HIPAA and research US Medical PG Practice Questions and MCQs
Practice US Medical PG questions for HIPAA and research. These multiple choice questions (MCQs) cover important concepts and help you prepare for your exams.
HIPAA and research US Medical PG Question 1: A research team develops a new monoclonal antibody checkpoint inhibitor for advanced melanoma that has shown promise in animal studies as well as high efficacy and low toxicity in early phase human clinical trials. The research team would now like to compare this drug to existing standard of care immunotherapy for advanced melanoma. The research team decides to conduct a non-randomized study where the novel drug will be offered to patients who are deemed to be at risk for toxicity with the current standard of care immunotherapy, while patients without such risk factors will receive the standard treatment. Which of the following best describes the level of evidence that this study can offer?
- A. Level 1
- B. Level 3 (Correct Answer)
- C. Level 5
- D. Level 4
- E. Level 2
HIPAA and research Explanation: ***Level 3***
- A **non-randomized controlled trial** like the one described, where patient assignment to treatment groups is based on specific characteristics (risk of toxicity), falls into Level 3 evidence.
- This level typically includes **non-randomized controlled trials** and **well-designed cohort studies** with comparison groups, which are prone to selection bias and confounding.
- The study compares two treatments but lacks randomization, making it Level 3 evidence.
*Level 1*
- Level 1 evidence is the **highest level of evidence**, derived from **systematic reviews and meta-analyses** of multiple well-designed randomized controlled trials or large, high-quality randomized controlled trials.
- The described study is explicitly stated as non-randomized, ruling out Level 1.
*Level 2*
- Level 2 evidence involves at least one **well-designed randomized controlled trial** (RCT) or **systematic reviews** of randomized trials.
- The current study is *non-randomized*, which means it cannot be classified as Level 2 evidence, as randomization is a key criterion for this level.
*Level 4*
- Level 4 evidence includes **case series**, **case-control studies**, and **poorly designed cohort or case-control studies**.
- While the study is non-randomized, it is a controlled comparative trial rather than a case series or retrospective case-control study, placing it at Level 3.
*Level 5*
- Level 5 evidence is the **lowest level of evidence**, typically consisting of **expert opinion** without explicit critical appraisal, or based on physiology, bench research, or animal studies.
- While the drug was initially tested in animal studies, the current human comparative study offers a higher level of evidence than expert opinion or preclinical data.
HIPAA and research US Medical PG Question 2: A 42-year-old woman presents to the physician with symptoms of vague abdominal pain and bloating for several months. Test results indicate that she has ovarian cancer. Her physician attempts to reach her by phone multiple times but cannot reach her. Next of kin numbers are in her chart. According to HIPAA regulations, who should be the primary person the doctor discusses this information with?
- A. The patient's brother
- B. The patient's husband
- C. The patient's daughter
- D. All of the options
- E. The patient (Correct Answer)
HIPAA and research Explanation: ***The patient***
- Under **HIPAA**, the patient has the **right to privacy** regarding their protected health information (PHI). Therefore, the physician must make all reasonable attempts to contact the patient directly to convey their diagnosis.
- Sharing sensitive medical information like a cancer diagnosis with anyone other than the patient, without their explicit consent, would be a **violation of HIPAA regulations**.
*The patient's brother*
- The patient's brother is not automatically authorized to receive her medical information, even if listed as **next of kin**, without the patient's explicit consent or a documented **healthcare power of attorney**.
- Discussing the diagnosis with the brother without the patient's direct consent would be a **breach of patient confidentiality**.
*The patient's husband*
- Even a spouse does not automatically have the right to access a patient's **PHI** without the patient's express permission, according to **HIPAA**.
- While often a trusted contact, without explicit consent, revealing the diagnosis to the husband would still violate the patient's **privacy rights**.
*The patient's daughter*
- Similar to other family members, the patient's daughter is not legally entitled to receive her mother's confidential medical information without explicit authorization or a medical **power of attorney**.
- The physician's primary responsibility is to the patient herself, ensuring her **privacy** is maintained.
*All of the options*
- According to **HIPAA**, sharing the patient's diagnosis with any family member without her explicit consent would be a **breach of confidentiality**.
- This option incorrectly assumes that **next of kin** automatically have the right to receive sensitive medical information.
HIPAA and research US Medical PG Question 3: A 45-year-old man is brought to the emergency department by his friends because of a 1-hour history of shortness of breath and squeezing chest pain. They were at a party where cocaine was consumed. A diagnosis of acute myocardial infarction is made. The physician stabilizes the patient and transfers him to the inpatient unit. Six hours later, his wife arrives at the emergency department and requests information about her husband's condition. Which of the following is the most appropriate action by the physician?
