A patient with documented paranoid schizophrenia commits a violent crime. During trial, the defense argues that the patient should not be held responsible due to their mental illness. Under the M'Naghten Rule, which of the following criteria must be met for an insanity defense?

Unable to distinguish right from wrong

History of psychiatric treatment

A 45-year-old man is brought to the emergency department by his friends because of a 1-hour history of shortness of breath and squeezing chest pain. They were at a party where cocaine was consumed. A diagnosis of acute myocardial infarction is made. The physician stabilizes the patient and transfers him to the inpatient unit. Six hours later, his wife arrives at the emergency department and requests information about her husband's condition. Which of the following is the most appropriate action by the physician?

Obtain authorization from the patient to release information

Ask the wife for a marriage certificate

Inform the wife about her husband's condition

Consult the hospital ethics committee

Request the patient's durable power of attorney document

A 75-year-old nursing home resident presents with multiple unexplained bruises in various stages of healing on the upper arms and inner thighs. The patient appears withdrawn and anxious when staff members enter the room. Which of the following is the most appropriate next step?

Report suspected abuse to adult protective services

Request psychiatric consultation

Prescribe anti-anxiety medication

A 27-year-old woman presents with painful urination and malodorous urethral discharge. She states she has a single sexual partner and uses condoms for contraception. The patient's blood pressure is 115/80 mm Hg, the heart rate is 73/min, the respiratory rate is 14/min, and the temperature is 36.6℃ (97.9℉). Physical examination shows swelling and redness of the external urethral ostium. There is a yellowish, purulent discharge with an unpleasant odor. The swab culture grows N. gonorrhoeae. The doctor explains the diagnosis to the patient, and they discuss the importance of notifying her partner. The patient says she doesn't want her partner to know about her diagnosis and begs the doctor to not inform the health department. She is anxious that everybody will find out that she is infected and that her partner will leave her. She promises they will use barrier contraception while she is treated. Which of the following is the most appropriate course of action?

Explain to the patient that gonorrhea is a mandatory reported disease.

Let the patient do as she suggests, because it is her right not to disclose her diagnosis to anyone.

Tell the patient that she is required to tell her partner and stress the consequences of untreated gonorrhea in her partner.

Refer to the medical ethics committee for consultation.

Encourage her to tell her partner because it is a way to protect her partner from possible complications, and reassure her that the confidence will only be shared with her partner.

A 36-year-old man comes to the physician because of a 2-week history of productive cough, weight loss, and intermittent fever. He recently returned from a 6-month medical deployment to Indonesia. He appears tired. Physical examination shows nontender, enlarged, palpable cervical lymph nodes. An x-ray of the chest shows right-sided hilar lymphadenopathy. A sputum smear shows acid-fast bacilli. A diagnosis of pulmonary tuberculosis is made from PCR testing of the sputum. The patient requests that the physician does not inform anyone of this diagnosis because he is worried about losing his job. Which of the following is the most appropriate initial action by the physician?

Inform the local public health department of the diagnosis

Request the patient's permission to discuss the diagnosis with an infectious disease specialist

Assure the patient that his diagnosis will remain confidential

Confirm the diagnosis with a sputum culture

Notify all of the patient's household contacts of the diagnosis

An 86-year-old man is admitted to the hospital for management of pneumonia. His hospital course has been relatively uneventful, and he is progressing well. On morning rounds nearing the end of the patient's hospital stay, the patient's cousin finally arrives to the hospital for the first time after not being present for most of the patient's hospitalization. He asks about the patient's prognosis and potential future discharge date as he is the primary caretaker of the patient and needs to plan for his arrival home. The patient is doing well and can likely be discharged in the next few days. Which of the following is the most appropriate course of action?

