Have I violated HIPAA if a patient gets a glimpse of a sign-in sheet, or overhears something I say to or about another patient?
HIPAA tries to be practical enough so that the day-to-day provision of health care won't be impeded. As long as you take “reasonable safeguards,” you haven't violated HIPAA, if the disclosure was incidental to an otherwise HIPAA compliant use.
What does HIPAA consider to be a reasonable safeguard?
For the most part, reasonable safeguards are the types of things that we already do to protect confidentiality. For instance:
Speak quietly when there is a chance you could be overheard.
Avoid discussing patients information in public areas.
Keep patient files in locked cabinets or secure areas.
Computers with private information need to be password protected.
So we can still use sign-in sheets?
Yes, a sign-in sheet is allowed. It should not reveal any information about the patientâ€™s condition, or other demographic information such as social security number, address, or telephone.
How about calling a patient from the waiting room by name?
This would also be allowed, assuming only the patient's name is used. “Come on in, Mr. Smith” would be fine. “OK, Tom, let's do your drug test now” would not.
Can I leave a message for the patient at his or her home?
Yes, if you leave only the minimum information, such as your name and a return phone number. You should also be aware that the patient has the right to ask that you not call his home, and you must honor this request. Other reasonable requests to protect privacy also need to be accommodated. For instance, the patient may ask you to send appointment reminders in an envelope rather than by a postcard, or may ask that you send mail to a post office box.
Do we need to make structural changes, such as putting up walls or soundproofing treatment rooms?
We are not expected to make significant structural changes.