WASHINGTON, DC โ Federal health inspectors found that Bridgepoint Sub-acute & Rehab National Harborside failed to properly safeguard resident-identifiable information during a complaint investigation concluded on November 13, 2025. The facility has not submitted a correction plan.
Resident Information Protection Failures
The Centers for Medicare & Medicaid Services (CMS) cited Bridgepoint under regulatory tag F0842, which requires nursing facilities to maintain medical records on each resident in accordance with accepted professional standards and to protect resident-identifiable information from unauthorized access.
The deficiency was classified as Scope/Severity Level D, indicating an isolated incident with no documented actual harm but with the potential for more than minimal harm to residents. The citation falls under the broader category of Resident Assessment and Care Planning Deficiencies.
What makes this citation particularly notable is the facility's response โ or lack thereof. According to the federal inspection report, Bridgepoint has no plan of correction on file, meaning the facility has not outlined steps it intends to take to address the identified problem.
Why Medical Records Security Matters
Medical records in nursing homes contain some of the most sensitive personal information imaginable. Resident files typically include Social Security numbers, insurance details, diagnoses, medication lists, cognitive assessments, and detailed notes about a person's physical and mental condition. When facilities fail to safeguard this information, residents face real and measurable risks.
Unauthorized access to medical records can lead to identity theft, insurance fraud, and discriminatory treatment. For nursing home residents โ many of whom have cognitive impairments or limited ability to monitor their own financial accounts โ these risks are amplified. A resident with dementia, for instance, may not recognize or report unauthorized use of their personal information for months or even years.
Federal regulations under 42 CFR ยง483.10(h) establish that residents have a right to personal privacy and confidentiality of their personal and medical records. Facilities are required to maintain clinical records that are complete, accurately documented, readily accessible, and systematically organized. These records must be stored and managed in ways that prevent unauthorized access while remaining available to authorized personnel who need them for care delivery.
Professional Standards for Records Management
Accepted professional standards for medical records in long-term care facilities include several key requirements. Records must be stored in secure, locked locations โ whether physical filing cabinets or encrypted digital systems. Access should be limited to authorized personnel on a need-to-know basis. Facilities must maintain audit trails showing who accessed records and when, and staff must receive regular training on privacy protocols.
The Health Insurance Portability and Accountability Act (HIPAA) adds an additional layer of federal requirements, mandating administrative, physical, and technical safeguards for protected health information. Violations of HIPAA can result in separate civil and criminal penalties beyond CMS enforcement actions.
Absence of a Correction Plan
When CMS identifies a deficiency, facilities are typically required to submit a plan of correction outlining specific steps they will take to remedy the problem, prevent recurrence, and establish a timeline for compliance. The absence of such a plan from Bridgepoint raises questions about the facility's responsiveness to regulatory oversight.
Without a correction plan, there is no documented commitment from the facility to change the practices that led to the citation. CMS has enforcement tools available if facilities fail to achieve compliance, ranging from directed plans of correction to civil monetary penalties and, in serious cases, termination from the Medicare and Medicaid programs.
Facility Background
Bridgepoint Sub-acute & Rehab National Harborside is located in Washington, DC and provides sub-acute rehabilitation and long-term care services. The November 2025 inspection was prompted by a complaint rather than a routine survey, indicating that a concern was raised โ potentially by a resident, family member, or staff member โ before inspectors arrived.
Residents and family members who have concerns about medical records privacy at any nursing facility can file complaints with their state survey agency or CMS regional office. They can also contact the Long-Term Care Ombudsman Program, which advocates on behalf of nursing home residents.
The full federal inspection report, including detailed findings related to the F0842 citation, is available for review on NursingHomeNews.org's facility page for Bridgepoint Sub-acute & Rehab National Harborside.
Full Inspection Report
The details above represent a summary of key findings. View the complete inspection report for Bridgepoint Sub-acute & Rehab National Harborside from 2025-11-13 including all violations, facility responses, and corrective action plans.
๐ฌ Join the Discussion
Comments are moderated. Please keep discussions respectful and relevant to nursing home care quality.