Inspection visit
Health inspection
1 citation recorded
Inspector’s narrative
What the inspector wrote
This survey cited 1 deficiency. The full statement and the facility’s plan of correction follow, verbatim from the federal record.
F 0842
Level of Harm - Minimal harm
or potential for actual harm
Residents Affected - Many
Safeguard resident-identifiable information and/or maintain medical records on each resident that are in
accordance with accepted professional standards.
Based on observation, interview, and record review, the facility failed to protect and secure protected health
information (PHI) for residents and private information for staff when two of seven sheds (a simple roofed
structure used as storage space) were broken into on 4/29/25 and was not secured until 5/6/25.
This failure had the potential to result in loss, destruction, or unauthorized use of resident PHI and staff
private information.
Findings:
During a concurrent observation and interview on 5/6/25 at 9:58 a.m. with the Environmental Service
Director (ESD) outside behind the facility, two of seven sheds approximately 10 feet x 15 feet made of wood
did not have locks and one shed did not have a door. The door to the first shed was missing and wide open
with one 8 feet x 10 feet board made of wood standing at a 45 degree angle in front of the shed. The ESD
stated the board was used to cover the entrance. Inside the first shed were two four feet high standard filing
cabinets (specialized storage unit designed to organize and secure records, charts, and other sensitive
information) with four drawers filled with resident medical records containing names, date of birth , social
security number, and medical diagnosis (the patient ' s identified diseases and conditions) and one four feet
high filing cabinet with four drawers four feet wide filled with employee files containing names, license and
certification numbers, vaccination information, and salary (the amount of money a person is paid for
working). The filing cabinets did not have a lock. There were over 200 files dated between 2017 and 2019.
The second shed had a door but no lock and contained physical therapy equipment (devices and tools
used to help patients recover from injuries, disabilities, or chronic conditions to improve mobility, strength,
and overall physical function). The ESD stated the sheds were broken into during the night on 4/29/25. The
ESD stated the sheds have remained unlocked since 4/29/25 and the facility planned to replace the sheds.
The ESD stated he was unaware the sheds contained resident PHI and staff private information. The ESD
stated the PHI and private information should be secured immediately and there was room in a metal shed
with a lock located next to the wooden sheds where the filing cabinets can be stored.
During a concurrent observation and interview on 5/6/25 at 10:38 a.m. with the Medical Records Director
(MRD) inside the first shed, the filing cabinets were accessed with no lock. The MRD stated the files
contained resident PHI and staff private information and should be kept confidential. The MRD stated it was
unacceptable to store PHI and private information in an unsecured location.
During an interview on 5/6/25 at 12:15 p.m. with the Assistant Director of Nursing (ADON), the ADON
stated she was not aware the filing cabinets in the shed contained resident PHI and staff private
(continued on next page)
Any deficiency statement ending with an asterisk (*) denotes a deficiency which the institution may be excused from correcting providing it is determined that other
safeguards provide sufficient protection to the patients. (See instructions.) Except for nursing homes, the findings stated above are disclosable 90 days following the
date of survey whether or not a plan of correction is provided. For nursing homes, the above findings and plans of correction are disclosable 14 days following the date
these documents are made available to the facility. If deficiencies are cited, an approved plan of correction is requisite to continued program participation.
LABORATORY DIRECTOR'S OR PROVIDER/SUPPLIER
REPRESENTATIVE'S SIGNATURE
TITLE
(X6) DATE
FORM CMS-2567 (02/99)
Previous Versions Obsolete
Facility ID:
If continuation sheet
Page 1 of 2
Event ID:
055869
Printed: 05/15/2026
Form Approved OMB
No. 0938-0391
Department of Health & Human Services
Centers for Medicare & Medicaid Services
STATEMENT OF DEFICIENCIES
AND PLAN OF CORRECTION
(X1) PROVIDER/SUPPLIER/CLIA
IDENTIFICATION NUMBER:
(X2) MULTIPLE CONSTRUCTION
055869
B. Wing
A. Building
(X3) DATE SURVEY
COMPLETED
05/06/2025
NAME OF PROVIDER OR SUPPLIER
STREET ADDRESS, CITY, STATE, ZIP CODE
Valley Skilled Nursing Center
515 East Orangeburg Avenue
Modesto, CA 95350
For information on the nursing home's plan to correct this deficiency, please contact the nursing home or the state survey agency.
(X4) ID PREFIX TAG
SUMMARY STATEMENT OF DEFICIENCIES
(Each deficiency must be preceded by full regulatory or LSC identifying information)
F 0842
Level of Harm - Minimal harm
or potential for actual harm
information. The ADON stated the facility was required to keep resident PHI and staff private information
protected and secure because of HIPAA (Health Insurance Portability and Accountability Act - a federal law
enacted in 1996 that establishes national standards for protecting the privacy of individuals' identifiable
health information). The ADON stated it was unacceptable to store PHI and private information in an
unprotected and unsecured location.
