Sheets

Sheets

Q. Do patient sign-in sheets violate the HIPAA Privacy Rule? If they do not, does a recommended format exist?

A. Covered entities are responsible for limiting incidental disclosures. Using a patient sign-in sheet is allowed but can be perceived as not taking the necessary steps to limit incidental disclosure and a violation of the HIPAA Privacy Rule.

If you use a sign-in sheet, the information on the sheet should be kept to a minimum.

No preferred format exists, however, covered entities that use a sign-in sheet should very strictly limit the PHI to the following:

  • the patient's name;
  • the provider being seen;
  • the arrival time; and
  • the appointment time.