Health inspection·November 6, 2024

California Code of Regulations, Title 22, Section 72521. Administrative Policies and Procedures. (a) Written administrative, management and personnel policies shall be established and implemented to govern the administration and management of the facility. (b) All policies and procedures required by these regulations shall be in writing and shall be carried out as written. They shall be made available upon request to patients or their agents and to employees and the public. Policies and procedures shall be reviewed at least annually, revised as needed and approved in writing by the governing body or licensee. § 72527. Patients' Rights. (a) Patients have the rights enumerated in this section and the facility shall ensure that these rights are not violated. The facility shall establish and implement written policies and procedures which include these rights and shall make a copy of these policies available to the patient and to any representative of the patient. The policies shall be accessible to the public upon request. § 72543. Patients' Health Records. (b) Information contained in the health records shall be confidential and shall be disclosed only to authorized persons in accordance with federal, state and local laws. Code of Federal Regulations, Title 42 Section §483.10(h) Privacy and Confidentiality. The patient has a right to personal privacy and confidentiality of his or her personal and medical records. An unannounced visit was conducted by California Department of Public Health (CDPH) on 9/25/2024, to investigate a complaint regarding an allegation to safeguard a patient’s personal privacy and confidentiality of the medical record. The facility failed to safeguard Patient 1 personal privacy and confidentiality of medical records by sending Patient 1’s medical records with Patient 2 when Patient 2 was transferred to the General Acute Care Hospital (GACH). This failure had the potential to result in Patient 1's personal information and medical records being disclosed without Patient 1's permission, that could compromise the security or privacy of Patient 1's protected health information. During a review of Patient 1's Admission Record indicated Patient 1, a 88 years old patient admitted to the facility on 7/3/2023 and readmitted on 10/31/2023 with diagnoses that included type 2 diabetes mellitus diabetic with chronic kidney disease (high blood sugar level in the blood stream lead to a gradual loss of kidney function over time), dependence on renal dialysis (a person requires technology to sustain their life due to kidney failure), and end stage renal disease (a permanent condition where the kidneys stop working, requiring dialysis or a kidney transplant to survive). During a review of Patient 1's History and Physical Examination (H&P), dated 11/4/2023, H&P indicated the patient has the capacity to understand his medical condition or his bill of rights (a patient's rights and responsibilities). During a review of Patient 1's Minimum Data Set (MDS- a comprehensive assessment and screening tool) dated 8/7/2024, the MDS indicated Patient 1 was not able to follow commands, his cognition skills (process of thinking and reasoning) was moderate impaired for decision making. Patient 1 required helper to do more than half of the effort for patient for the toilet, personal hygiene. The MDS also indicated Patient 1 required more than half of the effort for change of position and transfer. Patient 1 is moderate dependent (helper does more than half of the effort). During a review of Patient 2's Admission Record indicated Patient 2, a 90 years old male was admitted to the facility on 8/1/2024 and readmitted on 9/3/2024 with diagnoses that included hypertensive heart disease (a group of conditions that can occur when chronic high blood pressure damages the heart) with heart failure (the heart is unable to pump enough blood to meet the body's needs), hemiplegia (a severe or complete loss of strength or paralysis on one side of the body) and hemiparesis (a mild loss of strength in a leg, arm, or face) following cerebral infarction (a damage to tissues in the brain due to a loss of oxygen to the area) affecting right dominant side, acute respiratory failure with hypoxia ( medical emergency that occurs when the lungs have difficulty exchanging oxygen and carbon dioxide with the blood, resulting in low oxygen levels in the body's tissues). During a review of Patient 2's H&P, dated 9/17/2024, H&P indicated the patient does not have the capacity to understand his medical condition or his bill of rights (a patient's rights and responsibilities). During a review of Patient 2's MDS dated 8/8/2024, the MDS indicated Patient 2 was not able to follow commands, his cognition skills was severely impaired for decision making. Patient 2 required helper to do all the effort for patient for the toilet, personal hygiene. The MDS also indicated Patient 2 required helper to do all the effort for change of position and transfer. Patient 2 is totally