The information below comes from the statement of deficiencies compiled by health inspectors and provided to AHCJ by the Centers for Medicare and Medicaid Services. It does not include the steps the hospital plans to take to fix the problem, known as a plan of correction. For that information, you should contact the hospital, your state health department or CMS. Accessing the document may require you to file a Freedom of Information Request. Information on doing so is available here.

NEW YORK UNIVERSITY LANGONE MEDICAL CENTER 550 FIRST AVENUE NEW YORK, NY 10016 Oct. 16, 2014
VIOLATION: PATIENT RIGHTS: NOTICE OF GRIEVANCE DECISION Tag No: A0123
Based on documents reviewed and interview it was determined that the facility failed to provide a written response to the complainant regarding the verbal complaint made on 9/25/14. (File # 1)
Findings include:
Review of the medical record for this patient, a four year old with a past medical history significant for Blount's disease, presented to RUSK on 8/12/14 following surgery for bilateral repair with Taylor spatial frame with tibial osteotomy. Surgeries for the left and right sides were performed on 7/30/14 and 8/6/14 respectively. The hospital stay was uncomplicated and the patient was discharged home on 8/20/14. Review of file #1 on 10/15/14 noted that on 8/25/14 about 11:30am the patient's mother returned to the outpatient social worker to complain regarding concerns that the patient was exhibiting behaviors that were concerning. However, there was no evidence in (file #1) that the complainant was provided with a written response, actions taken thus far, investigation still ongoing nor an anticipated date of completion.
On 10/16/14 this writer inquired of Staff #1, for written response to the complainant, no response was provided. Additionally, there was no referral for counseling for this patient regarding this alleged incident.
VIOLATION: PATIENT RIGHTS: CONFIDENTIALITY OF RECORDS Tag No: A0147
**NOTE- TERMS IN BRACKETS HAVE BEEN EDITED TO PROTECT CONFIDENTIALITY**

Based on staff interview and the review of documents, it was determined that the hospital did not ensure the confidentiality of patient records. This finding was noted in 2 of 5 medical records reviewed.

Findings include:

Review of medical record for this patient noted that he was admitted on [DATE] for ambulatory surgery. Review of file #2 on 10/16/14 showed that on 8/13/14 the patient's friend picked up and read the patient's medical record that was located at the patient's bedside. It was noted that the patient's medical record contained protected health information which the friend was unaware of.

The hospital failed to secure the patient's medical record from unauthorized access.

2. Review of medical record for this patient noted that she was admitted on [DATE] with complaint of right foot injury. Review of file #3 on 10/16/14 showed that on 9/13/14 an Emergency Department (ED) nurse reported that she witnessed the patient's mother, a staff physician at New York University Hospital, log in to Epic and access patient's medical record.

The audit trail report on accesses made to patient's electronic medical record (EMR) since September 2014 was conducted by Privacy Official. The audit trail revealed that the physician accessed her daughter's medical record on September 13, 2014 to view reports, encounters, medical history, imaging results and orders.

The physician, the patient's mother, was not a part of the patient's treatment team and therefore had no legitimate reason to access her EMR.