De-identification standards US Medical PG Practice Questions and MCQs
Practice US Medical PG questions for De-identification standards. These multiple choice questions (MCQs) cover important concepts and help you prepare for your exams.
De-identification standards US Medical PG Question 1: A 79-year-old male presents to your office for his annual flu shot. On physical exam you note several linear bruises on his back. Upon further questioning he denies abuse from his daughter and son-in-law, who live in the same house. The patient states he does not want this information shared with anyone. What is the most appropriate next step, paired with its justification?
- A. Breach patient confidentiality, as this patient's care should be discussed with the daughter as she is his primary caregiver
- B. See the patient back in 2 weeks and assess whether the patient's condition has improved, as his condition is not severe
- C. Do not break patient confidentiality, as elder abuse reporting is not mandatory
- D. Do not break patient confidentiality, as this would potentially worsen the situation
- E. Breach patient confidentiality, as this patient is a potential victim of elder abuse and reporting is mandated in most states (Correct Answer)
De-identification standards Explanation: ***Breach patient confidentiality, as this patient is a potential victim of elder abuse and reporting is mandated in most states***
- As a physician, there is a **legal and ethical obligation** to report suspected elder abuse in most US states, even when the patient denies it and requests confidentiality.
- Physicians are typically **mandatory reporters** under state law, and must report to Adult Protective Services or law enforcement when elder abuse is suspected.
- The patient's safety and legal requirements outweigh the right to confidentiality in jurisdictions with mandatory reporting laws.
*Breach patient confidentiality, as this patient's care should be discussed with the daughter as she is his primary caregiver*
- Breaching confidentiality to discuss this with the daughter would be inappropriate, especially since the daughter and son-in-law are the **suspected abusers**.
- Discussing with the primary caregiver is only appropriate if the patient has given **explicit consent** and there are no suspicions of abuse from that caregiver.
*See the patient back in 2 weeks and assess whether the patient's condition has improved, as his condition is not severe*
- This option is inappropriate because it delays intervention in a potentially **dangerous situation**.
- Suspected abuse warrants **immediate action** to ensure the patient's safety, regardless of the perceived severity of current injuries.
*Do not break patient confidentiality, as elder abuse reporting is not mandatory*
- In **most states**, physicians have **mandatory reporting laws** for elder abuse, making this statement generally incorrect.
- Physicians are typically considered "mandated reporters" and are legally required to report suspected abuse to the appropriate authorities in their jurisdiction.
*Do not break patient confidentiality, as this would potentially worsen the situation*
- While this is a valid concern in some situations, the **primary responsibility** of a physician is to protect vulnerable patients from harm.
- Reporting suspected abuse initiates protective measures and is legally required in most states, as the potential benefit of intervention outweighs the risk of worsening the situation.
De-identification standards US Medical PG Question 2: A 42-year-old woman presents to the physician with symptoms of vague abdominal pain and bloating for several months. Test results indicate that she has ovarian cancer. Her physician attempts to reach her by phone multiple times but cannot reach her. Next of kin numbers are in her chart. According to HIPAA regulations, who should be the primary person the doctor discusses this information with?
- A. The patient's brother
- B. The patient's husband
- C. The patient's daughter
- D. All of the options
- E. The patient (Correct Answer)
De-identification standards Explanation: ***The patient***
- Under **HIPAA**, the patient has the **right to privacy** regarding their protected health information (PHI). Therefore, the physician must make all reasonable attempts to contact the patient directly to convey their diagnosis.
- Sharing sensitive medical information like a cancer diagnosis with anyone other than the patient, without their explicit consent, would be a **violation of HIPAA regulations**.
*The patient's brother*
- The patient's brother is not automatically authorized to receive her medical information, even if listed as **next of kin**, without the patient's explicit consent or a documented **healthcare power of attorney**.
- Discussing the diagnosis with the brother without the patient's direct consent would be a **breach of patient confidentiality**.
*The patient's husband*
- Even a spouse does not automatically have the right to access a patient's **PHI** without the patient's express permission, according to **HIPAA**.
- While often a trusted contact, without explicit consent, revealing the diagnosis to the husband would still violate the patient's **privacy rights**.
*The patient's daughter*
- Similar to other family members, the patient's daughter is not legally entitled to receive her mother's confidential medical information without explicit authorization or a medical **power of attorney**.
