Electronic health record safeguards US Medical PG Practice Questions and MCQs
Practice US Medical PG questions for Electronic health record safeguards. These multiple choice questions (MCQs) cover important concepts and help you prepare for your exams.
Electronic health record safeguards US Medical PG Question 1: A 32-year-old man visits a clinic for routine health check-up. He discloses having an extramarital relationship several months ago and requests screening for sexually transmitted infections. One week later, his fourth-generation HIV antibody and antigen test returns positive. After appropriate counseling about the diagnosis, the patient explicitly requests that his HIV status not be disclosed to anyone, including his wife. The patient's wife is also registered as a patient at the same clinic. According to US medical ethics and patient confidentiality laws, what is the most appropriate next step for the physician?
- A. Inform the wife immediately of the positive result
- B. Schedule a group meeting with the patient and wife to disclose the results
- C. Wait for one week before you disclose the results to his wife
- D. Report the infection to the national health authorities
- E. Offer the patient repeat antibody testing to confirm results (Correct Answer)
Electronic health record safeguards Explanation: ***Offer the patient repeat antibody testing to confirm results***
- Before taking any steps regarding disclosure or partner notification, **confirming the diagnosis with repeat testing is essential**, especially since fourth-generation tests can have false positives.
- According to **CDC guidelines**, a reactive HIV screening test (antigen/antibody combination test) should be followed by **confirmatory testing** with HIV-1/HIV-2 antibody differentiation assay and potentially HIV-1 RNA testing.
- Once confirmed, the physician should engage in **ongoing counseling** about the importance of disclosing to sexual partners while maintaining confidentiality unless permitted by state law or the patient consents.
- The physician can offer **voluntary partner notification services** through the health department for anonymous notification.
*Inform the wife immediately of the positive result*
- Under **HIPAA and medical ethics**, directly informing the wife without patient consent is a **breach of confidentiality** and violates federal privacy laws.
- While some states have exceptions allowing disclosure to identifiable third parties at risk, this is **not the first step** and requires careful legal review.
- The physician's primary duty is to maintain confidentiality while counseling the patient.
*Schedule a group meeting with the patient and wife to disclose the results*
- Arranging a joint disclosure session without the patient's **explicit consent** violates confidentiality principles.
- While the physician should **encourage** the patient to disclose to his wife, forcing or arranging disclosure without consent is inappropriate.
- The physician should offer support for voluntary disclosure but cannot mandate it.
*Wait for one week before you disclose the results to his wife*
- Delaying disclosure does not change the ethical and legal requirement for **patient consent**.
- Unilateral disclosure to the wife, regardless of timing, remains a **HIPAA violation** and breach of medical ethics.
- The appropriate approach is ongoing counseling and offering partner notification services, not unauthorized disclosure.
*Report the infection to the national health authorities*
- HIV is a **nationally notifiable disease** to the CDC, but reporting is done with **de-identified or limited identifiers** for surveillance purposes, not with full patient details that would breach confidentiality.
- Mandatory reporting to public health authorities is **separate from partner notification** and does not resolve the ethical dilemma regarding spousal disclosure.
- This reporting does not substitute for confirming the diagnosis first.
Electronic health record safeguards US Medical PG Question 2: A 68-year-old man comes to the physician for a follow-up examination, accompanied by his daughter. Two years ago, he was diagnosed with localized prostate cancer, for which he underwent radiation therapy. He moved to the area 1 month ago to be closer to his daughter but continues to live independently. He was recently diagnosed with osteoblastic metastases to the spine and is scheduled to initiate therapy next week. In private, the patient’s daughter says that he has been losing weight and wetting the bed, and she tearfully asks the physician if his prostate cancer has returned. She says that her father has not spoken with her about his health recently. The patient has previously expressed to the physician that he does not want his family members to know about his condition because they “would worry too much.” Which of the following initial statements by the physician is most appropriate?
