The information below comes from the statement of deficiencies compiled by health inspectors and provided to AHCJ by the Centers for Medicare and Medicaid Services. It does not include the steps the hospital plans to take to fix the problem, known as a plan of correction. For that information, you should contact the hospital, your state health department or CMS. Accessing the document may require you to file a Freedom of Information Request. Information on doing so is available here.

EASTERN STATE HOSPITAL 1350 BULL LEA ROAD LEXINGTON, KY Sept. 2, 2011
VIOLATION: PATIENT RIGHTS: FREE FROM ABUSE/HARASSMENT Tag No: A0145
Based on interview and policy review it was determined the facility failed to ensure prompt notification of potential abuse or harassment to one of its patients (Patient #4), as evidenced by an employee, Mental Health Associate (MHA) #8 failing to follow reporting protocol required in facility policy "General Hospital Policies, Section 3, Risk Management and Safety".

The findings include:

Review of facility policy "General Hospital Policies, Section 3, Risk Management and Safety" subsection A.2.g., on 08/25/11, revealed one of the components the facility developed to effectively protect Patients from harm was that any incident of abuse or harassment would be reported. Review of the "Orientation Competency Packet" revealed one of the items on the Competency Checklist under Patient Safety was "Reporting Caregiver Abuse."

Interview with MHA #8, on 08/25/11 at 2:50 PM in the Gragg 2 Conference Room, revealed on 08/22/11, she was in Patient #4's room and witnessed MHA #6 "flipping the mattress" to get two patients out of bed, Patients #4 and #13. MHA #8 stated she thought this action by MHA #6 was rough and inappropriate; however, MHA #8 had not reported the incident to Nursing Supervisors or Risk Management, three (3) days after the alleged event.

Interview with the Director of Nursing, on 09/02/11 at 4:26 PM in the Gragg 1 Dining Room, revealed staff should alert the Nurse Manager or Supervisor immediately if any inappropriate behavior is witnessed. Interview with the Hospital Administrator, on 09/02/11 at 5:00 PM in her office, revealed MHA #6 's employment with the facility had been terminated.
VIOLATION: PATIENT RIGHTS: CONFIDENTIALITY OF RECORDS Tag No: A0147
**NOTE- TERMS IN BRACKETS HAVE BEEN EDITED TO PROTECT CONFIDENTIALITY**

Based on interview, record review, and policy review it was determined the facility failed to protect the confidentiality of patient information as evidenced by the unauthorized release of patient information by the Physician for Patient #17.

The findings include:

Review of the facility policy "General Hospital Policies, Section 10, Privacy Policies" revealed in subsection D, Release of Information, that any medical information may be disclosed by an employee of the facility only to those persons authorized to receive such information, either through the written consent of the Patient, an authorized representative (Guardian), or as otherwise authorized by law, which would make the Guardian's signature required for the release.

Record review revealed Patient #17 was admitted to the facility on [DATE] and further review revealed Patient #17 had a Court Appointed Legal Guardian upon admission. Review of Patient #17's medical record, on 08/29/11, revealed there was a "Consent to Release Verbal Information" form, signed by Patient #17, on 07/24/11, which listed her mother on the authorized contact list. However, at the bottom of this form it stated the signature of the Guardian was required before information was released; there was no Guardian signature on this form. The review of the record also revealed there was no "Authorization for Release of Information" form on this record.

Interview with Patient #17's Guardian, on 08/26/11 at 9:15 AM per telephone, revealed the facility had contacted Patient #17's mother without an authorization to release information about the patient given by the Guardian.

Interview with the Physician of Patient #17, on 09/01/11 at 3:45 PM at the Gragg 3 Nurses Station, revealed he contacted Patient #17's mother by conference telephone call with himself, the mother, and Patient #17 on 07/26/11. Patient #17 was discharged on [DATE] to his/her mother's home despite the Guardian's desire and the Physician's desire that he/she be a "voluntary admission". Patient #17's Physician also stated Patient #17 did not meet criteria for a continued involuntary, court-ordered admission

Interview with the Director of Social Work, on 09/01/11 at 2:10 PM in Room 130, revealed that staff should not give out information unless there was an "Authorization for Release of Information" that had been properly signed. She further revealed that she, along with other staff, had been appropriately trained in confidentiality and release of information.

Interview with the Hospital Director and the Risk Manager, on 09/01/11 at 3:25 PM in Room 130, revealed this had been a unique situation where the Guardian and Patient #17 disagreed on who could receive information. Because of this event, the facility had revised the forms for release of information. Now the formal "Authorization for Release of Information" would be used in all situations, and a signed copy would be in the chart before information would be released to anyone.

Interview with the Director of Nursing, on 09/02/11 at 4:26 PM in the Gragg1 Dining Room, revealed she believed staff knew not to release information unless the appropriate forms were in the medical record. She also confirmed the process had been changed within the last two weeks to eliminate the "Consent to Release Verbal Information" form and to use the more formal "Authorization for Release of Information" form. She further stated instead of putting these authorizations in binders, they would be placed in the front of the medical record. She revealed staff, including Physicians, were inserviced on this change by e-mail.

Review of Patient #17's Physician's personnel file, on 09/02/11, revealed he received "HIPAA goes Hitech" training on 04/21/10. The content of this training dealt with information concerning protected health information and explaining HIPAA (Health Insurance Portability and Accountability Act).