- The physician's primary responsibility is to the patient herself, ensuring her **privacy** is maintained.
*All of the options*
- According to **HIPAA**, sharing the patient's diagnosis with any family member without her explicit consent would be a **breach of confidentiality**.
- This option incorrectly assumes that **next of kin** automatically have the right to receive sensitive medical information.
De-identification standards US Medical PG Question 3: A psychiatrist receives a call from a patient who expresses thoughts of harming his ex-girlfriend. The patient describes a detailed plan to attack her at her workplace. Which of the following represents the psychiatrist's most appropriate legal obligation?
- A. Warn the ex-girlfriend and notify law enforcement (Correct Answer)
- B. Only notify the patient's family
- C. Warn only law enforcement
- D. Maintain patient confidentiality
De-identification standards Explanation: ***Warn the ex-girlfriend and notify law enforcement***
- This scenario directly triggers the **"duty to warn"** and **"duty to protect"** principles, primarily stemming from the **Tarasoff v. Regents of the University of California** case.
- The psychiatrist has a legal obligation to take reasonable steps to protect the identifiable victim, which includes directly warning the intended victim and informing law enforcement.
*Only notify the patient's family*
- Notifying the patient's family alone does not fulfill the **legal obligation to protect** an identifiable third party from a serious threat of harm.
- While family involvement might be part of a comprehensive safety plan, it is insufficient as the sole action in this critical situation.
*Warn only law enforcement*
- While notifying law enforcement is a crucial step, the **Tarasoff duty** specifically mandates warning the **intended victim** directly (or those who can reasonably be expected to notify the victim).
- Relying solely on law enforcement might not ensure the immediate safety of the ex-girlfriend, especially if there's a delay in their response or ability to locate her.
*Maintain patient confidentiality*
- Patient confidentiality is a cornerstone of psychiatric practice, but it is **not absolute** when there is a serious and imminent threat of harm to an identifiable individual.
- The **duty to protect** a potential victim *outweighs* the duty to maintain confidentiality in such extreme circumstances.
De-identification standards US Medical PG Question 4: A 75-year-old nursing home resident presents with multiple unexplained bruises in various stages of healing on the upper arms and inner thighs. The patient appears withdrawn and anxious when staff members enter the room. Which of the following is the most appropriate next step?
- A. Request psychiatric consultation
- B. Prescribe anti-anxiety medication
- C. Schedule follow-up in one week
- D. Report suspected abuse to adult protective services (Correct Answer)
De-identification standards Explanation: ***Report suspected abuse to adult protective services***
- Multiple unexplained bruises in various stages of healing, particularly on the **upper arms and inner thighs**, are highly suspicious for **physical abuse**, especially in an elderly, vulnerable patient.
- The patient's withdrawn and anxious behavior around staff further supports a suspicion of abuse, necessitating immediate reporting to Adult Protective Services as a **mandated reporter**.
*Request psychiatric consultation*
- While the patient's anxiety and withdrawal might warrant psychiatric evaluation, addressing the potential **physical abuse** takes immediate precedence due to safety concerns.
- A psychiatric consultation alone would not address the root cause of potential harm or ensure the patient's safety.
*Prescribe anti-anxiety medication*
- Administering anti-anxiety medication would only mask the symptoms (anxiety) without investigating or resolving the underlying cause of distress, which appears to be related to **potential abuse**.
- This approach could delay identification of a serious safety issue, potentially putting the patient at further risk.
*Schedule follow-up in one week*
- Delaying action for a week is inappropriate given the strong suspicion of ongoing **abuse** and the patient's vulnerability.
- Waiting could allow further harm to occur and does not fulfill the ethical and legal obligations of a healthcare professional in cases of suspected abuse.
De-identification standards US Medical PG Question 5: A 36-year-old man comes to the physician because of a 2-week history of productive cough, weight loss, and intermittent fever. He recently returned from a 6-month medical deployment to Indonesia. He appears tired. Physical examination shows nontender, enlarged, palpable cervical lymph nodes. An x-ray of the chest shows right-sided hilar lymphadenopathy. A sputum smear shows acid-fast bacilli. A diagnosis of pulmonary tuberculosis is made from PCR testing of the sputum. The patient requests that the physician does not inform anyone of this diagnosis because he is worried about losing his job. Which of the following is the most appropriate initial action by the physician?
