Live Question Bank Exam-Level Practice NCLEX Simulator Daily Updates
NCLEX-RN PREP PLATFORM

Train with a large NCLEX question bank and jump into a full exam-style simulator

Practice by topic, strengthen weak areas, and then test yourself in a realistic simulator flow built for serious NCLEX preparation.

39,888
Total Questions available across practice tests and review content
Topic-based practice Detailed rationales Weakness Review Exam Readiness

Confidentiality-Information Security Practice Test 1

Confidentiality-Information Security NCLEX Practice Test

Confidentiality-Information Security is a key topic within the NCLEX test plan, located under Safe and Effective Care Environment → Management of Care → Advocacy → Confidentiality-Information Security. This section underscores HIPAA compliance, professional boundaries, and safe information handling in nursing practice. Each test contains 50 questions designed to mirror the difficulty and variety of the real exam.

This is the 1st part of the Confidentiality-Information Security series. To explore all practice tests under this topic, use the “Back to Main Topic” button at the end of the page.

Continue Learning

In the Confidentiality-Information Security Study Cards section, shared by real NCLEX candidates, you’ll find concise summaries and high-yield insights related to the most tested concepts. It’s a perfect space to reinforce challenging topics and sharpen your recall through quick, focused repetitions. Short, powerful, and repeatable!

Explore Confidentiality-Information Security Study Cards →

More Practice Tests
Confidentiality-Information Security Practice Test 2
Start Test
Histology Practice Test 3
Start Test
Pharmacological Pain Management Practice Test 1
Start Test
Infection Control Practice Test 3
Start Test
Musculoskeletal System Practice Test 3
Start Test
Parenteral-Intravenous Therapies Practice Test 1
Start Test
Assistive Devices Practice Test 2
Start Test


Confidentiality-Information Security Practice Test 1

Which law is the first nationwide legislation to protect privacy for health information?

  • Code of Ethics
  • Health Insurance Portability Act
  • Good Samaritan Act
  • American with Disabilities Act

Explanation: Answer reason: HIPAA (Health Insurance Portability and Accountability Act) established the first nationwide standards to protect the privacy of health information. The Code of Ethics is not a law; the Good Samaritan Act and the ADA do not address health information privacy.

A client with HIV who is homosexual and whose employer does not know his HIV status confides in the nurse; which response by the nurse is best?

  • Would you like me to help you tell them?
  • The information you confide in me is confidential.
  • I must share this information with your family.
  • I must share this information with your employer.

Explanation: Answer reason: HIPAA and ethical practice require protecting client privacy. The nurse should reassure confidentiality; disclosure to family or employer is not required and would violate privacy, and offering to help tell them is premature.

Under which circumstance may a nurse communicate medical information without the client's consent?

  • When certifying the client's absence from work.
  • When requested by the client's family.
  • When treating the client with a sexually transmitted disease.
  • When prescribed by another physician.

Explanation: Answer reason: Certain communicable diseases, including STDs, must be reported to public health authorities by law, allowing disclosure without client consent. Family requests, employer certification, or another physician’s prescription do not override confidentiality.

Which form is NOT characteristic of the traditional source-oriented, narrative type of charting?

  • Doctor's progress sheet
  • History and physical examination form
  • Laboratory sheet
  • Database form

Explanation: Answer reason: The database form belongs to problem-oriented medical records (POMR) rather than the traditional source-oriented narrative charting system. In the latter, data are organized by discipline (nursing, physician, lab, etc.), not by problems.

The nurse employed in a mental health clinic is greeted by a neighbor in a local grocery store. The neighbors ask the nurse, "How is Mary doing? She is my best friend and is seen at your clinic every week." Which is the most appropriate nursing response?

  • "I can not discuss any patient situation with you."
  • "If you want to know about Mary, you need to ask her yourself."
  • "Only because you're worried about a friend, I'll tell you that she is improving."
  • "Being her friend, you know she is having a difficult time and deserves her privacy."

Explanation: Answer reason: The nurse must protect client privacy and cannot confirm or discuss any patient information. Statement A sets a clear boundary without revealing anything.

The nurse on a cardiac unit is discussing a client with the case manager. Which information should the nurse share with the case manager?

  • Discuss personal information the client shared with the nurse in confidence.
  • Provide the case manager with any information that is required for continuity of care.
  • Explain that client confidentiality prevents the nurse from disclosing information.
  • Ask the case manager to get the client's permission before sharing information.