- A. Ask the wife for a marriage certificate
- B. Inform the wife about her husband's condition
- C. Consult the hospital ethics committee
- D. Obtain authorization from the patient to release information (Correct Answer)
- E. Request the patient's durable power of attorney document
HIPAA and research Explanation: ***Obtain authorization from the patient to release information***
- Under **HIPAA (Health Insurance Portability and Accountability Act)**, patient information is confidential and cannot be shared without their express consent, even with close family members like a spouse, once the patient is **conscious and able to make decisions**.
- The patient, being stabilized, is likely **competent** to authorize the release of his medical information to his wife, ensuring his **autonomy** and privacy are respected.
*Ask the wife for a marriage certificate*
- A marriage certificate does not automatically grant access to a spouse's medical information if the patient is **competent** and has not provided consent.
- Requesting such documentation is generally **not standard practice** and does not supersede the need for patient authorization under HIPAA.
*Inform the wife about her husband's condition*
- Releasing medical information without the patient's explicit consent would be a direct **violation of patient confidentiality** and **HIPAA regulations**, even if the individual is a spouse.
- Although well-intentioned, this action could have legal and ethical repercussions for the physician and the hospital.
*Consult the hospital ethics committee*
- While ethics committees handle complex ethical dilemmas, this situation is a straightforward matter of **patient confidentiality** and **HIPAA compliance**.
- The direct course of action is to seek patient authorization, rather than escalating to an ethics committee for a clearly defined privacy issue.
*Request the patient's durable power of attorney document*
- A **durable power of attorney (DPOA)** for healthcare is only activated when a patient is **incapacitated** and unable to make decisions for themselves.
- Since the patient is stabilized and presumably competent to make decisions about his care, a DPOA is not relevant at this time.
HIPAA and research US Medical PG Question 4: A 15-year-old female presents to her family physician for an annual school physical exam and check-up. She is accompanied by her mother to the visit and is present in the exam room. The patient has no complaints, and she does not have any past medical problems. She takes no medications. The patient reports that she remains active, exercising 5 times a week, and eats a healthy and varied diet. Which of the following would be the best way for the physician to obtain a more in-depth social history, including sexual history and use of alcohol, tobacco, or recreational drugs?
- A. Disallow the mother to be present in the examination room throughout the entirety of the visit
- B. Give the patient a social history questionnaire to fill out in the exam room
- C. Ask the mother to step outside into the hall for a portion of the visit (Correct Answer)
- D. Ask the patient the questions directly, with her mother still in the exam room
- E. Speak softly to the patient so that the mother does not hear and the patient is not embarrassed
HIPAA and research Explanation: ***Ask the mother to step outside into the hall for a portion of the visit***
- This approach allows the physician to speak with the adolescent **privately and confidentially**, which is crucial for obtaining sensitive information such as sexual history, drug use, and mental health concerns.
- Adolescents are more likely to disclose personal information when their parents are not present, fostering trust and ensuring **comprehensive history-taking** vital for their well-being.
*Disallow the mother to be present in the examination room throughout the entirety of the visit*
- This is an **overly restrictive** approach that might create tension or distrust between the physician, patient, and parent, especially at the start of the visit.
- While privacy is essential for sensitive topics, parental presence can be valuable for discussing general health, family history, and **treatment plans**, especially for younger adolescents.
*Give the patient a social history questionnaire to fill out in the exam room*
- While questionnaires can be useful for gathering basic information, they often **lack the nuance** of a direct conversation and may not prompt the patient to elaborate on sensitive issues.
- Furthermore, having the mother present while the patient fills out a questionnaire on sensitive topics still **compromises confidentiality** and may lead to incomplete or dishonest answers.
*Ask the patient the questions directly, with her mother still in the exam room*
- Asking sensitive questions with a parent present is **unlikely to yield truthful and complete answers**, as adolescents may feel embarrassed, judged, or fear parental disapproval.
- This approach compromises the **confidentiality** that is fundamental to building trust with adolescent patients.
*Speak softly to the patient so that the mother does not hear and the patient is not embarrassed*
- Speaking softly is **unprofessional** and still does not guarantee privacy, as the mother might still overhear parts of the conversation.
- This method also **fails to establish true confidentiality**, which is central to building rapport and encouraging open communication with adolescent patients about sensitive topics.
HIPAA and research US Medical PG Question 5: Which of the following study designs would be most appropriate to investigate the association between electronic cigarette use and the subsequent development of lung cancer?