- A. “As your father's physician, I think that it's important that you know that his prostate cancer has returned. However, we are confident that he will respond well to treatment.”
- B. “I'm sorry, I can't discuss any information with you without his permission. I recommend that you have an open discussion with your father.” (Correct Answer)
- C. “It concerns me that he's not speaking openly with you. I recommend that you seek medical power of attorney for your father. Then, we can legally discuss his diagnosis and treatment options together.”
- D. “It’s difficult to deal with parents aging, but I have experience helping families cope. We should sit down with your father and discuss this situation together.”
- E. “Your father is very ill and may not want you to know the details. I can imagine it's frustrating for you, but you have to respect his discretion.”
Electronic health record safeguards Explanation: ***“I'm sorry, I can't discuss any information with you without his permission. I recommend that you have an open discussion with your father.”***
- This statement upholds **patient confidentiality** and **autonomy**, as the patient explicitly stated he did not want his family to know about his condition.
- It encourages communication between the patient and his daughter, which is the most appropriate way for her to learn about his health status.
*“As your father's physician, I think that it's important that you know that his prostate cancer has returned. However, we are confident that he will respond well to treatment.”*
- This violates the patient's **confidentiality** and explicit wish to keep his medical information private from his family.
- Sharing medical information without explicit consent, even with family, is a breach of ethical and legal guidelines (e.g., **HIPAA** in the United States).
*“It concerns me that he's not speaking openly with you. I recommend that you seek medical power of attorney for your father. Then, we can legally discuss his diagnosis and treatment options together.”*
- While seeking medical power of attorney is an option for future decision-making, it is **premature and inappropriate** to suggest it solely to bypass the patient's current desire for confidentiality, especially when he is still competent to make his own decisions.
- This suggestion could undermine the patient's autonomy and trust in his physician.
*“It’s difficult to deal with parents aging, but I have experience helping families cope. We should sit down with your father and discuss this situation together.”*
- This statement, while empathetic, still risks undermining the patient's **autonomy** by pushing for a joint discussion against his explicit wishes to keep his family unaware.
- The physician's primary obligation is to the patient's stated preferences regarding his medical information.
*“Your father is very ill and may not want you to know the details. I can imagine it's frustrating for you, but you have to respect his discretion.”*
- While this statement acknowledges the daughter's feelings and respects the patient's discretion, it uses a somewhat **judgmental tone** ("very ill") and the phrasing "you have to respect his discretion" can come across as abrupt or dismissive rather than purely informative or guiding.
- The most appropriate initial response should focus on the **physician's inability to share information** due to confidentiality rather than attributing motives to the patient's decision or explicitly telling the daughter how to feel.
Electronic health record safeguards US Medical PG Question 3: A 42-year-old woman presents to the physician with symptoms of vague abdominal pain and bloating for several months. Test results indicate that she has ovarian cancer. Her physician attempts to reach her by phone multiple times but cannot reach her. Next of kin numbers are in her chart. According to HIPAA regulations, who should be the primary person the doctor discusses this information with?
- A. The patient's brother
- B. The patient's husband
- C. The patient's daughter
- D. All of the options
- E. The patient (Correct Answer)
Electronic health record safeguards Explanation: ***The patient***
- Under **HIPAA**, the patient has the **right to privacy** regarding their protected health information (PHI). Therefore, the physician must make all reasonable attempts to contact the patient directly to convey their diagnosis.
- Sharing sensitive medical information like a cancer diagnosis with anyone other than the patient, without their explicit consent, would be a **violation of HIPAA regulations**.
*The patient's brother*
- The patient's brother is not automatically authorized to receive her medical information, even if listed as **next of kin**, without the patient's explicit consent or a documented **healthcare power of attorney**.
- Discussing the diagnosis with the brother without the patient's direct consent would be a **breach of patient confidentiality**.
*The patient's husband*
- Even a spouse does not automatically have the right to access a patient's **PHI** without the patient's express permission, according to **HIPAA**.
