Confidentiality-Information Security Practice Test 2
Confidentiality-Information Security NCLEX Practice Test
Confidentiality-Information Security is a key topic within the NCLEX test plan, located under Safe and Effective Care Environment → Management of Care → Advocacy → Confidentiality-Information Security. This section underscores HIPAA compliance, professional boundaries, and safe information handling in nursing practice. Each test contains 50 questions designed to mirror the difficulty and variety of the real exam.
This is the 2nd part of the Confidentiality-Information Security series. To explore all practice tests under this topic, use the “Back to Main Topic” button at the end of the page.
Continue Learning
In the Confidentiality-Information Security Study Cards section, shared by real NCLEX candidates, you’ll find concise summaries and high-yield insights related to the most tested concepts. It’s a perfect space to reinforce challenging topics and sharpen your recall through quick, focused repetitions. Short, powerful, and repeatable!
Confidentiality-Information Security Practice Test 2
A client is in an outpatient substance misuse treatment center, and will be moving to their hometown. They request a copy of their protected health information. What is an acceptable response by the nurse to this client?
- "Our clinic can provide you a copy of your PHI once your clinic bills are paid in full."
- "Our clinic will only allow you to review your PHI on a computer within the clinic."
- "Our clinic will provide your PHI, but you must pick up the copy at the front desk."
- "Our clinic can send your PHI to your email after you make a formal request."
Explanation: Answer reason: " Clients have a legal right to access their health information in the form and format they request when readily producible, after completing the facility’s required request/identity-verification process. Providing access cannot be conditioned on paying outstanding bills, so delaying release until bills are paid is inappropriate. Limiting access to only onsite viewing is overly restrictive because copies/electronic transmission are permissible methods of access. Requiring in-person pickup is not necessary when secure electronic delivery is feasible and aligns with the client’s request for access while relocating.
Mr. Leskyf is admitted to the local psychiatric facility. While in the cafeteria, his wife overhears two health care workers discussing his condition. Which term would most accurately describe this situation?
- Libel
- Breach of ethics
- Breach of confidentiality
- Verbal assault
Explanation: Answer reason: Discussing a patient’s condition in a public cafeteria allows incidental listeners (including family members not currently being engaged for care purposes) to hear sensitive information. This constitutes an unauthorized disclosure of PHI and violates privacy/confidentiality standards and facility policy. Libel requires a false written statement, and verbal assault involves threatening or abusive language toward another person, neither of which is described here.
A nurse cares for an unconscious client whose spouse is at the bedside. How will the nurse respond to a visitor asking about the client's condition?
- "I can't speak with you about someone else."
- "I will refer you to the spouse to answer your questions."
- "There is significant brain injury resulting in unconsciousness."
- "You will have to ask the client what happened."
Explanation: Answer reason: " Confidentiality requires the nurse to protect a client’s private health information and disclose it only to individuals authorized by the client or legally permitted. A visitor has no automatic right to receive updates, even if a spouse is present at the bedside. Redirecting the visitor to the spouse can still result in inappropriate disclosure because the nurse would be facilitating access rather than verifying authorization or using the facility’s approved information-sharing process. Providing clinical details or telling the visitor to ask the unconscious client are both unsafe and unrealistic, and they fail to uphold privacy standards.
A nurse lawyer provides an education session to the nursing staff regarding client rights with emphasis on invasion of client rights. The nurse lawyer asks a staff nurse to identify a situation that represents an example of invasion of client privacy. Which situation, if identified by the student, indicates an understanding of a violation of this client right?
- Threatening to place a client in restraints
- Performing a surgical procedure without consent
- Taking photographs of the client without consent
- Telling the client that he or she cannot leave the hospital
Explanation: Answer reason: Photographing a patient without consent is an unauthorized capture of identifiable information and is a direct breach of privacy/confidentiality standards and institutional policies. By contrast, performing a procedure without consent is primarily an informed-consent/battery issue rather than a privacy violation. Restricting a client from leaving and threatening restraints relate more to false imprisonment and coercion, not privacy.
