How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Ray Your Own Question
Ray, Employment lawyer
Category: Employment Law
Satisfied Customers: 41569
Experience:  30 years in Employment law
Type Your Employment Law Question Here...
Ray is online now
A new question is answered every 9 seconds

Good morning - I work non-profit organization. We are

Customer Question

good morning - I work for a non-profit organization. We are NOT a medical facility, we offer yoga, massage, reflexology, reiki, support groups and art/painting classes, exercise class, jewelry class, etc. for those who have cancer and their families. We have a "sign-in" sheet that they just put their names, we have had someone tell us that we are not HIPPA compliant because of that. I thought it was only for the medical community and we are not a medical facility. Are we OK to still have our sign-in sheet, we use them for our daily and monthly tallies on month end. Thank you for your help.
Submitted: 1 year ago.
Category: Employment Law
Expert:  Ray replied 1 year ago.
Hi and welcome to JA. Ray here to help you today. I think that you are a covered entity here because you provide services to cancer patients that have been referred. That said the feds have spoken on this issue and allow such sheets.Your agency is responsible for maintaining the privacy of the sheets here so you either store them securely or take other means to secure them. Reference Yes. Covered entities, such as physician’s offices, may use patient sign-in sheets or call out patient names in waiting rooms, so long as the information disclosed is appropriately limited. The HIPAA Privacy Rule explicitly permits the incidental disclosures that may result from this practice, for example, when other patients in a waiting room hear the identity of the person whose name is ***** ***** see other patient names on a sign-in sheet. However, these incidental disclosures are permitted only when the covered entity has implemented reasonable safeguards and the minimum necessary standard, where appropriate. For example, the sign-in sheet may not display medical information that is not necessary for the purpose of signing in (e.g., the medical problem for which the patient is seeing the physician). See 45 CFR 164.502(a)(1)(iii). If anybody asks Debbie you are HIPAA compliant according to this as long as you keep the sign in sheets private or destroy them. I appreciate the chance to help you today.Thanks again.