- While often a trusted contact, without explicit consent, revealing the diagnosis to the husband would still violate the patient's **privacy rights**.
*The patient's daughter*
- Similar to other family members, the patient's daughter is not legally entitled to receive her mother's confidential medical information without explicit authorization or a medical **power of attorney**.
- The physician's primary responsibility is to the patient herself, ensuring her **privacy** is maintained.
*All of the options*
- According to **HIPAA**, sharing the patient's diagnosis with any family member without her explicit consent would be a **breach of confidentiality**.
- This option incorrectly assumes that **next of kin** automatically have the right to receive sensitive medical information.
Electronic health record safeguards US Medical PG Question 4: A 54-year-old man suffered an anterior wall myocardial infarction that was managed in the cath lab with emergent coronary stenting and revascularization. The patient states that his wife, adult children, and cousins may be disclosed information regarding his care and health information. The patient has been progressing well without any further complications since his initial catheterization. On hospital day #3, a woman stops you in the hall outside of the patient's room whom you recognize as the patient's cousin. She asks you about the patient's prognosis and how the patient is progressing after his heart attack. Which of the following is the most appropriate next step?
- A. Decline to comment per HIPAA patient confidentiality regulations
- B. Direct the woman to discuss these issues with the patient himself
- C. Ask the patient if it is acceptable to share information with this individual
- D. Discuss the patient's hospital course and expected prognosis with the woman
- E. Ask for identification confirming that the woman is truly the patient's cousin (Correct Answer)
Electronic health record safeguards Explanation: ***Ask for identification confirming that the woman is truly the patient's cousin***
- While **HIPAA** emphasizes patient privacy, it also allows disclosure to family members if the patient has agreed to it or if disclosure is deemed in the patient's best interest.
- The patient explicitly stated that his cousins may be disclosed information; therefore, confirming the woman's identity as a cousin is the most **appropriate first step** to determine if she is one of the individuals he approved for information disclosure.
*Decline to comment per HIPAA patient confidentiality regulations*
- This is an overly broad and potentially **unnecessary response**, as the patient has already indicated that his cousins can receive information.
- **HIPAA allows for disclosure** to family members or others involved in the patient's care if the patient expresses a preference or does not object.
*Direct the woman to discuss these issues with the patient himself*
- This option **shifts the responsibility** of disclosure from the healthcare provider, who holds the medical information, to the patient.
- While the patient can certainly share his own information, the family may be seeking **professional medical updates** that the patient might not be fully equipped to provide.
*Ask the patient if it is acceptable to share information with this individual*
- Although obtaining direct patient consent is generally a good practice, the patient has already **verbally authorized family members**, including cousins, to receive information.
- The primary outstanding issue is confirming this specific individual's relationship to the patient, rather than re-asking for permission to share with cousins in general.
*Discuss the patient's hospital course and expected prognosis with the woman*
- This action would be **premature and a violation of HIPAA** if the woman cannot be confirmed as the patient's cousin.
- **Verification of identity** and relationship is crucial before disclosing any protected health information.
Electronic health record safeguards US Medical PG Question 5: A 79-year-old man with a history of prostate cancer is brought to the emergency department because of lower abdominal pain for 1 hour. He has not urinated for 24 hours. Abdominal examination shows a palpable bladder that is tender to palpation. A pelvic ultrasound performed by the emergency department resident confirms the diagnosis of acute urinary retention. An attempt to perform transurethral catheterization is unsuccessful. A urology consultation is ordered and the urologist plans to attempt suprapubic catheterization. As the urologist is called to see a different emergency patient, she asks the emergency department resident to obtain informed consent for the procedure. The resident recalls a lecture about the different modes of catheterization, but he has never seen or performed a suprapubic catheterization himself. Which of the following statements by the emergency department resident is the most appropriate?
- A. “I would prefer that you obtain informed consent when you become available again.” (Correct Answer)
- B. “Suprapubic catheterization is not the treatment of choice for this patient.”