dependent. During a concurrent interview and record review of nursing progress notes on 9/25/2024 at 9:42 AM with Registered Nurse 1 (RN1), Patient 2's nursing progress note dated 9/24/2024 was reviewed. RN1 stated Patient 2 got sent out to the General Acute Care Hospital (GACH) for further evaluation and care treatment due to fever and low oxygen level in his blood stream. RN1 stated Patient 2 was transferred to the hospital by 911 (provides emergency services), City Fire Department (CFD) paramedic. The transfer of Patient 2 to GACH happened on 9/24/24 morning around 7:22 AM. RN1 stated it was the night shift nurse Licensed Vocational Nurse (LVN1) 1 that coordinated Patient 2's transfer to GACH on 9/24/24 and sent Patient 1's medical records (face sheet, H&P [history and physical assessment], medications list, POLST [physician orders for life-sustaining treatment, a medical order that helps patients with serious illness specify their preferences for end- of- life care], and physician's order of transfer) instead of Patient 2's medical records to GACH. RN1 stated this is a violation of the HIPPA (Health Insurance Portability and Accountability Act- a federal law that protects sensitive health information and provides rights to health plan participants) law by sending out other patient's medical information during hospital transfer. During a telephone interview on 9/25/2024 at 11:15 AM with CFD, CFD's fire fighter stated GACH's emergency room notified him on 9/24/24 near 8:20 AM that CFD paramedic sent Patient 2 to the hospital with another patient's medical records the medical records with records containing medical Patient 1’s medical records. During a telephone interview on 9/25/2024 at 11:50 AM with GACH's emergency room charge nurse (ERCN), ERCN stated she had received Patient 1's face sheet, H&P, medications list, POLST, and physician's order of transfer, and no paperwork/ medical records for Patient 2. ERCN stated, she needed to call the facility for verification of Patient 2's identity and she was talking to Registered Nurse 2 (RN2). ERCN stated, on 9/24/2024 she obtained fax of Patient 2's face sheet, H&P, medications list, POLST, and physician's order of transfer from Registered Nurse 2 (RN2) at the facility. ERCN stated the facility violated the HIPPA law on 2 separate incidents. During an interview on 9/25/2024 at 12:31 PM with RN2, RN2 stated she confirmed with ERCN that Patient 1 got sent out to GACH with Patient 2's medical records. RN2 also stated, RN 2 faxed Patient 2's face sheet, H&P, medications list, POLST, and physician's order to SGVMC emergency room per ERCN's request on 9/24/2024. RN2 stated this is a breach of the of protected health information (PHI) by sending out Patient 1's protected health information to CFD paramedic ambulance without carefully review and verification of the patient's identity or it is for the correct patient. During a telephone interview on 9/25/2024 at 1:28 PM with LVN1, LVN1 stated, the Director of Nursing (DON) did call him and let him know that he sent out Patient 1's medical records when Patient 2 was transferred to the GACH on the morning of 9/24/2024. LVN1 stated this is a breach of HIPPA law for unauthorized release or disclosure of other patient's medical information to the CFD paramedic and GACH. During an interview on 9/25/2024 at 1:47 PM with the DON, the DON stated she was aware LVN1 sent out Patient 1's medical record when Patient 2 was transferred to GACH by CFD paramedic on 9/24/2024 morning. DON stated this is an unauthorized release or disclosure of Patient 1's medical records. DON stated this is a breach of the protected health information. During a review of the facility's policy and procedure (P&P) titled, "Protected Health Information (PHI), Management and Protection of" revised April 2014, the P&P indicated, it is the responsibility of all personnel who have access to patient and facility information to ensure that such information is managed and protected to prevent unauthorized release or disclosure. During a review of the facility's policy and procedure (P&P) titled "Patient Right" revised December 2016, the P&P indicated, the unauthorized release, access, or disclosure of patient information is prohibited. All release, access, or disclosure of patient information must be in accordance with current laws governing privacy of information issues. All inquiries concerning the release of patient information should be directed to the HIPAA Compliance Officer. The facility failed to safeguard Patient 1 personal privacy and confidentiality of medical records by sending Patient 1’s medical records with Patient 2 when Patient 2 was transferred to the GACH. This failure had the potential to result in Patient 1's personal information and medical records being disclosed without Patient 1's permission, that could compromise the security or privacy of Patient 1's protected health information. This violation had a direct or immediate relationship to the health, safety, or security of Patient 1 and Patient 2.