Business associate agreements US Medical PG Practice Questions and MCQs
Practice US Medical PG questions for Business associate agreements. These multiple choice questions (MCQs) cover important concepts and help you prepare for your exams.
Business associate agreements US Medical PG Question 1: A 79-year-old male presents to your office for his annual flu shot. On physical exam you note several linear bruises on his back. Upon further questioning he denies abuse from his daughter and son-in-law, who live in the same house. The patient states he does not want this information shared with anyone. What is the most appropriate next step, paired with its justification?
- A. Breach patient confidentiality, as this patient's care should be discussed with the daughter as she is his primary caregiver
- B. See the patient back in 2 weeks and assess whether the patient's condition has improved, as his condition is not severe
- C. Do not break patient confidentiality, as elder abuse reporting is not mandatory
- D. Do not break patient confidentiality, as this would potentially worsen the situation
- E. Breach patient confidentiality, as this patient is a potential victim of elder abuse and reporting is mandated in most states (Correct Answer)
Business associate agreements Explanation: ***Breach patient confidentiality, as this patient is a potential victim of elder abuse and reporting is mandated in most states***
- As a physician, there is a **legal and ethical obligation** to report suspected elder abuse in most US states, even when the patient denies it and requests confidentiality.
- Physicians are typically **mandatory reporters** under state law, and must report to Adult Protective Services or law enforcement when elder abuse is suspected.
- The patient's safety and legal requirements outweigh the right to confidentiality in jurisdictions with mandatory reporting laws.
*Breach patient confidentiality, as this patient's care should be discussed with the daughter as she is his primary caregiver*
- Breaching confidentiality to discuss this with the daughter would be inappropriate, especially since the daughter and son-in-law are the **suspected abusers**.
- Discussing with the primary caregiver is only appropriate if the patient has given **explicit consent** and there are no suspicions of abuse from that caregiver.
*See the patient back in 2 weeks and assess whether the patient's condition has improved, as his condition is not severe*
- This option is inappropriate because it delays intervention in a potentially **dangerous situation**.
- Suspected abuse warrants **immediate action** to ensure the patient's safety, regardless of the perceived severity of current injuries.
*Do not break patient confidentiality, as elder abuse reporting is not mandatory*
- In **most states**, physicians have **mandatory reporting laws** for elder abuse, making this statement generally incorrect.
- Physicians are typically considered "mandated reporters" and are legally required to report suspected abuse to the appropriate authorities in their jurisdiction.
*Do not break patient confidentiality, as this would potentially worsen the situation*
- While this is a valid concern in some situations, the **primary responsibility** of a physician is to protect vulnerable patients from harm.
- Reporting suspected abuse initiates protective measures and is legally required in most states, as the potential benefit of intervention outweighs the risk of worsening the situation.
Business associate agreements US Medical PG Question 2: A 45-year-old man is brought to the emergency department by his friends because of a 1-hour history of shortness of breath and squeezing chest pain. They were at a party where cocaine was consumed. A diagnosis of acute myocardial infarction is made. The physician stabilizes the patient and transfers him to the inpatient unit. Six hours later, his wife arrives at the emergency department and requests information about her husband's condition. Which of the following is the most appropriate action by the physician?
- A. Ask the wife for a marriage certificate
- B. Inform the wife about her husband's condition
- C. Consult the hospital ethics committee
- D. Obtain authorization from the patient to release information (Correct Answer)
- E. Request the patient's durable power of attorney document
Business associate agreements Explanation: ***Obtain authorization from the patient to release information***
- Under **HIPAA (Health Insurance Portability and Accountability Act)**, patient information is confidential and cannot be shared without their express consent, even with close family members like a spouse, once the patient is **conscious and able to make decisions**.
- The patient, being stabilized, is likely **competent** to authorize the release of his medical information to his wife, ensuring his **autonomy** and privacy are respected.
