Q. Do patient
sign-in sheets violate the HIPAA Privacy Rule? If they do not, does a
recommended format exist?
A. Covered
entities are responsible for limiting incidental disclosures. Using a patient
sign-in sheet is allowed but can be perceived as not taking the necessary steps
to limit incidental disclosure and a violation of the HIPAA Privacy Rule.
If you use a
sign-in sheet, the information on the sheet should be kept to a minimum.
No preferred format
exists, however, covered entities that use a sign-in sheet should very strictly
limit the PHI to the following:
- the
patient's name;
- the
provider being seen;
- the
arrival time; and
- the
appointment time.