A 16-year-old teenager presents to his pediatrician complaining of burning with urination and purulent urethral discharge. He states that he has had unprotected sex with his girlfriend several times and recently she told him that she has gonorrhea. His blood pressure is 119/78 mm Hg, pulse is 85/min, respiratory rate is 14/min, and temperature is 36.8°C (98.2°F). The urethral meatus appears mildly erythematous, but no pus can be expressed. A testicular examination is normal. An in-office urine test reveals elevated leukocyte esterase levels. An additional swab was taken for further analysis. The patient wants to get treated right away but is afraid because he does not want his parents to know he is sexually active. What is the most appropriate next step for the pediatrician?

Maintain confidentiality and treat the patient.

Inform the patient that his parents will not be informed, but he cannot receive medical care without their consent.

Contact child protective services.

Break confidentiality and inform the patient that his parents must consent to this treatment.

Treat the patient and then break confidentiality and inform the parents of the care he received.

A 17-year-old girl makes an appointment with her pediatrician because she is concerned that she may have gotten a sexually transmitted infection. Specifically, she had unprotected sex two weeks ago and has since been experiencing painful urination and abdominal pain. Laboratory tests confirm a diagnosis of Chlamydial infection. At this point, the girl says that she wants to personally give permission to be treated rather than seek consent from her parents because they do not know that she is in a relationship. She also asks that the diagnosis not be reported to anyone. What should the physician do with regards to these two patient requests?

Do not contact her parents but do report to public health agencies

Contact her parents as well as report to public health agencies

Contact her parents but do not report to public health agencies

Do not contact her parents and do not report to public health agencies

Choose based on the physician's interpretation of the patient's best interests

An unconscious 22-year-old woman is brought to the emergency department by police after being found in a park. Physical examination reveals torn clothing and evidence of sexual assault. Which of the following is the most appropriate first step in collecting forensic evidence?

Document injuries photographically

Obtain written consent from family

A 4-month-old girl is brought to the pediatric walk-in clinic by her daycare worker with a persistent diaper rash. The daycare worker provided documents to the clinic receptionist stating that she has the authority to make medical decisions when the child’s parents are not available. The patient’s vital signs are unremarkable. She is in the 5th percentile for height and weight. Physical examination reveals a mildly dehydrated, unconsolable infant in a soiled diaper. No signs of fracture, bruising, or sexual trauma. The clinician decides to report this situation to the department of social services. Which of the following is the most compelling deciding factor in making this decision?

Physicians are mandated to report

There is sufficient evidence to have the child removed from her parent’s home

The daycare worker failed to report the neglect

The daycare worker has paperwork authorizing the physician to report

A 26-year-old man comes to the emergency department because of a 1-week history of fever, throat pain, and difficulty swallowing. Head and neck examination shows an erythematous pharynx with purulent exudates overlying the palatine tonsils. Microscopic examination of a throat culture shows pink, spherical bacteria arranged in chains. Treatment with amoxicillin is initiated. A day later, a physician colleague from another department approaches the physician in the lobby of the hospital and asks about this patient, saying, "Did you see him? What does he have? He's someone I play football with and he hasn't come to play for the past 5 days. I'm worried about him." Which of the following is the most appropriate action by the physician?

Inform the colleague that they cannot divulge any information about the patient

Inform the colleague that they should ask the patient's attending physician

Tell the colleague the patient's case file number so they can look it up themselves

Tell the colleague that they cannot tell them the diagnosis but that their friend was treated with antibiotics

Ask the colleague to meet in the office so they can discuss the patient in private

A 32-year-old male asks his physician for information regarding a vasectomy. On further questioning, you learn that he and his wife have just had their second child and he asserts that they no longer wish to have additional pregnancies. You ask him if he has discussed a vasectomy with his wife to which he replies, "Well, not yet, but I'm sure she'll agree." What is the next appropriate step prior to scheduling the patient's vasectomy?

