QA Investigation Results

Pennsylvania Department of Health
CARESPHERE, LLC
Health Inspection Results
CARESPHERE, LLC
Health Inspection Results For:


There are  10 surveys for this facility. Please select a date to view the survey results.

Surveys don't appear on this website until at least 41 days have elapsed since the exit date of the survey.



Initial Comments:


Based on the findings of an announced offsite state licensure complaint survey completed October 21, 2022, Caresphere, Llc. was found not to be in compliance with the requirements of 28 Pa. Code, Health Facilities, Part IV, Chapter 611, Subpart H. Home Care Agencies and Home Care Registries.






Plan of Correction:




611.4(c) LICENSURE
Requirements for HCA and HCR

Name - Component - 00
Home care agencies and home care registries licensed under this Chapter shall comply with applicable environmental, health, sanitation and professional licensure standards which are required by Federal, State, and local authorities.

Observations:


Based on observations and an interview with the agency Administrator, the agency failed to protect consumers individually identifiable health information for one (1) of one (1) observations (Observation #1).

Findings Include:

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Title 45, Subtitle A, Subchapter C, Part 164: 164.306 Security standards: General rules. (a) General requirements. Covered entities and business associates must do the following: (1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.

Observation #1: On September 21, 2022 at approximately 3:12 p.m. the Department of Health was notified via email correspondence that the agency website contained private consumer information available to the general public.
A review of the agency website was conducted on September 21, 2022 at approximately 6:00 p.m. The website included an 'Employee Portal' which included the following sections for more information, 'How we offer cases' and 'Ready to pick up a new shift?'. The section 'Ready to pick up a new shift?' included a spreadsheet which contained a section 'DCW (direct care worker) open cases and or potential cases. The agency hourly pay rate was also listed.
The spreadsheet included the 'Patient (consumer) Name' (first name/initial of last name), the 'Patient (consumer) Address' (twenty-nine (29) of the addresses listed were full addresses, twenty-four (24) of the addresses listed the street name only), the 'Schedule Needed', and 'Special Requests' (which included but not limited to: preferred language, the preferred sex of the direct care worker (male/female), consumer mobility status, consumers personal care needs) for a total of fifty-three (53) consumers. The following consumers/potential consumers were listed on the agency website and were affected by the failure to protect consumer privacy. Consumer "admission date", "potential client", and "still in intake" dates are listed below:

Consumer #1 admission date: 09/28/22
Consumer #2 admission date: 07/15/21
Consumer #3 admission date: 11/19/21
Consumer #4 admission date: 12/15/21
Consumer #5 admission date: 10/03/22 ("still in intake")
Consumer #6 admission date: 10/12/21
Consumer #7 admission date: 03/23/22
Consumer #8 admission date: 04/22/21
Consumer #9 admission date: 07/01/21
Consumer #10 admission date: 03/21/22
Consumer #11 admission date: 03/05/21
Consumer #12 ("potential client")
Consumer #13 admission date: 09/29/22 ("still in intake")
Consumer #14 admission date: 10/03/22
Consumer #15 admission date: 01/13/22
Consumer #16 admission date: 09/29/22
Consumer #17 admission date: 12/07/21
Consumer #18 admission date: 07/07/20
Consumer #19 admission date: 10/03/22
Consumer #20 admission date: 05/24/22
Consumer #21 admission date: 11/03/20
Consumer #22 admission date: 04/19/22
Consumer #23 admission date: 09/06/22
Consumer #24 admission date: 12/21/21
Consumer #25 admission date: 09/23/22
Consumer #26 admission date: 09/23/22
Consumer #27 admission date: 09/02/22
Consumer #28 admission date: 07/08/22
Consumer #29 admission date: 07/21/22
Consumer #30 admission date: 05/23/22
Consumer #31 admission date: 06/24/22
Consumer #32 admission date: 08/30/22
Consumer #33 ("potential client")
Consumer #34 admission date: 06/03/22
Consumer #35 admission date: 09/01/22
Consumer #36 admission date: 09/19/22
Consumer #37 ("potential client")
Consumer #38 admission date: 06/03/22
Consumer #39 ("potential client")
Consumer #40 admission date: 06/29/22
Consumer #41 admission date: 09/20/22
Consumer #42 admission date: 03/08/22
Consumer #43 admission date: 09/22/22
Consumer #44 admission date: 07/26/22
Consumer #45 ("potential client")
Consumer #46 admission date: 08/18/20
Consumer #47 ("potential client")
Consumer #48 ("potential client")
Consumer #49 ("potential client")
Consumer #50 admission date: 10/10/22
Consumer #51 ("potential client")
Consumer #52 admission date: 05/26/21
Consumer #53 admission date: 10/10/22


An interview conducted with agency Administrator on October 21, 2022 at approximately 10:00 a.m. confirmed the above findings.











Plan of Correction:

1. For Consumer #1-53 will mail a notice of the breach in written form by postal mail. In addition, an initial breach report was filed with the secretary at HHS. The PHI has been removed from the spreadsheet
2. Will remove the patient name and address column from the spreadsheet so it will not be possible for general employees to add this information
3. Will conduct a internal HIPAA training and develop a HIPAA training as part of office employee orientation to ensure employees are clear on HIPAA guidelines and deficient practice not recur
4. The agency administrator has disabled the employee portal from the company website and will work on password encryption before reactivating it again.