- C. “I would be happy to obtain informed consent on your behalf, but I'm not legally allowed to do so during my residency.”
- D. “I will make sure the patient reads and signs the informed consent form.”
- E. “I will ask the patient to waive informed consent because this is an urgent procedure.”
Electronic health record safeguards Explanation: ***"I would prefer that you obtain informed consent when you become available again."***
- Informed consent requires that the person obtaining consent be **knowledgeable about the procedure**, its risks, benefits, and alternatives, and be able to answer the patient's questions thoroughly. The resident, having never performed or seen the procedure, cannot fulfill this requirement.
- The urologist, as the attending physician performing the procedure and the expert in suprapubic catheterization, is the most appropriate person to **educate the patient and obtain consent**.
*"Suprapubic catheterization is not the treatment of choice for this patient."*
- **Urethral catheterization is the first-line treatment for acute urinary retention**; however, it was unsuccessful.
- **Suprapubic catheterization is the appropriate next step** when transurethral catheterization fails or is contraindicated.
*"I would be happy to obtain informed consent on your behalf, but I'm not legally allowed to do so during my residency."*
- There is **no legal prohibition** for a resident to obtain informed consent, provided they are competent to do so and have adequate knowledge of the procedure.
- The issue here is the resident's **lack of knowledge and experience** with the particular procedure, not their legal status as a resident.
*"I will make sure the patient reads and signs the informed consent form."*
- Simply having the patient read and sign a form is **insufficient for valid informed consent**.
- Informed consent is a **process of communication** that ensures the patient understands the procedure, not just a signature on a document.
*"I will ask the patient to waive informed consent because this is an urgent procedure."*
- While this is an urgent situation, it is **not an emergency that precludes obtaining informed consent**.
- **Waiving informed consent** is generally reserved for life-threatening emergencies where immediate intervention is required to save a patient's life and there is no time to obtain consent, which is not the case here.
Electronic health record safeguards US Medical PG Question 6: A regional academic medical center has 10 cases of adenovirus in the span of a week among its ICU patients. A committee is formed to investigate this outbreak. They are tasked with identifying the patients and interviewing the care providers to understand how adenovirus could have been spread from patient to patient. This committee will review charts, talk to the care provider teams, and investigate current patient safety and sanitation measures in the ICU. The goal of the committee is to identify weaknesses in the current system and to put in place a plan to help prevent this sort of outbreak from reoccurring in the future. The committee is most likely using what type of analysis?
- A. Simulation
- B. Root cause analysis (Correct Answer)
- C. Algorithmic analysis
- D. Heuristic analysis
- E. Failure mode and effects analysis
Electronic health record safeguards Explanation: ***Root cause analysis***
- The committee's goal is to **identify weaknesses** in the current system and **prevent recurrence**, which aligns perfectly with the principles of **root cause analysis (RCA)**.
- RCA is a structured method for **identifying the underlying causes** of problems or incidents, rather than just addressing symptoms.
*Simulation*
- **Simulation** involves creating a model of a process or system to test different scenarios and predict outcomes.
- While useful for planning, it's not the primary method for investigating an actual past event or identifying causative factors after an outbreak has occurred.
*Algorithmic analysis*
- **Algorithmic analysis** is primarily used in computer science to evaluate the efficiency and complexity of algorithms.
- It does not apply to investigating the spread of infectious diseases or healthcare system failures.
*Heuristic analysis*
- **Heuristic analysis** involves using a rule of thumb or an educated guess to solve a problem quickly and efficiently, especially when perfect solutions are not feasible.
- This approach is less systematic and comprehensive than what is required to thoroughly investigate an outbreak and identify root causes.
*Failure mode and effects analysis*
- **Failure mode and effects analysis (FMEA)** is a proactive method used to identify **potential failure modes** in a system and their effects *before* an event occurs.
- The committee is investigating an **already existing problem**, making RCA more appropriate than FMEA, which is used for risk assessment of future processes.
