Primrose Post-Acute: Patient Records Left in Parking Lot - CA
The Medical Services director at Primrose Post-Acute brought the boxes from storage and left them outside, planning to dispose of them later. He never did.
The boxes contained facility invoices with patient names, medical record numbers, dates of birth and laboratory charges. Among the exposed information were records for a resident with severe cognitive impairment who required total assistance with eating, dressing and personal hygiene.
Federal inspectors discovered the privacy violation during a September 3 complaint investigation. The boxes included pathology services invoices dating back to November 2021, containing protected health information that should have been secured or properly destroyed.
The Director of Nursing told inspectors she had no knowledge that boxes filled with patient records had been left outside in the parking lot. She acknowledged that facility documents should never be left outside and that any papers containing resident information needed for disposal should be placed in the shredder.
The Medical Services director confirmed during his interview that he had retrieved the five boxes from storage approximately two weeks earlier. He placed them outside in the parking lot with the intention of disposing of them at a later time, but failed to follow through.
One of the exposed invoices belonged to a resident whose September assessment showed severe cognitive impairment, though the person could still understand others. The resident depended entirely on staff for basic activities of daily living including eating, lower body dressing and personal hygiene care.
The facility's own privacy policy, dated April 2025, explicitly requires compliance with federal health privacy laws including the Health Insurance Portability and Accountability Act. The policy mandates that the facility maintain procedures ensuring resident privacy and confidentiality, specifically including the protection of medical records.
The policy states the facility "complies with the laws governing privacy, security and breach notification of protected health information as set forth in the Health Insurance Portability and Accountability Act (HIPAA) and other privacy and security rules."
It further requires the facility to maintain "policies and procedures ensuring resident privacy and confidentiality including maintaining the privacy and confidentiality of residents' medical records and resident access to personal and medical records."
Despite these written commitments, the boxes sat exposed to weather, theft and unauthorized access for fourteen days. Anyone could have accessed detailed medical and billing information for multiple residents during that time.
The violation represents a significant breach of patient privacy protections. Medical record numbers, combined with names and birthdates, provide enough information for identity theft or insurance fraud. Laboratory charges can reveal sensitive diagnoses and medical conditions.
For residents with cognitive impairment like the one whose records were exposed, the privacy violation is particularly concerning. These vulnerable patients cannot advocate for themselves or understand when their personal information has been compromised.
The incident occurred despite clear federal requirements for protecting health information. Nursing homes receive federal funding and must follow strict privacy rules as a condition of participation in Medicare and Medicaid programs.
Proper disposal of medical records requires either shredding or secure destruction services that provide certificates of destruction. Simply leaving boxes outside fails to meet any accepted standard for handling protected health information.
The Medical Services director's plan to "dispose of them later" ignored both facility policy and federal law. The two-week delay created an extended window of vulnerability for every resident whose information was contained in those boxes.
The Director of Nursing's lack of awareness suggests inadequate oversight of medical records handling. As a department head, she should have known about the removal and planned disposal of facility documents containing patient information.
The violation affects multiple residents whose private medical and billing information was left accessible to unauthorized individuals. The exposure continued until federal inspectors discovered the boxes during their complaint investigation.
The facility now faces potential federal penalties for the privacy breach. More importantly, residents and their families must live with the knowledge that their most sensitive medical information sat unprotected in a parking lot for two weeks.
The boxes containing years of medical invoices represented a comprehensive breach of patient confidentiality, exposing not just names and birthdates but detailed financial information about medical services and laboratory tests that reveal intimate details about residents' health conditions and medical histories.
Full Inspection Report
The details above represent a summary of key findings. View the complete inspection report for Primrose Post-acute from 2025-09-03 including all violations, facility responses, and corrective action plans.
Additional Resources
Data source: Official federal inspection data from the Centers for Medicare & Medicaid Services (CMS).
Editorial process: AI-synthesized regulatory data, reviewed for accuracy by our editorial team.
Professional review: All content reviewed by Christopher F. Nesbitt, Sr., NH EMT & BU-trained Paralegal.
Last verified: June 20, 2026 · Our methodology
PRIMROSE POST-ACUTE in INGLEWOOD, CA was cited for violations during a health inspection on September 3, 2025.
The Medical Services director at Primrose Post-Acute brought the boxes from storage and left them outside, planning to dispose of them later.
Health inspections identify deficiencies that facilities must correct. Violations range from minor documentation issues to serious safety concerns. Review the full report below for specific details and facility response.