[ Friday, April 07, 2017 ]


A question from the audience:

Q: At our group therapy counseling sessions, we have the clients sign in on a sign in sheet that is passed around once group therapy starts. No one but the clients in group, the therapist, and the billing department sees the sign in sheet. We are required by the state agency we serve to have a sign in sheet, and since we bill insurance, we need to be able to provide documentation for insurance purposes (proving the patient attending the group therapy session, in case we get audited). The sign in sheet asks for client's initials, DOB, and time in and out of group, and has to be signed by the person so it is authentic and can't be said it is forged. A client in group, who is a lawyer, stated this was a breach of HIPAA.  Is it?

A:  It’s group therapy; doesn’t person A know the name (or initials) of person B and person C, without seeing it on the sign-in sheet?  Don’t they know when the person came into the room and left the room?  I guess person A now knows the age person B, and what their signature looks like, but the real PHI here is the fact that persons B and C are getting therapy, and person A already knew that, since it's group therapy!

Sign-in sheets and waiting rooms are always places where PHI can be inadvertently disclosed.  Some person’s presence in a waiting room gives you some implicit information about their health condition, which means that every waiting room in the world is a potential HIPAA violation.  So what’s the answer?  No waiting rooms?  Make the waiting room so dark nobody can see who else is in there?  Hand out Halloween masks to everyone when they come in so nobody can recognize anyone else?  Obviously, that’s silly.  And it’s even sillier when the patients in the waiting room then go into a group healthcare session together, where they get to know even more PHI about each other.

Instead, a covered entity medical provider should do what it can to minimize disclosures in the waiting room, while recognizing that some amount of disclosure is naturally going to occur.  Sign-in sheet should not have any information that’s not necessary, like addresses, social security numbers, or diagnosis/medical complaint information.  When calling patients from the waiting room, staff should use the minimum information (say “Mr. Prescott?” when calling the patient in, not “Dak Prescott, quarterback for the Dallas Cowboys, we’re ready to give you your treatment for your embarrassing STD”).  But none of that would make much of a difference when a group of folks in the waiting room all come in together to get their healthcare services as a group, where all the same information (and much more) is going to be shared anyway.

Given that, it sounds like you are keeping the sign-in sheets to the minimum information.  However, if you want to be overly sensitive, you could have each group therapy member sign a separate sign-in sheet with the same information (initials, DOB, in/out time, signature), so that nobody sees anyone else’s PHI.  But I don’t think that’s really necessary, if the information is going to be shared in person anyway.

Jeff [11:24 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template