- A. Request the patient's permission to discuss the diagnosis with an infectious disease specialist
- B. Assure the patient that his diagnosis will remain confidential
- C. Confirm the diagnosis with a sputum culture
- D. Notify all of the patient's household contacts of the diagnosis
- E. Inform the local public health department of the diagnosis (Correct Answer)
De-identification standards Explanation: ***Inform the local public health department of the diagnosis***
- **Tuberculosis** is a **reportable disease** to public health authorities due to its significant public health implications, including the risk of transmission.
- Physicians have a **legal and ethical obligation** to report such diagnoses to protect the community, even against a patient's wishes for secrecy.
*Request the patient's permission to discuss the diagnosis with an infectious disease specialist*
- While consulting an infectious disease specialist is often beneficial for managing TB, the immediate and most appropriate initial action is related to **public health notification**.
- Delaying notification to seek patient permission first would **compromise public health safety** regarding a reportable disease.
*Assure the patient that his diagnosis will remain confidential*
- This assurance would be **misleading and unethical** because TB is a reportable condition, meaning its confidentiality is necessarily breached for public health purposes.
- Physicians are bound by law to report communicable diseases, which supersedes general confidentiality in this specific context.
*Confirm the diagnosis with a sputum culture*
- The diagnosis of pulmonary tuberculosis has already been established by a **sputum smear showing acid-fast bacilli** and **PCR testing**, which are highly reliable.
- While a sputum culture provides drug susceptibility information, it is not the *initial* most appropriate action regarding the patient's stated concerns about confidentiality in the context of a reportable disease.
*Notify all of the patient's household contacts of the diagnosis*
- While contact tracing is an important part of TB control, it is typically initiated and managed by the **public health department** after notification.
- The physician's primary responsibility is to notify the health department, who then assumes the role of **contact investigation** and management.
De-identification standards US Medical PG Question 6: A 72-year-old woman is brought to the emergency department with dyspnea for 2 days. She is on regular hemodialysis at 3 sessions a week but missed her last session due to an unexpected trip. She has a history of congestive heart failure. After urgent hemodialysis, the patient’s dyspnea does not improve as expected. The cardiologist is consulted. After evaluation of the patient, he notes in the patient’s electronic record: “the patient does not have a chronic heart condition and a cardiac cause of dyspnea is unlikely.” The following morning, the nurse finds the cardiologist’s notes about the patient not having congestive heart failure odd. The patient had a clear history of congestive heart failure with an ejection fraction of 35%. After further investigation, the nurse realizes that the cardiologist evaluated the patient’s roommate. She is an elderly woman with a similar first name. She is also on chronic hemodialysis. To prevent similar future errors, the most appropriate strategy is to use which of the following?
- A. Two patient identifiers at every nurse-patient encounter
- B. A patient’s medical identification number at every encounter by any healthcare provider
- C. Two patient identifiers at every patient encounter by any healthcare provider (Correct Answer)
- D. Two patient identifiers at every physician-patient encounter
- E. A patient’s medical identification number at every physician-patient encounter
De-identification standards Explanation: ***Two patient identifiers at every patient encounter by any healthcare provider***
- This strategy ensures that **all healthcare providers**, not just nurses or physicians, verify the patient's identity using at least **two distinct identifiers** before any interaction, greatly reducing the risk of mix-ups.
- This comprehensive approach prevents errors like the one described, where a cardiologist evaluated the wrong patient due to similar names and circumstances, ensuring **patient safety** and appropriate care delivery.
*Two patient identifiers at every nurse-patient encounter*
- While important, limiting identification to nurse-patient encounters would **miss opportunities for error by other healthcare providers**, such as physicians, technicians, or pharmacists.
- The scenario explicitly states the error was made by a **cardiologist**, indicating that relying solely on nurses for identification is insufficient.
*A patient’s medical identification number at every encounter by any healthcare provider*
- Although the **medical identification number** is a valid identifier, relying on a *single* identifier still carries a risk, especially if typed or read incorrectly.
- **Two distinct identifiers** (e.g., name and date of birth, or name and medical record number) are the **gold standard** to minimize errors.