- A. Subjects with lung cancer who smoke and subjects with lung cancer who did not smoke
- B. Subjects who smoke electronic cigarettes and subjects who smoke normal cigarettes
- C. Subjects with lung cancer who smoke and subjects without lung cancer who smoke
- D. Subjects with lung cancer and subjects without lung cancer
- E. Subjects who smoke electronic cigarettes and subjects who do not smoke (Correct Answer)
HIPAA and research Explanation: ***Subjects who smoke electronic cigarettes and subjects who do not smoke***
- This design represents a **cohort study**, which is ideal for investigating the **incidence** of a disease (lung cancer) in groups exposed and unexposed to a risk factor (electronic cigarette use).
- By following these two groups over time, researchers can directly compare the **risk of developing lung cancer** in e-cigarette users versus non-smokers.
*Subjects with lung cancer who smoke and subjects with lung cancer who did not smoke*
- This option incorrectly compares two groups both with lung cancer, where the exposure to smoking can either be **electronic or traditional cigarettes,** but does not provide a control group without lung cancer to assess the association.
- This design would not allow for the calculation of an **incidence rate** or a **relative risk** of lung cancer development specific to electronic cigarette use.
*Subjects who smoke electronic cigarettes and subjects who smoke normal cigarettes*
- This design compares two different types of smoking, which might be useful for comparing their relative risks but doesn't include a **non-smoking control group** to establish the absolute association with electronic cigarettes.
- While it could show if e-cigarettes are "safer" than traditional cigarettes, it wouldn't directly answer whether e-cigarettes themselves **cause lung cancer**.
*Subjects with lung cancer who smoke and subjects without lung cancer who smoke*
- This describes a **case-control study** but focuses on smoking in general rather than specifically electronic cigarettes, which is the independent variable of interest.
- While valuable for identifying risk factors, it would need to specifically differentiate between **electronic cigarette smokers** and other smokers to answer the question adequately.
*Subjects with lung cancer and subjects without lung cancer*
- This general description of a **case-control study** is too broad; it does not specify the exposure of interest, which is electronic cigarette use.
- To be relevant, the study would need to gather data on **electronic cigarette use** in both the lung cancer group and the non-lung cancer control group.
HIPAA and research US Medical PG Question 6: A 72-year-old man presents to his primary care provider at an outpatient clinic for ongoing management of his chronic hypertension. His past medical history is significant for diabetes and osteoarthritis though neither are currently being treated with medication. At this visit, his blood pressure is found to be 154/113 mmHg so he is started on lisinopril. After leaving the physician's office, he visits his local pharmacy and fills the prescription for lisinopril before going home. If this patient is insured by medicare with a prescription drug benefit provided by a private company through medicare, which of the following components of medicare are being used during this visit?
- A. Part A alone
- B. Parts A and B
- C. Parts B and D (Correct Answer)
- D. Parts A, B, C and D
- E. Part B alone
HIPAA and research Explanation: ***Parts B and D***
- The visit to the **primary care provider** at an outpatient clinic for hypertension management is covered under **Medicare Part B** (medical insurance), which includes doctor's services and outpatient care.
- The prescription for lisinopril, filled at a local pharmacy with a prescription drug benefit provided by a private company through Medicare, signifies the use of **Medicare Part D** for prescription drug coverage.
*Part A alone*
- **Medicare Part A** covers hospital insurance, including inpatient hospital stays, skilled nursing facility care, hospice care, and some home health services.
- This scenario describes an **outpatient visit** and a **prescription fill**, neither of which falls under Part A coverage.
*Parts A and B*
- While Part B is correctly identified as covering the outpatient visit, **Part A** is not applicable as the patient was neither hospitalized nor receiving skilled nursing or hospice care.
- The scenario also involves a **prescription drug benefit**, which is covered by Part D, not Part A or B.
*Parts A, B, C and D*
- This option would imply coverage for inpatient care (A), outpatient care (B), a managed care plan (C), and prescription drugs (D).
- Although Part B and Part D are relevant, there is no mention of an inpatient stay (Part A) or an enrollment in a Medicare Advantage Plan (Part C) that would consolidate these benefits.
*Part B alone*
- **Medicare Part B** covers the outpatient visit to the primary care provider. However, it **does not cover prescription drugs** obtained from a pharmacy.
- The patient filled a prescription, which specifically falls under **Medicare Part D**.