Electronic health record safeguards US Medical PG Question 7: A 28-year-old male presents to his primary care physician with complaints of intermittent abdominal pain and alternating bouts of constipation and diarrhea. His medical chart is not significant for any past medical problems or prior surgeries. He is not prescribed any current medications. Which of the following questions would be the most useful next question in eliciting further history from this patient?
- A. "Does the diarrhea typically precede the constipation, or vice-versa?"
- B. "Is the diarrhea foul-smelling?"
- C. "Please rate your abdominal pain on a scale of 1-10, with 10 being the worst pain of your life"
- D. "Are the symptoms worse in the morning or at night?"
- E. "Can you tell me more about the symptoms you have been experiencing?" (Correct Answer)
Electronic health record safeguards Explanation: ***Can you tell me more about the symptoms you have been experiencing?***
- This **open-ended question** encourages the patient to provide a **comprehensive narrative** of their symptoms, including details about onset, frequency, duration, alleviating/aggravating factors, and associated symptoms, which is crucial for diagnosis.
- In a patient presenting with vague, intermittent symptoms like alternating constipation and diarrhea, allowing them to elaborate freely can reveal important clues that might not be captured by more targeted questions.
*Does the diarrhea typically precede the constipation, or vice-versa?*
- While knowing the sequence of symptoms can be helpful in understanding the **pattern of bowel dysfunction**, it is a very specific question that might overlook other important aspects of the patient's experience.
- It prematurely narrows the focus without first obtaining a broad understanding of the patient's overall symptomatic picture.
*Is the diarrhea foul-smelling?*
- Foul-smelling diarrhea can indicate **malabsorption** or **bacterial overgrowth**, which are important to consider in some gastrointestinal conditions.
- However, this is a **specific symptom inquiry** that should follow a more general exploration of the patient's symptoms, as it may not be relevant if other crucial details are missed.
*Please rate your abdominal pain on a scale of 1-10, with 10 being the worst pain of your life*
- Quantifying pain intensity is useful for assessing the **severity of discomfort** and monitoring changes over time.
- However, for a patient with intermittent rather than acute, severe pain, understanding the **character, location, and triggers** of the pain is often more diagnostically valuable than just a numerical rating initially.
*Are the symptoms worse in the morning or at night?*
- Diurnal variation can be relevant in certain conditions, such as inflammatory bowel diseases where nocturnal symptoms might be more concerning, or functional disorders whose symptoms might be stress-related.
- This is another **specific question** that should come after gathering a more complete initial picture of the patient's symptoms to ensure no key information is overlooked.
Electronic health record safeguards US Medical PG Question 8: On a Sunday afternoon, a surgical oncologist and his family attend a football game in the city where he practices. While at the game, he runs into a physician colleague that works at the same institution. After some casual small talk, his colleague inquires, "Are you taking care of Mr. Clarke, my personal trainer? I heard through the grapevine that he has melanoma, and I didn't know if you have started him on any chemotherapy or performed any surgical intervention yet. Hopefully you'll be able to take very good care of him." In this situation, the surgical oncologist may confirm which of the following?
- A. The patient's name
- B. The patient's diagnosis
- C. The patient's treatment plan
- D. Only that Mr. Clarke is his patient
- E. No information at all (Correct Answer)
Electronic health record safeguards Explanation: *Incorrect: The patient's name*
- Confirming the patient's name would still be a breach of **confidentiality** under **HIPAA**, as it acknowledges the individual is a patient with the inquiring physician.
- Even if the name is already known to the colleague, confirming it from the treating physician implies an **established patient relationship**, which is PHI.
*Incorrect: The patient's diagnosis*
- Disclosing the patient's diagnosis is a direct violation of **HIPAA** rules, as it releases specific **protected health information** without the patient's explicit consent.
- This information is highly sensitive and directly related to the individual's health status, which must be kept confidential.
*Incorrect: The patient's treatment plan*
- Sharing details about the **treatment plan** is a clear breach of **patient privacy** and **HIPAA regulations**.
