676220
01/16/2026
Granite Mesa Health Center
1401 Max Copeland Dr Marble Falls, TX 78654
F 0583
Keep residents' personal and medical records private and confidential.
Level of Harm - Minimal harm or potential for actual harm
Based on observation, interview, and record review, the facility failed to ensure that each resident has the right to secure and confidential personal and clinical records for 1 of 34 residents (Resident #1) reviewed for Privacy and Confidentiality. The facility failed to ensure Resident #1's clinical records were protected from being viewed by unauthorized persons when CMA A left Resident #1's personal information visible on the computer's screen on unattended medication cart. This failure could place residents' personal information at risk of being exposed to unauthorized individuals. The findings included: Observation on 1/16/2026 at 9:42 a.m., revealed the computer screen on CMA A's medication cart on 400 Hall was open and unlocked, with Resident #1's medication administration information displayed and visible to unauthorized individuals, including visitors or other residents not observed at that time. During an interview on 1/16/2026 at 9:46 a.m. with CMA A, she stated she was in-serviced on HIPAA a few months ago which included instructions on not discussing residents' private clinical information with unauthorized individuals and locking the computer screen when stepping away from the medication cart. She stated everybody who worked with charting computers were responsible for closing and locking it when not in attendance. She stated that leaving the screen unlocked with clinical information displayed could be harmful for residents as anybody could see it. She stated she was at fault for not locking the computer. During an interview on 1/16/2026 at 12:23 p.m. with RN B, she stated CMA A was responsible for shutting down and locking the charting computer's screen when CMA A left the medication cart. She stated RN B completed HIPAA training annually. She stated everybody who worked with residents' private information and used charting computers were responsible for closing the screen when leaving the computer unattended. She stated leaving a computer without minimizing the computer screen could expose residents' private medical information to other residents or family members. During an interview on 1/16/2026 at 12:30 p.m. with LVN C, she stated staff who work with residents' personal information were responsible for shutting down the charting computers' screen when they needed to leave. She stated she received HIPAA training several months ago, but she could not recall the exact date. LVN C stated leaving a computer screen without locking the screen could lead to exposing residents' private medical information to unauthorized people and residents' privacy would be violated. During an interview on 1/16/2026 at 12:41 p.m. with DON, he stated the facility's policy was to minimize the charting computers' screens when stepping away. He stated that if the screen was not minimized, someone could have unauthorized access to private clinical information displayed on the screen. He stated HIPAA in-services were provided to all employees at hire and annually through computer modules which include instructions on locking the computer screens. He stated the person who worked with residents' private clinical information should lock the screen before walking away. He stated the potential negative effect was unauthorized disclosure of residents' confidential information. During an interview on 1/16/2026 at 12:54 p.m. with ADM, he stated he had HIPAA training yesterday which covered the importance of maintaining the residents' private information. He stated whoever
Residents Affected - Few
Page 1 of 2
676220
676220
01/16/2026
Granite Mesa Health Center
1401 Max Copeland Dr Marble Falls, TX 78654
F 0583
Level of Harm - Minimal harm or potential for actual harm
Residents Affected - Few
used the computer was responsible for shutting it down to ensure the residents' information was not visible. He stated the potential risk for not shutting down charting computers was a breach of residents' privacy. He stated that all staff completed HIPAA in-services at hire and annually through computer modules. He stated CMA A completed her annual training, but could not provide documentation. Record review of facility's HIPAA in-services for last 6 months did not reveal HIPAA in-services completed by CMA A and documented before this incident. Record review of facility's Resident/Patient Confidentiality policy, undated, revealed, All resident Health information is confidential and protected by HIPAA Law. All staff, volunteers, and vendors must not disclose any medical information about a resident.
676220
Page 2 of 2