*Ask the wife for a marriage certificate*
- A marriage certificate does not automatically grant access to a spouse's medical information if the patient is **competent** and has not provided consent.
- Requesting such documentation is generally **not standard practice** and does not supersede the need for patient authorization under HIPAA.
*Inform the wife about her husband's condition*
- Releasing medical information without the patient's explicit consent would be a direct **violation of patient confidentiality** and **HIPAA regulations**, even if the individual is a spouse.
- Although well-intentioned, this action could have legal and ethical repercussions for the physician and the hospital.
*Consult the hospital ethics committee*
- While ethics committees handle complex ethical dilemmas, this situation is a straightforward matter of **patient confidentiality** and **HIPAA compliance**.
- The direct course of action is to seek patient authorization, rather than escalating to an ethics committee for a clearly defined privacy issue.
*Request the patient's durable power of attorney document*
- A **durable power of attorney (DPOA)** for healthcare is only activated when a patient is **incapacitated** and unable to make decisions for themselves.
- Since the patient is stabilized and presumably competent to make decisions about his care, a DPOA is not relevant at this time.
Business associate agreements US Medical PG Question 3: A 50-year-old woman comes to the physician for a routine health maintenance examination. She has no personal or family history of serious illness. She smoked one pack of cigarettes daily for 5 years during her 20s. Her pulse is 70/min, and blood pressure is 120/78 mm Hg. Serum lipid studies and glucose concentration are within the reference ranges. Which of the following health maintenance recommendations is most appropriate at this time?
- A. Perform BRCA gene test
- B. Perform abdominal ultrasound
- C. Perform 24-hour ECG
- D. Perform DEXA scan
- E. Perform colonoscopy (Correct Answer)
Business associate agreements Explanation: ***Perform colonoscopy***
- **Colorectal cancer screening** with colonoscopy is generally recommended for individuals at average risk starting at age **45-50 years**.
- This patient is **50 years old** and has no increased risk factors, making routine colonoscopy the most appropriate screening.
*Perform BRCA gene test*
- **BRCA gene testing** is indicated for individuals with a strong **family history** of breast or ovarian cancer, or those with personal history suggesting a genetic predisposition.
- This patient has **no personal or family history** of serious illness, so BRCA testing is not warranted.
*Perform abdominal ultrasound*
- **Abdominal ultrasound** is typically used to investigate specific symptoms or screen for conditions like **abdominal aortic aneurysm** in high-risk individuals (e.g., male smokers over 65).
- This patient has **no relevant symptoms** or risk factors for which routine abdominal ultrasound screening is recommended.
*Perform 24-hour ECG*
- A **24-hour ECG (Holter monitor)** is used to detect paroxysmal **arrhythmias** or evaluate symptoms like palpitations, syncope, or dizziness.
- This patient is asymptomatic with a normal pulse and blood pressure; therefore, **routine 24-hour ECG** is not indicated.
*Perform DEXA scan*
- A **DEXA scan** is recommended for **osteoporosis screening** in women typically starting at age **65**, or earlier if they have significant risk factors like a history of fragility fractures or certain medical conditions.
- At **50 years old** and with no apparent risk factors for osteoporosis, a DEXA scan is not yet routinely indicated according to general guidelines.
Business associate agreements US Medical PG Question 4: You are a resident on a pediatric service entering orders late at night. Upon arrival the next morning, you note that you had mistakenly ordered that low molecular weight heparin be administered to a 17-year-old patient who does not need anti-coagulation. When you talk to her, she complains about the "shot" she had to get this morning but is otherwise well. How should you handle the situation?
- A. Since there was no lasting harm to the patient, it is not necessary to disclose the error
- B. Tell the patient and her parents about the error (Correct Answer)
- C. You cannot disclose the error as a resident due to hospital policy
- D. Tell the patient, but ask her not to tell her parents
- E. Speak to risk management before deciding whether or not to disclose the error
Business associate agreements Explanation: ***Tell the patient and her parents about the error***
- Full **disclosure of medical errors** is a fundamental ethical principle, even if no lasting harm occurred, because it promotes trust and transparency.