*Two patient identifiers at every physician-patient encounter*
- This option, while improving physician encounters, **fails to cover interactions with other crucial healthcare team members** (e.g., nurses, phlebotomists, imaging technicians) where patient misidentification can still occur.
- A comprehensive patient safety strategy must extend beyond physician interactions to **all points of care**.
*A patient’s medical identification number at every physician-patient encounter*
- This option combines the weaknesses of using only a **single identifier** and limiting the scope to **only physician encounters**, leaving multiple vulnerabilities for patient misidentification throughout the healthcare process.
- The **Joint Commission's National Patient Safety Goals** explicitly recommend using at least **two patient identifiers**.
De-identification standards US Medical PG Question 7: A 26-year-old man comes to the emergency department because of a 1-week history of fever, throat pain, and difficulty swallowing. Head and neck examination shows an erythematous pharynx with purulent exudates overlying the palatine tonsils. Microscopic examination of a throat culture shows pink, spherical bacteria arranged in chains. Treatment with amoxicillin is initiated. A day later, a physician colleague from another department approaches the physician in the lobby of the hospital and asks about this patient, saying, "Did you see him? What does he have? He's someone I play football with and he hasn't come to play for the past 5 days. I'm worried about him." Which of the following is the most appropriate action by the physician?
- A. Inform the colleague that they should ask the patient's attending physician
- B. Inform the colleague that they cannot divulge any information about the patient (Correct Answer)
- C. Tell the colleague the patient's case file number so they can look it up themselves
- D. Tell the colleague that they cannot tell them the diagnosis but that their friend was treated with antibiotics
- E. Ask the colleague to meet in the office so they can discuss the patient in private
De-identification standards Explanation: ***Inform the colleague that they cannot divulge any information about the patient***
- The **Health Insurance Portability and Accountability Act (HIPAA)** strictly prohibits the disclosure of a patient's **Protected Health Information (PHI)** without their explicit consent.
- Even if the inquirer knows the patient, a physician-patient relationship creates a **duty of confidentiality** that supersedes personal acquaintance.
- Disclosing any information without patient consent, even to another physician, violates HIPAA regulations.
*Tell the colleague the patient's case file number so they can look it up themselves*
- Providing the case file number would enable unauthorized access to the patient's medical records, thereby violating **patient confidentiality** and **HIPAA regulations**.
- This action does not rectify the breach of confidentiality and escalates the potential for further misuse of PHI.
*Inform the colleague that they should ask the patient's attending physician*
- Recommending that the colleague ask the attending physician shifts the burden but does not address the underlying ethical and legal obligation of the current physician to maintain **confidentiality**.
- The attending physician would also be bound by **HIPAA** and ethical guidelines not to disclose information without consent.
*Tell the colleague that they cannot tell them the diagnosis but that their friend was treated with antibiotics*
- While seemingly less specific, stating that the friend was treated with **antibiotics** is still a disclosure of **Protected Health Information (PHI)**.
- This action violates **patient confidentiality** as it reveals a detail of the patient's medical management without consent.
*Ask the colleague to meet in the office so they can discuss the patient in private*
- Moving to a private setting does not negate the fact that discussing the patient's information with an unauthorized individual is a **breach of confidentiality**.
- The location of the conversation does not change the ethical and legal obligations to protect **PHI**.
De-identification standards US Medical PG Question 8: On a Sunday afternoon, a surgical oncologist and his family attend a football game in the city where he practices. While at the game, he runs into a physician colleague that works at the same institution. After some casual small talk, his colleague inquires, "Are you taking care of Mr. Clarke, my personal trainer? I heard through the grapevine that he has melanoma, and I didn't know if you have started him on any chemotherapy or performed any surgical intervention yet. Hopefully you'll be able to take very good care of him." In this situation, the surgical oncologist may confirm which of the following?
- A. The patient's name
- B. The patient's diagnosis
- C. The patient's treatment plan
- D. Only that Mr. Clarke is his patient
- E. No information at all (Correct Answer)
De-identification standards Explanation: *Incorrect: The patient's name*
- Confirming the patient's name would still be a breach of **confidentiality** under **HIPAA**, as it acknowledges the individual is a patient with the inquiring physician.
- Even if the name is already known to the colleague, confirming it from the treating physician implies an **established patient relationship**, which is PHI.
