Question: I recently started as practice manager for an ob-gyn practice. The practice has been using a patient sign-in sheet for many years. The sheet asks for the patient’s name, the time of appointment, date of last menstrual period (LMP), and also has a box that says, “If pregnant, number of weeks.” The strip where the patient writes her name is supposed to be peeled off after she signs in, but the receptionist doesn’t always get to it right away if she is helping other patients. Isn’t this a potential compliance risk because it can reveal PHI?
Many practices still ask patients to write on the sign-in sheet when they present for a visit, but don’t substitute the sign-in form for a patient history form. Sign-in sheets can be a bone of contention among privacy experts, many of whom discourage practices from using them at all. However, you are legally entitled to use them, as long as you don’t request too much data from the patient.
“Covered entities, such as physician’s offices, may use patient sign-in sheets or call out patient names in waiting room, so long as the information disclosed is appropriately limited,” the Department of Health and Human Services says on its Web site. “However, these incidental disclosures are permitted only when the covered entity has implemented reasonable safeguards and the minimum necessary standard, where appropriate. For example, the sign-in sheet may not display medical information that is not necessary for the purpose of signing in (e.g., the medical problem for which the patient is seeing the physician).”
Best bet: If you need a patient to give you private information such as her last menstrual period or a list of medications she’s taking, hand her a history form to complete while she’s in the waiting room.
Hawaii Subscriber
Answer: Yes, this could be a HIPAA violation. If another patient see the name, LMP date, and pregnancy status, your practice could unintentionally be revealing private health information (PHI).