Residents Affected - Many
During an interview on 5/6/25 at 12:17 p.m. with the Director of Nursing (DON), the DON stated the sheds
were broken into on 4/29/25 and she was not aware the filing cabinets contained resident PHI and staff
private information. The DON stated the sheds should have been secured immediately after it was
discovered that the sheds were broken into. The DON stated anyone could have access to the files and it
was unknown if files were stolen. The DON stated it was unacceptable to store PHI and private information
in an unsecured location.
During an interview on 5/6/25 at 11:52 a.m. with the Administrator (ADM), the ADM stated the sheds were
broken into on 4/29/25 and the facility planned to replace the sheds. The ADM stated he was not aware the
filing cabinets in the first shed contained resident PHI and staff private information. The ADM stated the
previous Human Resources Manager informed him the sheds did not contain PHI and private information
on 4/29/25. The ADM stated staff should have inspected the filing cabinets to ensure that all PHI and
private information were protected and secure. The ADM stated PHI was regulated by HIPAA and the
facility was required to protect and secure it. The ADM stated it was unacceptable not to secure the sheds
and the filing cabinets immediately after the break in.
During a concurrent observation and interview on 5/6/25 at 12:20 p.m. with the DON and ESD inside the
metal shed located next to the wooden sheds, the filing cabinets with resident PHI and staff private
information were relocated and stored. The metal shed was secured with a lock on the door. The DON
stated the filing cabinets will remain in the metal shed to protect resident PHI and staff private information.
The ESD stated the filing cabinets will remain in the metal shed until the facility replaced the broken sheds.
During a review of the facility ' s policy and procedure (P&P) titled, Protected Health Information (PHI),
Management and Protection of, dated 4/2014, the P&P indicated, Policy Statement: Protected Health
Information (PHI) shall not be used or disclosed except as permitted by current federal and state law. Policy
Interpretation and Implementation: 1. It is the responsibility of all personnel who have access to resident
and facility information to ensure that such information is managed and protected to prevent unauthorized
release or disclosure .
During a professional reference review retrieved from
https://www.hhs.gov/hipaa/for-professionals/privacy/index.html#:~:text=The%20HIPAA%20Privacy%20Rule%20establishe
The HIPAA Privacy Rule, dated 9/27/24, the professional reference indicated, The HIPAA Privacy Rule
establishes national standards to protect individuals' medical records and other individually identifiable
health information (collectively defined as protected health information) and applies to health plans, health
care clearinghouses, and those health care providers that conduct certain health care transactions
electronically. The Rule requires appropriate safeguards to protect the privacy of protected health
information and sets limits and conditions on the uses and disclosures that may be made of such
information without an individual ' s authorization .
FORM CMS-2567 (02/99)
Previous Versions Obsolete
Event ID:
Facility ID:
055869
If continuation sheet
Page 2 of 2
Reading this as a family member? Your long-term care ombudsman is a free advocate for residents and families.
Back to topCitations
1 citation recorded*CMS
What do CMS severity letters mean?
Serious (G-L). Actual harm to a resident, or immediate jeopardy. Codes G through I indicate actual harm; J through L indicate immediate jeopardy to resident health or safety.
General (A-F). No actual harm found, or harm that is minimal. The facility must still submit a Plan of Correction. Most CMS citations land here.
Each letter combines severity with scope: how many residents the deficiency affected.
F842 - Resident-identifiable information
Safeguard resident-identifiable information and/or maintain medical records on each resident that are in accordance with accepted professional standards.
FAQ · About this visit
Common questions about this visit
What happened during the May 6, 2025 survey of VALLEY SKILLED NURSING CENTER?
This was a inspection survey of VALLEY SKILLED NURSING CENTER on May 6, 2025. The surveyor cited 1 deficiency, recorded on the federal Form 2567 statement of deficiencies.
Were any deficiencies cited at VALLEY SKILLED NURSING CENTER on May 6, 2025?
Yes, 1 deficiency was cited, each with a CMS Scope and Severity grade. The first was: "Safeguard resident-identifiable information and/or maintain medical records on each resident that are in accordance with..."
What type of survey was this?
This was a inspection survey conducted by state surveyors under federal Centers for Medicare & Medicaid Services (CMS) oversight. Findings are published on CMS Care Compare.
SourceView on CMS Care Compare
Next steps
Concerned about a resident’s care?Find your local ombudsman through the Eldercare Locatoror file a complaint with your state survey agency.
Researching this visit professionally?Book a 15-minute calland we will walk through what we have on file.
Data from CMS Care Compare public records. Dataset last refreshed . If you believe any information is inaccurate, report it here.