- As a **minor**, the patient's parents/guardians have the right to be informed about medical errors affecting their child's care and safety.
*Since there was no lasting harm to the patient, it is not necessary to disclose the error*
- This statement is incorrect because the **absence of harm** does not negate the ethical obligation to disclose a medical error; it is crucial for patient trust and learning from mistakes.
- Failing to disclose an error, even if harmless, can erode trust and is considered a breach of **professional integrity and transparency**.
*You cannot disclose the error as a resident due to hospital policy*
- While hospital policies may guide the process of disclosure (e.g., involving attending physicians or risk management), they do not prevent residents from participating in or initiating the disclosure of an error.
- The resident's role involves acknowledging the error and initiating the appropriate steps for disclosure, often in collaboration with their **supervising physician**.
*Tell the patient, but ask her not to tell her parents*
- This is unethical and legally problematic because, as a **minor**, the patient's parents or legal guardians have the right to be informed about significant medical events and errors related to their child's care.
- Asking the patient to withhold information from her parents undermines **parental rights** and creates an inappropriate and potentially harmful dynamic.
*Speak to risk management before deciding whether or not to disclose the error*
- While consulting **risk management** is an important step in the process of disclosing a medical error to ensure compliance and support, it should not be a prerequisite for the decision to disclose.
- The ethical imperative is to disclose the error; risk management primarily guides *how* to best disclose it, not *whether* to disclose it.
Business associate agreements US Medical PG Question 5: A psychiatrist receives a call from a patient who expresses thoughts of harming his ex-girlfriend. The patient describes a detailed plan to attack her at her workplace. Which of the following represents the psychiatrist's most appropriate legal obligation?
- A. Warn the ex-girlfriend and notify law enforcement (Correct Answer)
- B. Only notify the patient's family
- C. Warn only law enforcement
- D. Maintain patient confidentiality
Business associate agreements Explanation: ***Warn the ex-girlfriend and notify law enforcement***
- This scenario directly triggers the **"duty to warn"** and **"duty to protect"** principles, primarily stemming from the **Tarasoff v. Regents of the University of California** case.
- The psychiatrist has a legal obligation to take reasonable steps to protect the identifiable victim, which includes directly warning the intended victim and informing law enforcement.
*Only notify the patient's family*
- Notifying the patient's family alone does not fulfill the **legal obligation to protect** an identifiable third party from a serious threat of harm.
- While family involvement might be part of a comprehensive safety plan, it is insufficient as the sole action in this critical situation.
*Warn only law enforcement*
- While notifying law enforcement is a crucial step, the **Tarasoff duty** specifically mandates warning the **intended victim** directly (or those who can reasonably be expected to notify the victim).
- Relying solely on law enforcement might not ensure the immediate safety of the ex-girlfriend, especially if there's a delay in their response or ability to locate her.
*Maintain patient confidentiality*
- Patient confidentiality is a cornerstone of psychiatric practice, but it is **not absolute** when there is a serious and imminent threat of harm to an identifiable individual.
- The **duty to protect** a potential victim *outweighs* the duty to maintain confidentiality in such extreme circumstances.
Business associate agreements US Medical PG Question 6: A 36-year-old man comes to the physician because of a 2-week history of productive cough, weight loss, and intermittent fever. He recently returned from a 6-month medical deployment to Indonesia. He appears tired. Physical examination shows nontender, enlarged, palpable cervical lymph nodes. An x-ray of the chest shows right-sided hilar lymphadenopathy. A sputum smear shows acid-fast bacilli. A diagnosis of pulmonary tuberculosis is made from PCR testing of the sputum. The patient requests that the physician does not inform anyone of this diagnosis because he is worried about losing his job. Which of the following is the most appropriate initial action by the physician?