*Incorrect: The patient's diagnosis*
- Disclosing the patient's diagnosis is a direct violation of **HIPAA** rules, as it releases specific **protected health information** without the patient's explicit consent.
- This information is highly sensitive and directly related to the individual's health status, which must be kept confidential.
*Incorrect: The patient's treatment plan*
- Sharing details about the **treatment plan** is a clear breach of **patient privacy** and **HIPAA regulations**.
- This information is considered **protected health information (PHI)** and can only be shared with those directly involved in the patient's care or with patient consent.
*Incorrect: Only that Mr. Clarke is his patient*
- Even confirming that Mr. Clarke is a patient constitutes a breach of **confidentiality** and **HIPAA**.
- Acknowledging a patient-physician relationship is considered releasing **protected health information** because it implicitly confirms health services are being rendered to that individual.
***Correct: No information at all***
- Disclosure of any protected health information (PHI) to unauthorized individuals, even other healthcare professionals, is a violation of **HIPAA**.
- The colleague did not establish a **physician-patient relationship** with Mr. Clarke, nor did they have a legitimate need to know this information for treatment, payment, or healthcare operations.
- Without patient authorization or a legitimate purpose under the **Privacy Rule**, the surgical oncologist must not confirm any PHI, including the mere existence of a patient-physician relationship.
De-identification standards US Medical PG Question 9: A 17-year-old male, accompanied by his uncle, presents to a doctor with his arm in a sling. There is blood dripping down his shirt. He pleads with the physician to not report this injury to authorities, offering to pay extra for his visit, as he is afraid of retaliation from his rival gang. The physician examines the wound, which appears to be a stabbing injury to his left anterior deltoid. This case study in medical ethics asks: How should the physician best handle this patient's request?
- A. Maintain confidentiality, as reporting stab wounds is not required
- B. Breach confidentiality and discuss the injury with the uncle
- C. Breach confidentiality and report the stab wound to the police (Correct Answer)
- D. Maintain confidentiality and schedule a follow-up visit with the patient
- E. Maintain confidentiality, as retaliation may result in greater harm to the patient
De-identification standards Explanation: ***Breach confidentiality and report the stab wound to the police***
- Physicians in the United States have a **mandatory reporting obligation** for injuries resulting from violent crimes, including stab wounds, regardless of the patient's wishes.
- **State laws** require reporting of suspected criminal activity involving weapons, and physicians are **legally protected** from liability when making good-faith mandatory reports.
- While the principle of **non-maleficence** is important, **legal duties** take precedence, and physicians cannot selectively choose when to comply with mandatory reporting laws based on patient circumstances.
- The physician should explain to the patient that reporting is required by law, provide compassionate care, and potentially connect the patient with **social services** or **law enforcement victim support** to address safety concerns.
*Maintain confidentiality, as retaliation may result in greater harm to the patient*
- While concern for patient safety is understandable, **mandatory reporting laws do not have exceptions** for fear of retaliation.
- Physicians who fail to report may face **professional discipline**, **civil liability**, and potentially **criminal penalties** depending on jurisdiction.
- The proper approach is to report as required while simultaneously working to ensure patient safety through appropriate **social work intervention** and **victim protection resources**.
*Maintain confidentiality and schedule a follow-up visit with the patient*
- Simply scheduling follow-up care while failing to report violates **mandatory reporting statutes** for violent injuries.
- This approach ignores the physician's **legal obligation** and could result in professional consequences.
- Follow-up care should be provided **in addition to**, not instead of, mandatory reporting.
*Maintain confidentiality, as reporting stab wounds is not required*
- This is **factually incorrect**; virtually all U.S. jurisdictions require reporting of injuries from violent crimes, particularly those involving weapons.
- Failure to report based on this misunderstanding could lead to **licensure sanctions** and legal liability.
*Breach confidentiality and discuss the injury with the uncle*
- The 17-year-old patient is a **minor**, but discussing details with the uncle without explicit consent or confirmed guardianship status is inappropriate.
- The uncle's presence does not automatically grant him **HIPAA authorization** to receive protected health information.
- The correct action is to report to **appropriate authorities** (police), not to involve family members without proper consent or legal authority.
More De-identification standards US Medical PG questions available in the OnCourse app. Practice MCQs, flashcards, and get detailed explanations.
