RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Visitor Registers
From:
Julie Fleming <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Thu, 11 Feb 2010 14:45:28 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (84 lines) 
Below is an FAQ copied from the Department of Health and Human Services 
that comments on visitor logs:

The Privacy Rule explicitly permits certain incidental disclosures that 
occur as a by-product of an otherwise permitted disclosure—for example, 
the disclosure to other patients in a waiting room of the identity of 
the person whose name is called. In this case, disclosure of patient 
names by posting on the wall is permitted by the Privacy Rule, if the 
use or disclosure is for treatment (for example, to ensure that patient 
care is provided to the correct individual) or health care operations 
purposes (for example, as a service for patients and their families). 
The disclosure of such information to other persons (such as other 
visitors) that will likely also occur due to the posting is an 
incidental disclosure.

Incidental disclosures are permitted only to the extent that the 
covered entity has applied reasonable and appropriate safeguards and 
implemented the minimum necessary standard, where appropriate. See 45 
CFR 164.502(a)(1)(iii) (PDF - 3 pages). In this case, it would appear 
that the disclosure of names is the minimum necessary for the purposes 
of the permitted uses or disclosures described above, and there do not 
appear to be additional safeguards that would be reasonable to take in 
these circumstances. However, each covered entity must evaluate what 
measures are reasonable and appropriate in its environment. Covered 
entities may tailor measures to their particular circumstances.

 http://www.hhs.gov/ocr/privacy/hipaa/faq/administrative/202.html


Julie Ann Fleming, CRM



-----Original Message-----
From: Larry Medina <[log in to unmask]>
To: [log in to unmask]
Sent: Thu, Feb 11, 2010 11:15 am
Subject: Re: Visitor Registers

OOOHH!! OOOHHH!!!  I know the answer to THIS one!!

It depends.... =)

Changes in HIPAA a few years back made it a requirement for medical
practitioners and service providers to limit WHAT people write on 
visitor
logs, and that the content is considered subject to the privacy 
provisions
of HIPAA.

For this reason, one of the medical labs I visit instituted a policy 
last
year where they have laminated numbers that hang on a hook. On arrival, 
you
take a number, and on the visitor log sheet you write the number and 
time
you arrived, NOTHING ELSE.

In certain situations dealing with issues such as National Security, the
logs are subject to specific handling requirements, and not only is it
confidential, it CAN be classified.

I think seeing as it may not be a huge effort or cost, it may be an
appropriate practice to continue shredding them.  Only your 
organization can
make this decision, and it should be based on assessing any legal 
concerns,
risk, and if there are any benefits that may outweigh the costs.

Larry
[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already 
present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of 
the message.
mailto:[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2