Are patient sign-in sheets HIPAA compliant? In most cases, yes. In some cases, no.  Let’s take a quick look at both, starting with the HIPAA Privacy Rule itself.

The goal of that law is to ensure that you and your staff take appropriate steps to protect your patients’ privacy. The creators of the Privacy Rule didn’t intend for it to stand in the way of customary and essential communication. So, a nurse, looking up from the sign-in sheet at the front desk and calling into the waiting room, “Mr. Nebodowski, the doctor will see you now,” is NOT violating the HIPAA Privacy Rule. Her behavior is simply a reasonable way of letting that patient know it’s his turn to be seen. The HIPAA Privacy Rule is OK with this — and with sign-in sheets that stick to the basics.

What the HIPAA Privacy Rule is not OK with is a sign-in sheet that displays information that isn’t necessary for the sole purpose of communicating, “I’m here for my appointment.” Sheets that include a space for “Reason for this Visit” fall into the non-compliant category. A nurse reading aloud from a sheet like that and saying, “Mr. Nebodowski, Dr. Martin will see you now about your Type 2 Diabetes” — is clearly violating HIPAA.  But even if the “Reason for this Visit” isn’t spoken, the fact that it’s on the sheet and can be viewed by others who sign-in constitutes a violation.  A sign-in sheet should never ask for that kind of information. Insurance info also has no place there.

The following information is permissible: Date, Name, Arrival Time, Appointment Time, Appointment With.

As always, exercise prudent safeguards when it comes to protecting patient information. Keep your sign-in sheets simple and straightforward. And stay HIPAA compliant.