Explain the risks and benefits of the procedure and request signed consent from the patient

Insist that the patient first discuss this procedure with his wife

Telephone the patient's wife to inform her of the plan

Refuse to perform the vasectomy

Explain the risks and benefits of the procedure and request signed consent from the patient and his wife

An 86-year-old man is admitted to the hospital for management of pneumonia. His hospital course has been relatively uneventful, and he is progressing well. On morning rounds nearing the end of the patient's hospital stay, the patient's cousin finally arrives to the hospital for the first time after not being present for most of the patient's hospitalization. He asks about the patient's prognosis and potential future discharge date as he is the primary caretaker of the patient and needs to plan for his arrival home. The patient is doing well and can likely be discharged in the next few days. Which of the following is the most appropriate course of action?

Bring the cousin to the room and ask the patient if it is acceptable to disclose his course

Bring the cousin to the room and explain the plan to both the patient and cousin

Explain the plan to discharge the patient in the next few days

Explain that you cannot discuss the patient's care at this time

Tell the cousin that you do not know the patient's course well

An 11-month-old girl presents to a pediatrician with her mother who is concerned about a red discoloration with a rectangular shape over the child’s left buttock presenting since the previous night. The mother also mentions that her daughter has been crying excessively. There is no history of decreased breast feeding, fever, joint swelling, vomiting, decreased urine output, or change in color of urine or stools. The mother denies any history of injury. However, she mentions that the infant had suffered from a self-limiting upper respiratory infection three weeks before. There is no history of bruising or bleeding in the past. The mother informs the doctor that she has a brother (the patient’s maternal uncle) with hemophilia A. On physical examination, the girl’s temperature is 37.0°C (98.6°F), pulse rate is 160/min, and respiratory rate is 38/min. The lesion presents over the left buttock and is tender on palpation. What is the most likely diagnosis?

Idiopathic thrombocytopenic purpura

State laws and HIPAA interactions for USMLE Step 1: High-Yield Patient Safety Lessons

HIPAA Preemption - Federal Floor, Not Ceiling

Federal Floor: HIPAA provides a minimum, uniform national standard for patient privacy.
State Law Interaction: If a state law is more stringent-offering greater privacy protections or patient rights-it is not preempted and will apply over HIPAA.
General Rule: In a direct conflict, the law that is more protective of the patient prevails.

⭐ High-Yield Example: Many state laws grant minors more privacy rights regarding sensitive services (e.g., contraception, substance abuse) than HIPAA does, effectively preventing parental access to these specific records.

The Preemption Test - A Decision Flowchart

This flowchart outlines when federal HIPAA law supersedes state law.

Contrary: It's impossible to comply with both, or the state law is an obstacle to HIPAA purposes.
Exceptions: State law is "more stringent" (gives more privacy), controls public health surveillance, or is part of a state-required report (e.g., child abuse).

⭐ General Rule: If a state law is "more stringent" - meaning it provides greater privacy protection to individuals - it is not considered contrary to HIPAA and will not be preempted. Always apply the stricter rule.

State Law Hotspots - Minors, Mental Health & More

General Rule: If a state law is “more stringent” than HIPAA, it preempts (overrides) HIPAA. “More stringent” means it offers greater privacy protection or enhances patient rights.
Minors’ Rights: State laws often allow minors to consent to care and control their own PHI for sensitive services without parental consent.
- Reproductive health (contraception, pregnancy)
- STI testing and treatment
- Substance abuse treatment
- Mental health services
Mental Health & Substance Use: Many states require specific, heightened authorization for the release of psychotherapy notes or mental health records, exceeding HIPAA's baseline.
- Substance Use Disorder (SUD) records are protected by federal law (42 CFR Part 2), which is even stricter than HIPAA.
Other Areas: States frequently impose stricter confidentiality rules for:
- HIV/AIDS status
- Genetic information

⭐ Exam Favorite: A state law allowing a minor to consent to STI treatment also typically grants them control over the privacy of those records, meaning parents do not have an automatic right of access.

Scales of Justice: State Law vs. HIPAA

High‑Yield Points - ⚡ Biggest Takeaways

HIPAA is a federal minimum for privacy-a floor, not a ceiling.

When laws conflict, the more stringent rule (most protective of patient privacy) always prevails.

Stricter state laws typically govern sensitive data like HIV status, substance abuse records, and psychotherapy notes.

State laws often grant minors more control over their own health information than HIPAA does.

The core principle: Always apply the rule that offers the greatest patient privacy protection.

Continue reading on Oncourse

CONTINUE READING — FREE

or get the app

App Store|Google Play