An 83-year-old man presents to the gastroenterologist to follow-up on results from a biopsy of a pancreatic head mass, which the clinician was concerned could be pancreatic cancer. After welcoming the patient and his wife to the clinic, the physician begins to discuss the testing and leads into delivering the results, which showed metastatic pancreatic adenocarcinoma. Before she is able to disclose these findings, the patient stops her and exclaims, "Whatever it is, I don't want to know. Please just make me comfortable in my last months alive. I have made up my mind about this." Which of the following is the most appropriate response on the part of the physician?

"If that is your definite wish, then I must honor it"

"The cancer has spread to your liver"

"As a physician, I am obligated to disclose these results to you"

"If you don't know what condition you have, I will be unable to be your physician going forward"

"Please, sir, I strongly urge you to reconsider your decision"

A psychiatrist receives a call from a patient who expresses thoughts of harming his ex-girlfriend. The patient describes a detailed plan to attack her at her workplace. Which of the following represents the psychiatrist's most appropriate legal obligation?

Warn the ex-girlfriend and notify law enforcement

Only notify the patient's family

Maintain patient confidentiality

A healthy, 16-year-old girl is brought in by her mother for a wellness visit. During the appointment, the patient’s mother brings up concerns about her daughter’s acne. The patient has had acne for 2 years. She washes her face twice a day with benzoyl peroxide and has been on doxycycline for 2 months with only mild improvement. The patient does not feel that the acne is related to her menstrual cycles. The patient’s mother states she does well in school and is the captain of the junior varsity cross-country team. She is worried that the acne is starting to affect her daughter’s self-esteem. The patient states that prom is coming up, and she is considering not going because she hates taking pictures. Upon physical exam, there are multiple open and closed comedones and scattered, red nodules on the patient’s face with evidence of scarring. The patient’s mother says her neighbor’s son tried isotretinoin and wants to know if that may work for her daughter. While talking about the risk factors for isotretinoin, you mention that patient will need to be on 2 forms of birth control. The mother asks, “Is that really necessary? We are a very religious family and my daughter knows our household rule about no sex before marriage.” Which of the following is the next step in management?

Ask the mother to leave the room before talking to the patient about her sexual activity

Have the patient take a pregnancy test to prove abstinence

Talk to patient and mother about patient’s sexual activity, since parental permission is needed for isotretinoin

Prescribe the isotretinoin as the patient does not need additional contraception if she is abstinent

Prescribe the isotretinoin after giving the patient a handout about birth control methods

A 73-year-old man is brought to the emergency department by ambulance after being found to be non-communicative by his family during dinner. On presentation he appears to be alert, though he is confused and cannot follow instructions. When he tries to speak, he vocalizes a string of fluent but unintelligible syllables. Given this presentation, his physician decides to administer tissue plasminogen activator to this patient. This intervention best represents which of the following principles?

This does not represent prevention

A 26-year-old man comes to the emergency department because of a 1-week history of fever, throat pain, and difficulty swallowing. Head and neck examination shows an erythematous pharynx with purulent exudates overlying the palatine tonsils. Microscopic examination of a throat culture shows pink, spherical bacteria arranged in chains. Treatment with amoxicillin is initiated. A day later, a physician colleague from another department approaches the physician in the lobby of the hospital and asks about this patient, saying, "Did you see him? What does he have? He's someone I play football with and he hasn't come to play for the past 5 days. I'm worried about him." Which of the following is the most appropriate action by the physician?

Inform the colleague that they cannot divulge any information about the patient

Inform the colleague that they should ask the patient's attending physician

Tell the colleague the patient's case file number so they can look it up themselves

Tell the colleague that they cannot tell them the diagnosis but that their friend was treated with antibiotics

Ask the colleague to meet in the office so they can discuss the patient in private

A 36-year-old man comes to the physician because of a 2-week history of productive cough, weight loss, and intermittent fever. He recently returned from a 6-month medical deployment to Indonesia. He appears tired. Physical examination shows nontender, enlarged, palpable cervical lymph nodes. An x-ray of the chest shows right-sided hilar lymphadenopathy. A sputum smear shows acid-fast bacilli. A diagnosis of pulmonary tuberculosis is made from PCR testing of the sputum. The patient requests that the physician does not inform anyone of this diagnosis because he is worried about losing his job. Which of the following is the most appropriate initial action by the physician?

Inform the local public health department of the diagnosis

Request the patient's permission to discuss the diagnosis with an infectious disease specialist

Assure the patient that his diagnosis will remain confidential

Confirm the diagnosis with a sputum culture

Notify all of the patient's household contacts of the diagnosis

An 86-year-old male is admitted to the hospital under your care for management of pneumonia. His hospital course has been relatively uneventful, and he is progressing well. While making morning rounds on your patients, the patient's cousin approaches you in the hallway and asks about the patient's prognosis and potential future discharge date. The patient does not have an advanced directive on file and does not have a medical power of attorney. Which of the following is the best course of action?

Explain that you cannot discuss the patient's care without explicit permission from the patient themselves.

Direct the cousin to the patient's room, telling him that you will be by within the hour to discuss the plan.

