Question: One of the physicians in my practice demands we use a sign-in sheet — he says the sheets offer “proof” of a patient’s visit. Do sign-in sheets violate a patient’s rights under the HIPAA Privacy Rule? Colorado Participant
Answer: The U.S. Department of Health and Human Services (HHS) says that incidental exposures, like the announcement of a name by a nurse, to call a patient into an exam room from the waiting room, or a sign-in sheet, depending on the information included, are OK. To remain compliant with the HIPAA Privacy rule, the sign-in sheet should not list the reason the patient is seeking medical care. HHS says, “… incidental disclosures are permitted only when the covered entity has implemented reasonable safeguards and the minimum necessary standard, where appropriate. For example, the sign-in sheet may not display medical information that is not necessary for signing in (e.g., the medical problem for which the patient is seeing the physician).”