Hi Melody,
IANAL, but I did find this on the HIPAA site:
http://www.hhs.gov/ocr/privacy/hipaa...sclosures.html
Quote:
|
Many customary health care communications and practices play an important or even essential role in ensuring that individuals receive prompt and effective health care. Due to the nature of these communications and practices, as well as the various environments in which individuals receive health care or other services from covered entities, the potential exists for an individual’s health information to be disclosed incidentally. For example, a hospital visitor may overhear a provider’s confidential conversation with another provider or a patient, or may glimpse a patient’s information on a sign-in sheet or nursing station whiteboard. The HIPAA Privacy Rule is not intended to impede these customary and essential communications and practices and, thus, does not require that all risk of incidental use or disclosure be eliminated to satisfy its standards. Rather, the Privacy Rule permits certain incidental uses and disclosures of protected health information to occur when the covered entity has in place reasonable safeguards and minimum necessary policies and procedures to protect an individual’s privacy.
|
My gut feeling is that it's one of many gray areas.
Doc