Health inspection·September 2, 2025

F 0583 Keep residents' personal and medical records private and confidential. Level of Harm - Minimal harm or potential for actual harm Based on the review of clinical records, facility documentation, and staff interviews, it was determined that the facility failed to protect the confidentiality of medical records for one of three records reviewed. (Resident R1) This was cited as past non-compliance.Findings Include:Review of an undated facility policy Medical Records Policy revealed that Wyncote Care Center maintains accurate and confidential medical records for all residents in compliance with federal and state regulations. The facility ensures secure storage, proper retention, and lawful release of medical records in accordance with CMS (Centers for Medicare & Medicaid Services).3. Release of Information:- Medical records will be released only in accordance with applicable federal and state privacy laws (e.g., HIPAA).- Records may be released to:- The resident.- The resident's legally authorized representative (e.g., Power of Attorney, legal guardian).Healthcare providers involved in the resident's care.- Regulatory agencies and authorities as required by law.- Other parties only with a valid, signed authorization from the resident or their legalrepresentative.- All requests for records must be submitted in writing and will be processed in a timelymanner.-A fee may be charged for record copies in accordance with facility policy and state law.- Documentation of all record releases will be maintained, including the request,authorization (if applicable), date of release, and recipient details. Review of facility reported incident dated August 1, 2025, revealed that Facility made aware that another family received the wrong medical records, causing a HIPAA breach.Further review of the facility reported incident revealed that NHA notified POA of the HIPAA breach, and assistance was extended for any identification protection measures. In addition, the family member who was accidentally given wrong record is scheduled to return the document for proper management.Interview with the Administrator on September 2, 2025, at 12:30 p.m. revealed that the staff provided the wrong record, record of Resident R1, to Resident R2's representative. Facility could not find out what information was provided; however, it was informed by Resident R2's representative that information such as social security number and date of birth was part of the privacy breach. The administrator also confirmed that the facility medical record request process was not followed. This deficiency was cited as past non-compliance. Review of facility Action plan/Follow up documentation revealed the following information. 1. Facility administrator notified the affected resident's (R1) POA(power of attorney) of the possible HIPAA breach, and extended assistance or resources as a result of the breach. In addition, R2 POA (the family who received R1's medical information) was asked to return the documents back to the facility, so it can be properly discarded.2. The Concierge program was utilized in order to monitor other potential breaches of medical information. Since the facility was unable to determine who provided the record, facility administration had to ensure that facility is quick to identify anyone else, if effected. Facility did not identify others effected, and this was an isolated incident. 3. Training was provided for staff on proper Medical Record Request policy and process. Forms were made available for future medical records requests.4. Monthly QAPI and weekly concierge discussions review any medical records requests. Residents Affected - Few (continued on next page) Any deficiency statement ending with an asterisk (*) denotes a deficiency which the institution may be excused from correcting providing it is determined that other safeguards provide sufficient protection to the patients. (See instructions.) Except for nursing homes, the findings stated above are disclosable 90 days following the date of survey whether or not a plan of correction is provided. For nursing homes, the above findings and plans of correction are disclosable 14 days following the date these documents are made available to the facility. If deficiencies are cited, an approved plan of correction is requisite to continued program participation. LABORATORY DIRECTOR'S OR PROVIDER/SUPPLIER REPRESENTATIVE'S SIGNATURE TITLE (X6) DATE FORM CMS-2567 (02/99) Previous Versions Obsolete Facility ID: If continuation sheet Page 1 of 2 Event ID: 396120 Printed: 05/15/2026 Form Approved OMB No. 0938-0391 Department of Health & Human Services Centers for Medicare & Medicaid Services STATEMENT OF DEFICIENCIES AND PLAN OF CORRECTION (X1) PROVIDER/SUPPLIER/CLIA IDENTIFICATION NUMBER: (X2) MULTIPLE CONSTRUCTION 396120 B. Wing A. Building (X3) DATE SURVEY COMPLETED 09/02/2025 NAME OF PROVIDER OR SUPPLIER STREET ADDRESS, CITY, STATE, ZIP CODE Wyncote Care Center 208 Fernbrook Avenue Wyncote, PA 19095 For information on the nursing home's plan to correct this deficiency, please contact the nursing home or the state survey agency. (X4) ID PREFIX TAG SUMMARY STATEMENT OF DEFICIENCIES (Each deficiency must be preceded by full regulatory or LSC identifying information)