A 79-year-old male presents to your office for his annual flu shot. On physical exam you note several linear bruises on his back. Upon further questioning he denies abuse from his daughter and son-in-law, who live in the same house. The patient states he does not want this information shared with anyone. What is the most appropriate next step, paired with its justification?

Breach patient confidentiality, as this patient is a potential victim of elder abuse and reporting is mandated in most states

Breach patient confidentiality, as this patient's care should be discussed with the daughter as she is his primary caregiver

See the patient back in 2 weeks and assess whether the patient's condition has improved, as his condition is not severe

Do not break patient confidentiality, as elder abuse reporting is not mandatory

Do not break patient confidentiality, as this would potentially worsen the situation

A 68-year-old man comes to the physician for a follow-up examination, accompanied by his daughter. Two years ago, he was diagnosed with localized prostate cancer, for which he underwent radiation therapy. He moved to the area 1 month ago to be closer to his daughter but continues to live independently. He was recently diagnosed with osteoblastic metastases to the spine and is scheduled to initiate therapy next week. In private, the patient’s daughter says that he has been losing weight and wetting the bed, and she tearfully asks the physician if his prostate cancer has returned. She says that her father has not spoken with her about his health recently. The patient has previously expressed to the physician that he does not want his family members to know about his condition because they “would worry too much.” Which of the following initial statements by the physician is most appropriate?

“I'm sorry, I can't discuss any information with you without his permission. I recommend that you have an open discussion with your father.”

“As your father's physician, I think that it's important that you know that his prostate cancer has returned. However, we are confident that he will respond well to treatment.”

“It concerns me that he's not speaking openly with you. I recommend that you seek medical power of attorney for your father. Then, we can legally discuss his diagnosis and treatment options together.”

“It’s difficult to deal with parents aging, but I have experience helping families cope. We should sit down with your father and discuss this situation together.”

“Your father is very ill and may not want you to know the details. I can imagine it's frustrating for you, but you have to respect his discretion.”

An otherwise healthy 67-year-old woman comes to your clinic after being admitted to the hospital for 2 weeks after breaking her hip. She has not regularly seen a physician for the past several years because she has been working hard at her long-time job as a schoolteacher. You wonder if she has not been taking adequate preventative measures to prevent osteoporosis and order the appropriate labs. Although she is recovering from surgery well, she is visibly upset because she is worried that her hospital bill will bankrupt her. Which of the following best describes her Medicare coverage?

Medicare Part A will cover the majority of her hospital fees, including inpatient drugs and lab tests.

Medicare Part C will cover the majority of drug costs during her inpatient treatment.

Medicare is unlikely to cover the cost of her admission because she has not been paying her premium.

Medicare Part B will cover the majority of her hospital fees, including inpatient drugs and lab tests.

Medicare Part D will cover the cost of drugs during her inpatient treatment.

A healthy, 16-year-old girl is brought in by her mother for a wellness visit. During the appointment, the patient’s mother brings up concerns about her daughter’s acne. The patient has had acne for 2 years. She washes her face twice a day with benzoyl peroxide and has been on doxycycline for 2 months with only mild improvement. The patient does not feel that the acne is related to her menstrual cycles. The patient’s mother states she does well in school and is the captain of the junior varsity cross-country team. She is worried that the acne is starting to affect her daughter’s self-esteem. The patient states that prom is coming up, and she is considering not going because she hates taking pictures. Upon physical exam, there are multiple open and closed comedones and scattered, red nodules on the patient’s face with evidence of scarring. The patient’s mother says her neighbor’s son tried isotretinoin and wants to know if that may work for her daughter. While talking about the risk factors for isotretinoin, you mention that patient will need to be on 2 forms of birth control. The mother asks, “Is that really necessary? We are a very religious family and my daughter knows our household rule about no sex before marriage.” Which of the following is the next step in management?

Ask the mother to leave the room before talking to the patient about her sexual activity

Have the patient take a pregnancy test to prove abstinence

Talk to patient and mother about patient’s sexual activity, since parental permission is needed for isotretinoin

Prescribe the isotretinoin as the patient does not need additional contraception if she is abstinent

Prescribe the isotretinoin after giving the patient a handout about birth control methods

A 27-year-old woman presents with painful urination and malodorous urethral discharge. She states she has a single sexual partner and uses condoms for contraception. The patient's blood pressure is 115/80 mm Hg, the heart rate is 73/min, the respiratory rate is 14/min, and the temperature is 36.6℃ (97.9℉). Physical examination shows swelling and redness of the external urethral ostium. There is a yellowish, purulent discharge with an unpleasant odor. The swab culture grows N. gonorrhoeae. The doctor explains the diagnosis to the patient, and they discuss the importance of notifying her partner. The patient says she doesn't want her partner to know about her diagnosis and begs the doctor to not inform the health department. She is anxious that everybody will find out that she is infected and that her partner will leave her. She promises they will use barrier contraception while she is treated. Which of the following is the most appropriate course of action?

Explain to the patient that gonorrhea is a mandatory reported disease.

Let the patient do as she suggests, because it is her right not to disclose her diagnosis to anyone.

Tell the patient that she is required to tell her partner and stress the consequences of untreated gonorrhea in her partner.

Refer to the medical ethics committee for consultation.