A mental health nurse answers the phone. A police officer asks if a patient is still being treated on the unit, and the nurse tells the officer that the patient was discharged. Which of the following is correct regarding the nurse's response?
- The response was a breach of patient confidentiality.
- The response was correct, because the nurse did not give out patient information.
- The response was correct, because the nurse only released
Explanation: Answer reason: Providing a patient’s presence on a unit, current treatment status, or discharge status to an unauthorized caller is protected health information and generally requires patient consent or a valid legal mandate. A police officer does not automatically have the right to receive confirmation of hospitalization/discharge without proper authorization, a warrant/subpoena, or an applicable exception. Even minimal “directory” information is typically limited and may be restricted further in behavioral health settings, where privacy protections are especially strict. The safest nursing action is to decline to confirm or deny and route the request through the facility’s established release-of-information process.
An 8-year-old hospitalized due to a bowel obstruction is to be discharged home with a temporary colostomy. The parents' primary language is Vietnamese and their English proficiency is very limited. What is the best approach for the nurse to use when instructing the parents on how to care for the child at home?
- Demonstrate the procedure using simple English phrases
- Give the parents written instructions with picture illustrations
- Tell the parents to have a friend or relative come in to translate
- Use an interpreter via the telephone interpretation service
Explanation: Answer reason: A trained medical interpreter supports informed decision-making, prevents errors from misunderstandings, and allows real-time clarification and teach-back. Using friends/relatives as translators risks inaccuracies, omissions, and confidentiality problems, and may distort sensitive information. Simple English phrases or pictures can support learning but are insufficient as the primary strategy when English proficiency is very limited and the care is high risk.
A nurse cares for a school-age client with the human immunodeficiency virus (HIV). The client’s parents report they do not intend to inform the school of the diagnosis. Which response by the nurse is appropriate?
- "Your child’s diagnosis is private, and it is your right to maintain confidentiality."
- "The healthcare provider is legally required to inform school officials of the diagnosis."
- "The client will need an individualized education plan to attend school."
- "The school must be informed to protect school personnel and other students."
Explanation: Answer reason: " HIV status is protected health information and should not be disclosed without appropriate consent except in specific, legally defined reporting situations. Schools generally do not require notification of a student’s HIV diagnosis for attendance because standard precautions are the primary method to protect staff and students. Telling parents they “must” disclose or that the provider is “legally required” to inform the school is inaccurate in most settings and violates confidentiality principles. The nurse should support privacy rights while reinforcing routine infection-control practices and addressing any safety concerns through appropriate channels.
A multidisciplinary care team is discussing an ethical dilemma regarding whether or not to tell the partner of a patient who is HIV sero-positive the status of the patient. The patient has requested that the status be kept confidential. The team decides to tell the partner. On what ethical basis have they made this decision?
- Confidentiality has been prioritized below autonomy.
- The team values veracity over autonomy.
- The team prioritizes autonomy higher than duty.
- Fidelity is valued higher than veracity.
Explanation: Answer reason: Ethically, clinicians may breach confidentiality when there is a serious, foreseeable risk of harm to an identifiable third party and disclosure is necessary to reduce that risk. Informing a sexual partner about HIV exposure reflects prioritizing the protection of others’ ability to make informed decisions about their own health and preventing harm, even when the patient requests secrecy. This is not primarily about truth-telling as an abstract duty (veracity); it is about overriding confidentiality in the context of competing obligations to others’ rights and safety. Options focusing on fidelity or ranking autonomy “higher than duty” do not fit the scenario because the key conflict is confidentiality versus duties to warn/protect third parties.
Think you’re ready for the NCLEX?
Run through a full 150-question exam just like the real thing. You’ll hit the 85-question checkpoint and get a clear report showing where you stand.