HIPAA and research US Medical PG Question 7: A 72-year-old woman is brought to the emergency department with dyspnea for 2 days. She is on regular hemodialysis at 3 sessions a week but missed her last session due to an unexpected trip. She has a history of congestive heart failure. After urgent hemodialysis, the patient’s dyspnea does not improve as expected. The cardiologist is consulted. After evaluation of the patient, he notes in the patient’s electronic record: “the patient does not have a chronic heart condition and a cardiac cause of dyspnea is unlikely.” The following morning, the nurse finds the cardiologist’s notes about the patient not having congestive heart failure odd. The patient had a clear history of congestive heart failure with an ejection fraction of 35%. After further investigation, the nurse realizes that the cardiologist evaluated the patient’s roommate. She is an elderly woman with a similar first name. She is also on chronic hemodialysis. To prevent similar future errors, the most appropriate strategy is to use which of the following?
- A. Two patient identifiers at every nurse-patient encounter
- B. A patient’s medical identification number at every encounter by any healthcare provider
- C. Two patient identifiers at every patient encounter by any healthcare provider (Correct Answer)
- D. Two patient identifiers at every physician-patient encounter
- E. A patient’s medical identification number at every physician-patient encounter
HIPAA and research Explanation: ***Two patient identifiers at every patient encounter by any healthcare provider***
- This strategy ensures that **all healthcare providers**, not just nurses or physicians, verify the patient's identity using at least **two distinct identifiers** before any interaction, greatly reducing the risk of mix-ups.
- This comprehensive approach prevents errors like the one described, where a cardiologist evaluated the wrong patient due to similar names and circumstances, ensuring **patient safety** and appropriate care delivery.
*Two patient identifiers at every nurse-patient encounter*
- While important, limiting identification to nurse-patient encounters would **miss opportunities for error by other healthcare providers**, such as physicians, technicians, or pharmacists.
- The scenario explicitly states the error was made by a **cardiologist**, indicating that relying solely on nurses for identification is insufficient.
*A patient’s medical identification number at every encounter by any healthcare provider*
- Although the **medical identification number** is a valid identifier, relying on a *single* identifier still carries a risk, especially if typed or read incorrectly.
- **Two distinct identifiers** (e.g., name and date of birth, or name and medical record number) are the **gold standard** to minimize errors.
*Two patient identifiers at every physician-patient encounter*
- This option, while improving physician encounters, **fails to cover interactions with other crucial healthcare team members** (e.g., nurses, phlebotomists, imaging technicians) where patient misidentification can still occur.
- A comprehensive patient safety strategy must extend beyond physician interactions to **all points of care**.
*A patient’s medical identification number at every physician-patient encounter*
- This option combines the weaknesses of using only a **single identifier** and limiting the scope to **only physician encounters**, leaving multiple vulnerabilities for patient misidentification throughout the healthcare process.
- The **Joint Commission's National Patient Safety Goals** explicitly recommend using at least **two patient identifiers**.
HIPAA and research US Medical PG Question 8: A 28-year-old male presents to his primary care physician with complaints of intermittent abdominal pain and alternating bouts of constipation and diarrhea. His medical chart is not significant for any past medical problems or prior surgeries. He is not prescribed any current medications. Which of the following questions would be the most useful next question in eliciting further history from this patient?
- A. "Does the diarrhea typically precede the constipation, or vice-versa?"
- B. "Is the diarrhea foul-smelling?"
- C. "Please rate your abdominal pain on a scale of 1-10, with 10 being the worst pain of your life"
- D. "Are the symptoms worse in the morning or at night?"
- E. "Can you tell me more about the symptoms you have been experiencing?" (Correct Answer)
HIPAA and research Explanation: ***Can you tell me more about the symptoms you have been experiencing?***
- This **open-ended question** encourages the patient to provide a **comprehensive narrative** of their symptoms, including details about onset, frequency, duration, alleviating/aggravating factors, and associated symptoms, which is crucial for diagnosis.
- In a patient presenting with vague, intermittent symptoms like alternating constipation and diarrhea, allowing them to elaborate freely can reveal important clues that might not be captured by more targeted questions.
*Does the diarrhea typically precede the constipation, or vice-versa?*
- While knowing the sequence of symptoms can be helpful in understanding the **pattern of bowel dysfunction**, it is a very specific question that might overlook other important aspects of the patient's experience.
- It prematurely narrows the focus without first obtaining a broad understanding of the patient's overall symptomatic picture.
*Is the diarrhea foul-smelling?*
- Foul-smelling diarrhea can indicate **malabsorption** or **bacterial overgrowth**, which are important to consider in some gastrointestinal conditions.
- However, this is a **specific symptom inquiry** that should follow a more general exploration of the patient's symptoms, as it may not be relevant if other crucial details are missed.
*Please rate your abdominal pain on a scale of 1-10, with 10 being the worst pain of your life*
- Quantifying pain intensity is useful for assessing the **severity of discomfort** and monitoring changes over time.