Explanation: Answer reason: Case managers are part of the healthcare team; HIPAA permits sharing relevant information needed for treatment and continuity of care. Do not disclose unrelated personal confidences, and special permission is not required for care coordination.

Privacy and confidentiality of all client information is legally protected. In which of the following situations would the nurse make an exception to this practice?

  • When a family member offers information about their loved one
  • When the client threatens self-harm and harm to others
  • When the nurse decides that the family has a right to know the client's diagnosis
  • When a visitor insists that he has been given permission by the client

Explanation: Answer reason: Confidentiality is overridden when a client poses a threat to self or others (duty to warn/protect). Other situations require client authorization.

When giving a report to the oncoming shift, which action by the nurse could be considered an invasion of the client's privacy?

  • Asking the client if a nursing student can participate in their care
  • Allowing a photographer to take a sleeping client's photograph
  • Telling the oncoming nurse that the client has active herpes
  • Telling a visitor the client's room number

Explanation: Answer reason: Taking a client's photograph without explicit consent violates privacy and confidentiality. Sharing pertinent health information with the oncoming nurse is appropriate for continuity of care, and asking permission for student participation respects privacy.

A nurse is helping to admit a patient to the nursing unit of a hospital. The nurse gives the patient some written information about his rights to privacy while he is in the hospital. Which statement by the patient indicates that more teaching is needed in this area?

  • When my doctor's partner is on call, he will still be able to review my information.
  • I can get a copy of this medical record if I want to read it.
  • The nurse can make a copy of my medical record to send it to my friend.
  • You won't tell anyone about my condition if they call in over the phone.

Explanation: Answer reason: Protected health information cannot be disclosed to friends without the patient’s explicit authorization, and nurses should not copy/send records directly; releases are managed through proper consent and channels. An on-call partner involved in the patient’s care may access information for treatment purposes. Patients have the right to obtain and review copies of their medical record. Staff should not disclose a patient’s condition to callers over the phone without verified permission or a code.

A nurse is documenting in the electronic health record (EHR) at a shared workstation when another staff member approaches. Which action BEST protects client confidentiality?

  • Minimizing the chart window while stepping away briefly
  • Logging out of the EHR before leaving the workstation
  • Turning the monitor away from public view
  • Asking the staff member to wait until documentation is complete

Explanation: Answer reason: Logging out prevents unauthorized access to protected health information if the workstation is left unattended. Minimizing or turning the screen does not fully secure the record.

A nurse receives a phone call from a person claiming to be a client’s relative and requesting updates about the client’s condition. What is the MOST appropriate initial nursing action?

  • Provide general information without specific details
  • Ask the caller to come to the unit in person
  • Verify the caller’s identity and authorization before sharing information
  • Decline to provide any information and end the call

Explanation: Answer reason: Before disclosing any health information, the nurse must confirm the caller’s identity and authorization according to facility policy. Automatic disclosure or refusal without verification is inappropriate.

Which situation represents a CLEAR violation of client confidentiality?

  • Discussing a client’s diagnosis in an elevator with another staff member
  • Reviewing a client’s chart to prepare for an upcoming shift
  • Using a secure password to access the electronic health record
  • Sharing de-identified information for approved quality improvement activities

Explanation: Answer reason: Discussing identifiable client information in public areas exposes protected health information to unauthorized individuals and violates confidentiality standards.

Maintaining confidentiality meets?

  • Safety need
  • Social need
  • Esteem need
  • Self-actualization

Explanation: Answer reason: In Maslow’s hierarchy, safety and security needs include protection from harm, stability, order, and privacy. Maintaining patient confidentiality safeguards personal information and creates a sense of security and trust in the care environment. It reduces perceived threat and vulnerability, fulfilling safety needs rather than social, esteem, or self-actualization needs.

Which action is a VIOLATION of client confidentiality?

  • Using an agency computer that automatically logs off after a period of inactivity.
  • Leaving a clipboard with a client's prescription details face up on a shared desk.
  • Faxing a client's information to the equipment company using the pre-programmed speed dial.
  • Providing the client's name to the assigned Durable Medical Equipment (DME) supplier.

Explanation: Answer reason: Leaving identifiable health information (e.g., prescription details) visible in a shared area allows unauthorized individuals to access protected health information and is a direct breach of confidentiality. Automatic computer log-off is a security safeguard rather than a violation. Sending information to a DME/equipment company or supplier can be permissible when it is part of the client’s care/coverage needs and follows agency policy (minimum necessary information, correct recipient), but the unsecured clipboard is an immediate exposure risk.