Bring the cousin to the room and ask the patient if it is acceptable to disclose his course

Bring the cousin to the room and explain the plan to both the patient and cousin

Explain the plan to discharge the patient in the next few days

Explain that you cannot discuss the patient's care at this time

Tell the cousin that you do not know the patient's course well

On a Sunday afternoon, a surgical oncologist and his family attend a football game in the city where he practices. While at the game, he runs into a physician colleague that works at the same institution. After some casual small talk, his colleague inquires, "Are you taking care of Mr. Clarke, my personal trainer? I heard through the grapevine that he has melanoma, and I didn't know if you have started him on any chemotherapy or performed any surgical intervention yet. Hopefully you'll be able to take very good care of him." In this situation, the surgical oncologist may confirm which of the following?

Only that Mr. Clarke is his patient

A 17-year-old male, accompanied by his uncle, presents to a doctor with his arm in a sling. There is blood dripping down his shirt. He pleads with the physician to not report this injury to authorities, offering to pay extra for his visit, as he is afraid of retaliation from his rival gang. The physician examines the wound, which appears to be a stabbing injury to his left anterior deltoid. This case study in medical ethics asks: How should the physician best handle this patient's request?

Breach confidentiality and report the stab wound to the police

Maintain confidentiality, as reporting stab wounds is not required

Breach confidentiality and discuss the injury with the uncle

Maintain confidentiality and schedule a follow-up visit with the patient

Maintain confidentiality, as retaliation may result in greater harm to the patient

HIPAA breaches and reporting for USMLE Step 2 CK: High-Yield Patient Safety Lessons

HIPAA Breaches - Code Red, Data Spilled

Breach Definition: An impermissible use or disclosure of Protected Health Information (PHI). It is presumed a breach unless the covered entity can demonstrate a low probability that PHI has been compromised based on a 4-factor risk assessment.
Notification Timeline: All notifications must occur without unreasonable delay, and in no case later than 60 calendar days after discovery.
Reporting Requirements:
- To Individuals: Direct written notification (or email if permitted).
- To HHS:
  - Affecting ≥500 people: Notify the Secretary of HHS within 60 days.
  - Affecting <500 people: Maintain a log and submit it to HHS annually.
- To Media: If a breach impacts >500 residents of one state, prominent media outlets in that state must be alerted.

⭐ The 60-day notification clock starts from the moment the breach is discovered, including when it should have been discovered by the organization through reasonable diligence.

Breach Reporting - Sound the Alarm!

Breach Definition: Unauthorized acquisition, access, use, or disclosure of unsecured Protected Health Information (PHI).
Notification Obligation: All affected individuals must be notified without unreasonable delay, not to exceed 60 days.
HHS/OCR Reporting: The timeline hinges on the number of individuals affected.

📌 Mnemonic: "MEDIA 500"
- If a breach impacts 500 or more people, you must notify the MEDIA (and HHS) promptly.

⭐ The burden of proof is on the covered entity to demonstrate that notification was not required. They must produce a risk assessment showing a low probability that PHI was compromised.

Penalties - The Price of Silence

Civil Monetary Penalties: Tiered system based on the level of culpability, not patient harm.
- Tier 1 (Unknowing): $100 - $50,000 per violation.
- Tier 2 (Reasonable Cause): $1,000 - $50,000 per violation.
- Tier 3 (Willful Neglect, Corrected): $10,000 - $50,000 per violation if corrected within 30 days.
- Tier 4 (Willful Neglect, Uncorrected): Minimum $50,000 per violation.
Criminal Penalties: For knowingly obtaining or disclosing PHI.
- Can result in fines up to $250,000 and imprisonment up to 10 years.

⭐ The annual penalty cap for multiple violations of the same provision is $1.5 million for each penalty tier.

High‑Yield Points - ⚡ Biggest Takeaways

A HIPAA breach is an impermissible use or disclosure of Protected Health Information (PHI) that compromises its security or privacy.

Breaches impacting >500 individuals mandate prompt notification to the HHS Secretary and prominent media outlets.

All affected individuals must be notified without unreasonable delay, and no later than 60 days after discovery.

For breaches affecting <500 individuals, entities must log them and notify HHS annually.

The Safe Harbor exception applies if PHI is encrypted per HHS standards.

Continue reading on Oncourse

CONTINUE READING — FREE

or get the app

App Store|Google Play