Encourage her to tell her partner because it is a way to protect her partner from possible complications, and reassure her that the confidence will only be shared with her partner.

A 26-year-old man comes to the emergency department because of a 1-week history of fever, throat pain, and difficulty swallowing. Head and neck examination shows an erythematous pharynx with purulent exudates overlying the palatine tonsils. Microscopic examination of a throat culture shows pink, spherical bacteria arranged in chains. Treatment with amoxicillin is initiated. A day later, a physician colleague from another department approaches the physician in the lobby of the hospital and asks about this patient, saying, "Did you see him? What does he have? He's someone I play football with and he hasn't come to play for the past 5 days. I'm worried about him." Which of the following is the most appropriate action by the physician?

Inform the colleague that they cannot divulge any information about the patient

Inform the colleague that they should ask the patient's attending physician

Tell the colleague the patient's case file number so they can look it up themselves

Tell the colleague that they cannot tell them the diagnosis but that their friend was treated with antibiotics

Ask the colleague to meet in the office so they can discuss the patient in private

A 23-year-old woman presents to the emergency department with acute alcohol intoxication. Her blood alcohol level is 280 mg/dL. She becomes increasingly agitated and attempts to leave against medical advice. Which of the following determines her capacity to refuse treatment?

Understanding of risks and benefits

An 86-year-old man is admitted to the hospital for management of pneumonia. His hospital course has been relatively uneventful, and he is progressing well. On morning rounds nearing the end of the patient's hospital stay, the patient's cousin finally arrives to the hospital for the first time after not being present for most of the patient's hospitalization. He asks about the patient's prognosis and potential future discharge date as he is the primary caretaker of the patient and needs to plan for his arrival home. The patient is doing well and can likely be discharged in the next few days. Which of the following is the most appropriate course of action?

Bring the cousin to the room and ask the patient if it is acceptable to disclose his course

Bring the cousin to the room and explain the plan to both the patient and cousin

Explain the plan to discharge the patient in the next few days

Explain that you cannot discuss the patient's care at this time

Tell the cousin that you do not know the patient's course well

Patient rights under HIPAA for USMLE Step 3: High-Yield Patient Safety Lessons

Patient Rights - The Core Six

Access: Right to inspect & receive a copy of their Protected Health Information (PHI).
Amendment: Right to request corrections to inaccurate or incomplete PHI.
Accounting of Disclosures: Right to a list of who their PHI was shared with (for non-routine purposes) over the past 6 years.
Restriction: Right to request limits on PHI use/disclosure.
- Mandatory for providers if patient pays out-of-pocket for a service.
Confidential Communications: Right to choose how and where they receive PHI.
Notice of Privacy Practices: Right to a written notice of how their PHI is used and shared.

⭐ A key testable timeline: Providers have 30 days to provide patients with their medical records upon request.

Access & Amendment - See and Fix

Right of Access: Patients can inspect & obtain a copy of their Protected Health Information (PHI).
- Providers must respond within 30 days.
- A reasonable, cost-based fee for copies is allowed.
- Access can be denied for specific records like psychotherapy notes or information gathered for legal action.
Right to Amend: Patients can request corrections to inaccurate or incomplete PHI.
- Providers must act on the request within 60 days.
- If denied, a written explanation is required, and the patient may file a statement of disagreement to be included in the record.

⭐ Psychotherapy notes are specially protected and are not subject to a patient's general right of access to their medical records.

Disclosure & Restriction - Who Sees What

Minimum Necessary Rule: Default is to disclose only the minimum Protected Health Information (PHI) needed for a given purpose.
No Authorization for TPO: PHI can be used and disclosed without patient authorization for:
- Treatment (e.g., consulting with another provider)
- Payment (e.g., submitting claims)
- Operations (e.g., quality assessment, training)
Patient Authorization: Required for most non-TPO disclosures (e.g., marketing). Must be specific and time-limited.
Right to Restrict: Patients can request restrictions on disclosures. A covered entity must agree if the patient pays 100% out-of-pocket for a service and requests the information not be sent to their health plan.

⭐ The right to restrict disclosure to a health plan for services paid fully out-of-pocket is a key patient empowerment rule.

Breach Notification - Sound the Alarm

Definition: An impermissible use or disclosure of Protected Health Information (PHI) is presumed to be a breach unless a low probability of compromise is demonstrated through a risk assessment.
Individual Notice: Must be provided without unreasonable delay, and in no case later than 60 calendar days following the discovery of a breach.
HHS Notification:
- Breaches affecting ≥500 individuals: Notify the HHS Secretary without unreasonable delay (and no later than 60 days).
- Breaches affecting <500 individuals: Log and notify HHS annually.
Media Notice: If a breach affects more than 500 residents of a single state or jurisdiction, a prominent media outlet must be notified.

⭐ The burden of proof is on the covered entity to demonstrate that a breach did not occur or that all required notifications were made.

High-Yield Points - ⚡ Biggest Takeaways

Patients have a right to access, inspect, and obtain a copy of their Protected Health Information (PHI).

They can request amendments to correct errors in their medical records.

Patients are entitled to an accounting of disclosures, listing who has received their PHI.

They can request restrictions on PHI use, especially for services paid out-of-pocket.

The right to request confidential communications allows them to specify contact methods.

Continue reading on Oncourse

CONTINUE READING — FREE

or get the app

App Store|Google Play