- A. Request the patient's permission to discuss the diagnosis with an infectious disease specialist
- B. Assure the patient that his diagnosis will remain confidential
- C. Confirm the diagnosis with a sputum culture
- D. Notify all of the patient's household contacts of the diagnosis
- E. Inform the local public health department of the diagnosis (Correct Answer)
Business associate agreements Explanation: ***Inform the local public health department of the diagnosis***
- **Tuberculosis** is a **reportable disease** to public health authorities due to its significant public health implications, including the risk of transmission.
- Physicians have a **legal and ethical obligation** to report such diagnoses to protect the community, even against a patient's wishes for secrecy.
*Request the patient's permission to discuss the diagnosis with an infectious disease specialist*
- While consulting an infectious disease specialist is often beneficial for managing TB, the immediate and most appropriate initial action is related to **public health notification**.
- Delaying notification to seek patient permission first would **compromise public health safety** regarding a reportable disease.
*Assure the patient that his diagnosis will remain confidential*
- This assurance would be **misleading and unethical** because TB is a reportable condition, meaning its confidentiality is necessarily breached for public health purposes.
- Physicians are bound by law to report communicable diseases, which supersedes general confidentiality in this specific context.
*Confirm the diagnosis with a sputum culture*
- The diagnosis of pulmonary tuberculosis has already been established by a **sputum smear showing acid-fast bacilli** and **PCR testing**, which are highly reliable.
- While a sputum culture provides drug susceptibility information, it is not the *initial* most appropriate action regarding the patient's stated concerns about confidentiality in the context of a reportable disease.
*Notify all of the patient's household contacts of the diagnosis*
- While contact tracing is an important part of TB control, it is typically initiated and managed by the **public health department** after notification.
- The physician's primary responsibility is to notify the health department, who then assumes the role of **contact investigation** and management.
Business associate agreements US Medical PG Question 7: A 28-year-old male presents to his primary care physician with complaints of intermittent abdominal pain and alternating bouts of constipation and diarrhea. His medical chart is not significant for any past medical problems or prior surgeries. He is not prescribed any current medications. Which of the following questions would be the most useful next question in eliciting further history from this patient?
- A. "Does the diarrhea typically precede the constipation, or vice-versa?"
- B. "Is the diarrhea foul-smelling?"
- C. "Please rate your abdominal pain on a scale of 1-10, with 10 being the worst pain of your life"
- D. "Are the symptoms worse in the morning or at night?"
- E. "Can you tell me more about the symptoms you have been experiencing?" (Correct Answer)
Business associate agreements Explanation: ***Can you tell me more about the symptoms you have been experiencing?***
- This **open-ended question** encourages the patient to provide a **comprehensive narrative** of their symptoms, including details about onset, frequency, duration, alleviating/aggravating factors, and associated symptoms, which is crucial for diagnosis.
- In a patient presenting with vague, intermittent symptoms like alternating constipation and diarrhea, allowing them to elaborate freely can reveal important clues that might not be captured by more targeted questions.
*Does the diarrhea typically precede the constipation, or vice-versa?*
- While knowing the sequence of symptoms can be helpful in understanding the **pattern of bowel dysfunction**, it is a very specific question that might overlook other important aspects of the patient's experience.
- It prematurely narrows the focus without first obtaining a broad understanding of the patient's overall symptomatic picture.
*Is the diarrhea foul-smelling?*
- Foul-smelling diarrhea can indicate **malabsorption** or **bacterial overgrowth**, which are important to consider in some gastrointestinal conditions.
- However, this is a **specific symptom inquiry** that should follow a more general exploration of the patient's symptoms, as it may not be relevant if other crucial details are missed.
*Please rate your abdominal pain on a scale of 1-10, with 10 being the worst pain of your life*
- Quantifying pain intensity is useful for assessing the **severity of discomfort** and monitoring changes over time.