Provide the cousin with the patient's most recent progress notes and a draft of his discharge summary.

Explain that the patient is progressing well and should be discharged within the next few days.

Refer the cousin to ask the patient's wife about these topics.

A 78-year-old woman is brought to the emergency ward by her son for lethargy and generalized weakness. The patient speaks in short utterances and does not make eye contact with the provider or her son throughout the interview and examination. You elicit that the patient lives with her son and daughter-in-law, and she reports vague weakness for the last couple days. The emergency room provider notices 3-4 healing bruises on the patient's upper extremities; otherwise, examination is not revealing. Routine chemistries and blood counts are unremarkable; non-contrast head CT demonstrates normal age-related changes. Which of the following is the most appropriate next step in management?

Ask the patient's son to leave the room

Question the patient's son regarding the home situation

Call Adult Protective Services to report the patient's son

Question the patient regarding abuse or neglect

An 11-month-old girl presents to a pediatrician with her mother who is concerned about a red discoloration with a rectangular shape over the child’s left buttock presenting since the previous night. The mother also mentions that her daughter has been crying excessively. There is no history of decreased breast feeding, fever, joint swelling, vomiting, decreased urine output, or change in color of urine or stools. The mother denies any history of injury. However, she mentions that the infant had suffered from a self-limiting upper respiratory infection three weeks before. There is no history of bruising or bleeding in the past. The mother informs the doctor that she has a brother (the patient’s maternal uncle) with hemophilia A. On physical examination, the girl’s temperature is 37.0°C (98.6°F), pulse rate is 160/min, and respiratory rate is 38/min. The lesion presents over the left buttock and is tender on palpation. What is the most likely diagnosis?

Idiopathic thrombocytopenic purpura

A 3-month-old boy is brought to the emergency department by his mom for breathing difficulty after a recent fall. His parents say that he rolled off of the mattress and landed on the hard wood floor earlier today. After an extensive physical exam, he is found to have many purplish bruises and retinal hemorrhages. A non-contrast head CT scan shows a subdural hemorrhage. He was treated in the hospital with full recovery from his symptoms. Which of the following is the most important follow up plan?

Inform child protective services

Provide parents with anticipatory guidance

Referral to genetics for further testing

Reassurance that accidents are common

Authorization requirements for USMLE Step 2 CK: High-Yield Patient Safety Lessons

Authorization - The Default Gate

Default Rule: Patient authorization is required before disclosing Protected Health Information (PHI) for any purpose not otherwise permitted by HIPAA.
- A detailed, signed document giving a covered entity permission to use or disclose specific PHI for a specific purpose.
- 📌 "SAD-PERM" for valid authorization elements:
  - Specific description of PHI.
  - Authorized person/entity.
  - Date of expiration.
  - Purpose of disclosure.
  - Entity receiving PHI.
  - Right to revoke.
  - Must be signed by the patient.

HIPAA Release Form Checklist

⭐ Psychotherapy Notes: Require separate, specific patient authorization for most uses and disclosures, including for routine Treatment, Payment, and Operations (TPO). This is a stricter standard.

Valid Authorization - The Paper Trail

A signed document granting permission to use or disclose Protected Health Information (PHI) for specific, non-routine purposes (e.g., research, marketing).
Must be in plain language and contain specific core elements.
Required Components:
- Clear description of the PHI to be used/disclosed.
- Name of the person/entity authorized to make the disclosure.
- Name of the recipient of the PHI.
- Specific purpose of the disclosure.
- An expiration date or event (e.g., "end of the research study").
- Patient’s signature and date.

⭐ A patient can revoke authorization in writing at any time. The revocation is not effective for actions a Covered Entity has already taken in reliance on the prior authorization.

Exceptions - When No Means Go

HIPAA permits disclosure of Protected Health Information (PHI) without patient authorization in specific situations, primarily for public good and national priority purposes. The "minimum necessary" standard is paramount.

TPO - Treatment, Payment, & Healthcare Operations
- Sharing info with a specialist, billing insurance, or for quality assurance.
Public Interest & Benefit Activities
- Public Health: Reporting infectious diseases (e.g., TB, STIs).
- Abuse & Neglect: Reporting suspected child or elder abuse to authorities.
- Law Enforcement: Complying with a court order or warrant.
- Health Oversight: For audits by agencies like CMS.
- Serious Threat: To prevent imminent harm to a person or the public.

⭐ The minimum necessary rule requires disclosing the least amount of PHI needed to achieve the purpose. It does not apply to disclosures for treatment.

High‑Yield Points - ⚡ Biggest Takeaways

Default Rule: Patient authorization is required for any use or disclosure of PHI not for Treatment, Payment, or Healthcare Operations (TPO).

Psychotherapy Notes: Have stricter protection and require separate, specific authorization for most disclosures, including for TPO.

Always Required: Authorization is mandatory for most marketing communications and any sale of PHI.

Validity Requirements: Must be in plain language, include an expiration date, and detail the specific information to be disclosed.

Right to Revoke: Patients can revoke authorization at any time in writing, which stops all future disclosures.

Continue reading on Oncourse

CONTINUE READING — FREE

or get the app

App Store|Google Play