- However, for a patient with intermittent rather than acute, severe pain, understanding the **character, location, and triggers** of the pain is often more diagnostically valuable than just a numerical rating initially.
*Are the symptoms worse in the morning or at night?*
- Diurnal variation can be relevant in certain conditions, such as inflammatory bowel diseases where nocturnal symptoms might be more concerning, or functional disorders whose symptoms might be stress-related.
- This is another **specific question** that should come after gathering a more complete initial picture of the patient's symptoms to ensure no key information is overlooked.
HIPAA and research US Medical PG Question 9: During identification of severely decomposed remains, which of the following methods provides the most reliable means of positive identification?
- A. Birthmarks
- B. Facial features
- C. DNA analysis (Correct Answer)
- D. Personal effects
HIPAA and research Explanation: ***DNA analysis***
- **DNA analysis** remains viable even in significantly degraded samples due to the stability and uniqueness of the genetic code, making it the most reliable method for positive identification of severely decomposed remains.
- It provides a definitive match that is **scientifically verifiable** and rarely subject to error when compared to ante-mortem samples or close relatives.
*Birthmarks*
- **Birthmarks** are soft tissue characteristics that often degrade or become indistinguishable in severely decomposed remains.
- Their presence and appearance can change over time or be obscured by **decomposition processes**, making them unreliable for identification in such cases.
*Facial features*
- **Facial features** rapidly deteriorate and distort after death, especially in severely decomposed remains, making visual recognition impossible.
- The soft tissues of the face are among the first to undergo **autolysis** and putrefaction.
*Personal effects*
- While **personal effects** (like jewelry or clothing) can provide circumstantial evidence, they do not offer positive identification of the individual's remains.
- These items can be easily lost, misplaced, or exchanged, and they do not directly identify the **biological individual**.
HIPAA and research US Medical PG Question 10: A 26-year-old man comes to the emergency department because of a 1-week history of fever, throat pain, and difficulty swallowing. Head and neck examination shows an erythematous pharynx with purulent exudates overlying the palatine tonsils. Microscopic examination of a throat culture shows pink, spherical bacteria arranged in chains. Treatment with amoxicillin is initiated. A day later, a physician colleague from another department approaches the physician in the lobby of the hospital and asks about this patient, saying, "Did you see him? What does he have? He's someone I play football with and he hasn't come to play for the past 5 days. I'm worried about him." Which of the following is the most appropriate action by the physician?
- A. Inform the colleague that they should ask the patient's attending physician
- B. Inform the colleague that they cannot divulge any information about the patient (Correct Answer)
- C. Tell the colleague the patient's case file number so they can look it up themselves
- D. Tell the colleague that they cannot tell them the diagnosis but that their friend was treated with antibiotics
- E. Ask the colleague to meet in the office so they can discuss the patient in private
HIPAA and research Explanation: ***Inform the colleague that they cannot divulge any information about the patient***
- The **Health Insurance Portability and Accountability Act (HIPAA)** strictly prohibits the disclosure of a patient's **Protected Health Information (PHI)** without their explicit consent.
- Even if the inquirer knows the patient, a physician-patient relationship creates a **duty of confidentiality** that supersedes personal acquaintance.
- Disclosing any information without patient consent, even to another physician, violates HIPAA regulations.
*Tell the colleague the patient's case file number so they can look it up themselves*
- Providing the case file number would enable unauthorized access to the patient's medical records, thereby violating **patient confidentiality** and **HIPAA regulations**.
- This action does not rectify the breach of confidentiality and escalates the potential for further misuse of PHI.
*Inform the colleague that they should ask the patient's attending physician*
- Recommending that the colleague ask the attending physician shifts the burden but does not address the underlying ethical and legal obligation of the current physician to maintain **confidentiality**.
- The attending physician would also be bound by **HIPAA** and ethical guidelines not to disclose information without consent.
*Tell the colleague that they cannot tell them the diagnosis but that their friend was treated with antibiotics*
- While seemingly less specific, stating that the friend was treated with **antibiotics** is still a disclosure of **Protected Health Information (PHI)**.
- This action violates **patient confidentiality** as it reveals a detail of the patient's medical management without consent.
*Ask the colleague to meet in the office so they can discuss the patient in private*
- Moving to a private setting does not negate the fact that discussing the patient's information with an unauthorized individual is a **breach of confidentiality**.
- The location of the conversation does not change the ethical and legal obligations to protect **PHI**.
More HIPAA and research US Medical PG questions available in the OnCourse app. Practice MCQs, flashcards, and get detailed explanations.