- However, for a patient with intermittent rather than acute, severe pain, understanding the **character, location, and triggers** of the pain is often more diagnostically valuable than just a numerical rating initially.
*Are the symptoms worse in the morning or at night?*
- Diurnal variation can be relevant in certain conditions, such as inflammatory bowel diseases where nocturnal symptoms might be more concerning, or functional disorders whose symptoms might be stress-related.
- This is another **specific question** that should come after gathering a more complete initial picture of the patient's symptoms to ensure no key information is overlooked.
Business associate agreements US Medical PG Question 8: On a Sunday afternoon, a surgical oncologist and his family attend a football game in the city where he practices. While at the game, he runs into a physician colleague that works at the same institution. After some casual small talk, his colleague inquires, "Are you taking care of Mr. Clarke, my personal trainer? I heard through the grapevine that he has melanoma, and I didn't know if you have started him on any chemotherapy or performed any surgical intervention yet. Hopefully you'll be able to take very good care of him." In this situation, the surgical oncologist may confirm which of the following?
- A. The patient's name
- B. The patient's diagnosis
- C. The patient's treatment plan
- D. Only that Mr. Clarke is his patient
- E. No information at all (Correct Answer)
Business associate agreements Explanation: *Incorrect: The patient's name*
- Confirming the patient's name would still be a breach of **confidentiality** under **HIPAA**, as it acknowledges the individual is a patient with the inquiring physician.
- Even if the name is already known to the colleague, confirming it from the treating physician implies an **established patient relationship**, which is PHI.
*Incorrect: The patient's diagnosis*
- Disclosing the patient's diagnosis is a direct violation of **HIPAA** rules, as it releases specific **protected health information** without the patient's explicit consent.
- This information is highly sensitive and directly related to the individual's health status, which must be kept confidential.
*Incorrect: The patient's treatment plan*
- Sharing details about the **treatment plan** is a clear breach of **patient privacy** and **HIPAA regulations**.
- This information is considered **protected health information (PHI)** and can only be shared with those directly involved in the patient's care or with patient consent.
*Incorrect: Only that Mr. Clarke is his patient*
- Even confirming that Mr. Clarke is a patient constitutes a breach of **confidentiality** and **HIPAA**.
- Acknowledging a patient-physician relationship is considered releasing **protected health information** because it implicitly confirms health services are being rendered to that individual.
***Correct: No information at all***
- Disclosure of any protected health information (PHI) to unauthorized individuals, even other healthcare professionals, is a violation of **HIPAA**.
- The colleague did not establish a **physician-patient relationship** with Mr. Clarke, nor did they have a legitimate need to know this information for treatment, payment, or healthcare operations.
- Without patient authorization or a legitimate purpose under the **Privacy Rule**, the surgical oncologist must not confirm any PHI, including the mere existence of a patient-physician relationship.
Business associate agreements US Medical PG Question 9: A 17-year-old male, accompanied by his uncle, presents to a doctor with his arm in a sling. There is blood dripping down his shirt. He pleads with the physician to not report this injury to authorities, offering to pay extra for his visit, as he is afraid of retaliation from his rival gang. The physician examines the wound, which appears to be a stabbing injury to his left anterior deltoid. This case study in medical ethics asks: How should the physician best handle this patient's request?
- A. Maintain confidentiality, as reporting stab wounds is not required
- B. Breach confidentiality and discuss the injury with the uncle
- C. Breach confidentiality and report the stab wound to the police (Correct Answer)
- D. Maintain confidentiality and schedule a follow-up visit with the patient
- E. Maintain confidentiality, as retaliation may result in greater harm to the patient
Business associate agreements Explanation: ***Breach confidentiality and report the stab wound to the police***
- Physicians in the United States have a **mandatory reporting obligation** for injuries resulting from violent crimes, including stab wounds, regardless of the patient's wishes.
