responded to the incident on 02/23/2018 at 10:00pm. Staff R stated her duties included watching Baker Act patients, locking up the lobby, monitoring the halls, lobby and stairways, and responding to emergencies and codes called. She stated that door checks were performed by scanning labels on the doors, that any occurrences were documented in an incident report, and any codes they respond to should be written-up. Staff R stated she was notified on 02/23/2018, by radio, that "security was needed on the 4th floor immediately." She said she had no idea what the situation was and that when she arrived to the 4th floor, it looked like a patient trying to leave, as she saw the hospital wristband on the wrist of the son and he had on hospital socks." She stated she thought the son was a patient and that he was trying to leave after being under a Baker Act. She was informed of the situation once she encountered the son and staff members at the elevator. She then called for additional back-up, and another security guard and law enforcement arrived a few minutes later. She was asked about the different types of codes that were called in the facility, and stated "we don't get training or review the codes very often." Staff R was asked about security in the ED, and how visitors were monitored after visiting hours. She stated that security really didn't have a role in the process for afterhours visiting, and she was not aware if afterhours visitation monitoring even occurred or who would be responsible for that.

On 03/07/2018 beginning at approximately 3:45pm, a telephone interview was conducted with Staff V, the nurse caring for patient #9. Staff V had been off work following the incident and returned on 03/05/2018. She stated she had not met patient #9's son before, so she did not know who the son was when he came onto the floor, and stated he did not speak to anyone. She confirmed visitors were often on the floor after hours, and she was aware that visitors came through the ED. She stated that visitors after hours did not wear badges. She stated that the hospital's main doors were locked after hours; however, the doors from the ED into the admission area on the 2nd floor were not locked, and that her boyfriend had entered through those doors when he had brought her food during her shift many times. She reported that in the past, while visiting her mother at the hospital, she was able to enter the hospital after hours just by telling the staff at the desk that she was visiting her mom who was on the 8th floor and the employee just let her back. She stated she did not feel safe working at the hospital since the incident and that the only change that had been made was that security now sat in the ED and issued badges to visitors, which she discovered upon her return to work on 3/5/18. She stated she did not think a sign-in sheet would be effective and she had concerns. She stated she thought there needed to be more security guards at the hospital, as two was not enough, and she only sees security once a night, or maybe twice sometimes during her shift. She confirmed a code had not been called on the night of the incident.

A follow-up interview was conducted with the COO on 03/09/2018 at approximately 12:45 PM. He was asked if the practice simulations he discussed in the Brief Bites Newsletter, after the October 2017 incident, had been put into place and stated, "not at this time."
Based on interviews and facility record review, the facility failed to demonstrate a Quality Assurance and Performance Improvement (QAPI) program that included all services furnished under contract or arrangement, by failing to complete and analyze information from their contracted security company and include this information in their QAPI program to achieve the facility's 2018 quality goals.

The findings include:

The facility's performance improvement plan for 2018 was reviewed. The objectives in the plan included to provide a structure that supported the use of data in a planned and systematic manner to assess the effectiveness and safety of the care provided to the patients they serve; Facilitate the integration of safety and risk reduction to patient care, and into the design and redesign of all relevant organization process, functions, and services; Establish priorities for improvement work based on data, emerging trends and areas with high risk, high volume, or problem prone characteristics. The plan identified involvement from all departments of the hospital including the Environment of Care Committee (EOC), which reviews the management of the environment as defined by the Florida Department of Health (DOH) rules and regulations and utilizing the Joint Commissions/Centers for Medicare and Medicaid Services standards for important functions.

On 03/09/2018 beginning at approximately 10:00am, an interview was conducted with the Vice President of Quality, Staff Y, regarding the QAPI program and how contracted services were evaluated for appropriateness, specifically related to security. Staff Y stated that contracted services would be evaluated monthly by the EOC (Environment of Care Committee) and security would fall under the environment of care plan. Staff Y stated that review of contracted security services was not a part of QAPI, and patient safety was discussed as part of the Patient Safety Committee. Staff Y stated the COO (Chief Operating Officer) was over the EOC Committee.

A review of the EOC monthly meetings showed the facility did have a section for review of "Quarterly Reporting - Safety Management; Security Management." The Quarterly report from the contracted security company identified the number of "codes or calls that security responded to, with a break down to identify what the codes were. This information was produced from daily reports provided by security guards and then tallied. A review of several of the daily reports that were used to comprise this data were missing information with some blank shift reports. There were also identified inconsistencies within these monthly reports, including indication on the form for the month of October 2017 that security responded to zero (0) acts of violence or calls concerning weapons in the facility; however, previous review of risk management documents showed the facility did have an incident that month, on October 31, 2017 concerning a visitor with a handgun, resulting in the hospital being placed on lockdown.

On 03/09/2018 beginning at approximately 11:00am, an interview was conducted with Staff E, the Director of Plant Operations, who was also over security. Staff E stated he gathered the information that was presented during the monthly Environment of Care Committee meetings. Included in the meetings, on a quarterly basis, was a report produced by the facility's contracted security vendor. The report provided an account of the number of incidents/actions taken by security, and were tallied by month and presented during the meeting. The Director of Plant Operations was not able to identify what was done with this information and the purpose of it, or if any actions had been implemented based on any of the data collected.

On 03/09/2018 beginning at approximately 12:45pm, an interview was conducted with the Chief Operating Officer (COO), who was the lead on the EOC committee. When asked how contracted services, in particular security, were reviewed for appropriateness of services, he stated, "we look at reliability of resources and availability of those resources." He further stated there was no documented evaluation of security that he was aware of, and would have to defer that to the Director of Plant Operations.

On 03/09/2018 at approximately 1:15pm, a follow-up interview was conducted with the Director of Plant Operations regarding a review of the contracted services provided by the security vendor. He stated there was no information presented to QAPI on appropriateness of services provided, nor was he able to demonstrate this occurring in the EOC meetings.