Observations Based on a review of the Confidentiality policy and other administrative documentation, the facility failed to provide written procedures surrounding terminated staff member logins for the electronic records system being deactivated in order to ensure the confidentiality of client records. There was no process or timeline in place for disconnecting employees from accessing client electronic records once employment ceases.
|
Plan of Correction Added to the existing Confidentiality Policy, item #9 under Procedures, is the following:
"Access to company email, electronic medical record, and access to building will be discontinued at the time of termination of any employee, and before the employee leaves the building for the final time."
The Business/ Operations Manager will facilitate the discontinuation of these systems upon termination of an employee. This added policy item went into effect on 1/24/2023. |