- This information is considered **protected health information (PHI)** and can only be shared with those directly involved in the patient's care or with patient consent.
*Incorrect: Only that Mr. Clarke is his patient*
- Even confirming that Mr. Clarke is a patient constitutes a breach of **confidentiality** and **HIPAA**.
- Acknowledging a patient-physician relationship is considered releasing **protected health information** because it implicitly confirms health services are being rendered to that individual.
***Correct: No information at all***
- Disclosure of any protected health information (PHI) to unauthorized individuals, even other healthcare professionals, is a violation of **HIPAA**.
- The colleague did not establish a **physician-patient relationship** with Mr. Clarke, nor did they have a legitimate need to know this information for treatment, payment, or healthcare operations.
- Without patient authorization or a legitimate purpose under the **Privacy Rule**, the surgical oncologist must not confirm any PHI, including the mere existence of a patient-physician relationship.
Electronic health record safeguards US Medical PG Question 9: A 17-year-old male, accompanied by his uncle, presents to a doctor with his arm in a sling. There is blood dripping down his shirt. He pleads with the physician to not report this injury to authorities, offering to pay extra for his visit, as he is afraid of retaliation from his rival gang. The physician examines the wound, which appears to be a stabbing injury to his left anterior deltoid. This case study in medical ethics asks: How should the physician best handle this patient's request?
- A. Maintain confidentiality, as reporting stab wounds is not required
- B. Breach confidentiality and discuss the injury with the uncle
- C. Breach confidentiality and report the stab wound to the police (Correct Answer)
- D. Maintain confidentiality and schedule a follow-up visit with the patient
- E. Maintain confidentiality, as retaliation may result in greater harm to the patient
Electronic health record safeguards Explanation: ***Breach confidentiality and report the stab wound to the police***
- Physicians in the United States have a **mandatory reporting obligation** for injuries resulting from violent crimes, including stab wounds, regardless of the patient's wishes.
- **State laws** require reporting of suspected criminal activity involving weapons, and physicians are **legally protected** from liability when making good-faith mandatory reports.
- While the principle of **non-maleficence** is important, **legal duties** take precedence, and physicians cannot selectively choose when to comply with mandatory reporting laws based on patient circumstances.
- The physician should explain to the patient that reporting is required by law, provide compassionate care, and potentially connect the patient with **social services** or **law enforcement victim support** to address safety concerns.
*Maintain confidentiality, as retaliation may result in greater harm to the patient*
- While concern for patient safety is understandable, **mandatory reporting laws do not have exceptions** for fear of retaliation.
- Physicians who fail to report may face **professional discipline**, **civil liability**, and potentially **criminal penalties** depending on jurisdiction.
- The proper approach is to report as required while simultaneously working to ensure patient safety through appropriate **social work intervention** and **victim protection resources**.
*Maintain confidentiality and schedule a follow-up visit with the patient*
- Simply scheduling follow-up care while failing to report violates **mandatory reporting statutes** for violent injuries.
- This approach ignores the physician's **legal obligation** and could result in professional consequences.
- Follow-up care should be provided **in addition to**, not instead of, mandatory reporting.
*Maintain confidentiality, as reporting stab wounds is not required*
- This is **factually incorrect**; virtually all U.S. jurisdictions require reporting of injuries from violent crimes, particularly those involving weapons.
- Failure to report based on this misunderstanding could lead to **licensure sanctions** and legal liability.
*Breach confidentiality and discuss the injury with the uncle*
- The 17-year-old patient is a **minor**, but discussing details with the uncle without explicit consent or confirmed guardianship status is inappropriate.
- The uncle's presence does not automatically grant him **HIPAA authorization** to receive protected health information.
- The correct action is to report to **appropriate authorities** (police), not to involve family members without proper consent or legal authority.
More Electronic health record safeguards US Medical PG questions available in the OnCourse app. Practice MCQs, flashcards, and get detailed explanations.