- **State laws** require reporting of suspected criminal activity involving weapons, and physicians are **legally protected** from liability when making good-faith mandatory reports.
- While the principle of **non-maleficence** is important, **legal duties** take precedence, and physicians cannot selectively choose when to comply with mandatory reporting laws based on patient circumstances.
- The physician should explain to the patient that reporting is required by law, provide compassionate care, and potentially connect the patient with **social services** or **law enforcement victim support** to address safety concerns.
*Maintain confidentiality, as retaliation may result in greater harm to the patient*
- While concern for patient safety is understandable, **mandatory reporting laws do not have exceptions** for fear of retaliation.
- Physicians who fail to report may face **professional discipline**, **civil liability**, and potentially **criminal penalties** depending on jurisdiction.
- The proper approach is to report as required while simultaneously working to ensure patient safety through appropriate **social work intervention** and **victim protection resources**.
*Maintain confidentiality and schedule a follow-up visit with the patient*
- Simply scheduling follow-up care while failing to report violates **mandatory reporting statutes** for violent injuries.
- This approach ignores the physician's **legal obligation** and could result in professional consequences.
- Follow-up care should be provided **in addition to**, not instead of, mandatory reporting.
*Maintain confidentiality, as reporting stab wounds is not required*
- This is **factually incorrect**; virtually all U.S. jurisdictions require reporting of injuries from violent crimes, particularly those involving weapons.
- Failure to report based on this misunderstanding could lead to **licensure sanctions** and legal liability.
*Breach confidentiality and discuss the injury with the uncle*
- The 17-year-old patient is a **minor**, but discussing details with the uncle without explicit consent or confirmed guardianship status is inappropriate.
- The uncle's presence does not automatically grant him **HIPAA authorization** to receive protected health information.
- The correct action is to report to **appropriate authorities** (police), not to involve family members without proper consent or legal authority.
Business associate agreements US Medical PG Question 10: A 42-year-old woman presents to the physician with symptoms of vague abdominal pain and bloating for several months. Test results indicate that she has ovarian cancer. Her physician attempts to reach her by phone multiple times but cannot reach her. Next of kin numbers are in her chart. According to HIPAA regulations, who should be the primary person the doctor discusses this information with?
- A. The patient's brother
- B. The patient's husband
- C. The patient's daughter
- D. All of the options
- E. The patient (Correct Answer)
Business associate agreements Explanation: ***The patient***
- Under **HIPAA**, the patient has the **right to privacy** regarding their protected health information (PHI). Therefore, the physician must make all reasonable attempts to contact the patient directly to convey their diagnosis.
- Sharing sensitive medical information like a cancer diagnosis with anyone other than the patient, without their explicit consent, would be a **violation of HIPAA regulations**.
*The patient's brother*
- The patient's brother is not automatically authorized to receive her medical information, even if listed as **next of kin**, without the patient's explicit consent or a documented **healthcare power of attorney**.
- Discussing the diagnosis with the brother without the patient's direct consent would be a **breach of patient confidentiality**.
*The patient's husband*
- Even a spouse does not automatically have the right to access a patient's **PHI** without the patient's express permission, according to **HIPAA**.
- While often a trusted contact, without explicit consent, revealing the diagnosis to the husband would still violate the patient's **privacy rights**.
*The patient's daughter*
- Similar to other family members, the patient's daughter is not legally entitled to receive her mother's confidential medical information without explicit authorization or a medical **power of attorney**.
- The physician's primary responsibility is to the patient herself, ensuring her **privacy** is maintained.
*All of the options*
- According to **HIPAA**, sharing the patient's diagnosis with any family member without her explicit consent would be a **breach of confidentiality**.
- This option incorrectly assumes that **next of kin** automatically have the right to receive sensitive medical information.
More Business associate agreements US Medical PG questions available in the OnCourse app. Practice MCQs, flashcards, and get detailed explanations.
