Written by Dr. MedLaw

As a urologist I am very sensitive to my patients’ need for privacy. However, I was really surprised when a new patient got very nasty with my receptionist because he was asked to sign in on a sheet at the front desk. He was carrying on about how this is a HIPAA violation because other patients signing in can see his name. I thought that a sign-in sheet is actually acceptable under HIPAA.


It is, as is announcing a patient’s name in the waiting room to tell them that they are the next to see you or saying their name in the hearing of other patients or visitors. Under HIPAA these revelations of PHI are considered incidental to medical care.

However, you should be doing your part to minimize that revelation. Start with the fact that PHI is an identifier coupled to a medical fact.  All that a sign-in sheet alone therefore reveals is that someone is your patient so make sure to not expand it beyond that – why the patient is there should never be included. Using a peel-off type of sign-in sheet is also a good idea – while not a HIPAA requirement, it does make patients feel more protected and avoids a situation like this.

Similarly, when discussing a patient where others might overhear, keep your voice low, and when calling a patient in from the waiting room do not mention the reason that they are there.  For example, your MA saying “Mr. Joe Smith, come with me please” is acceptable but “J.S., we are ready for your cystoscopy.” is not because the issue is not the completeness of the name but the association of that identifier to the specific personal medical fact.

Having these as policies in your employee manual will stand you in good stead if you ever have to defend against a complaint from a troublesome patient.