A nurse should maintain confidentiality in psychiatric care to?

  • Protect patient privacy and trust
  • Hide mistakes
  • Avoid extra work
  • Make treatment shorter

Explanation: Answer reason: Confidentiality is an ethical and legal duty in all healthcare and is especially critical in psychiatric care to preserve patient privacy, dignity, and trust in the therapeutic relationship. When patients trust that sensitive information will be protected, they are more likely to disclose symptoms and engage in treatment. Confidentiality is not intended to conceal errors, reduce workload, or shorten treatment; it supports safe, respectful, patient-centered care.

The disadvantage of Electronic Health Records are the following, EXCEPT?

  • Expensive
  • Lack of integration
  • Downtime processes
  • Increased medical errors

Explanation: Answer reason: The question asks for the exception (i.e., which is NOT a disadvantage) of electronic health records (EHRs). Common disadvantages include high implementation/maintenance costs, interoperability or integration issues, and the need for downtime procedures when systems fail. EHRs are generally intended to reduce medical errors through legibility, decision support, and medication safety checks, even though they can introduce new error types if poorly designed or used. Therefore, “Increased medical errors” is the best choice as the exception.

Which action violates patient confidentiality?

  • Discussing care during shift report
  • Accessing chart of assigned patient
  • Sharing patient diagnosis on social media
  • Using initials on room door

Explanation: Answer reason: Posting any patient information (including diagnosis) on social media is a clear breach of confidentiality and information security. Discussing care in shift report and accessing the chart of an assigned patient are appropriate when done for care purposes and in private. Using initials on a room door may be allowed by facility policy, but it is not as clearly a confidentiality violation as sharing protected information online.

Which action violate patient confidentiality?

  • Discussing care with healthcare team
  • Using initials on whiteboard
  • Sharing patient info in elevator
  • Accessing chart for assigned patient

Explanation: Answer reason: Discussing patient information in a public place such as an elevator risks being overheard and is a clear breach of confidentiality. Discussing care with the healthcare team involved in the client’s care and accessing the chart for an assigned patient are permitted for treatment purposes. Using initials on a unit whiteboard may be allowed per facility policy when limited to minimum necessary information and not visible to the public; it is not the best single answer compared with elevator disclosure.

A nurse caring for a celebrity patient gets asked by friends about their condition. What’s the right response?

  • “I can’t discuss that.”
  • “They’re doing okay, I think.”
  • “You didn’t hear it from me, but…”
  • “Let me check their chart.”

Explanation: Answer reason: Patient health information is protected, and nurses must not disclose any details to friends or unauthorized individuals, regardless of the patient’s status. A clear refusal maintains confidentiality and aligns with HIPAA/ethical standards. The other responses either reveal information, imply willingness to share, or encourage accessing the chart for an inappropriate purpose.

True or False Confidentiality can be broken if patient harm is suspected?

  • True
  • False

Explanation: Answer reason: Confidentiality is not absolute; it may be breached when required to prevent serious harm to the patient or others or when mandated by law (e.g., suspected abuse/neglect, certain communicable disease reporting, threats of violence). In suspected harm situations, the nurse should follow institutional policy, notify the appropriate chain of command, and report only the minimum necessary information to the appropriate authority. This balances patient privacy with the duty to protect and promote safety.

The nurse is providing care to a client admitted to the hospital with a diagnosis of anxiety disorder. The nurse is talking with the client, and the client says, "I have a secret that I want to tell you. You won't tell anyone about it, will you?" Which is the appropriate nursing response?

  • No, I won't tell anyone.
  • I cannot promise to keep a secret.
  • If you tell me the secret, I will tell it to your doctor.
  • If you tell me the secret, I will need to document it in your record.

Explanation: Answer reason: The nurse must be honest about limits of confidentiality and cannot guarantee secrecy because certain information may need to be shared with the healthcare team or reported for safety/legal reasons (e.g., risk of harm, abuse). This response preserves trust while setting appropriate boundaries and encourages the client to disclose without feeling deceived later. Promising secrecy is unethical and potentially unsafe, and pre-committing to tell the doctor or chart everything can shut down therapeutic communication.

Describe why texting a picture of a client's wound could violate HIPAA regulations.?

  • Texting a picture of a client's wound is allowed under HIPAA if both nurses are authorized to view the information.
  • Texting a picture of a client's wound could violate HIPAA because it may expose protected health information without proper security measures.
  • Texting a picture of a client's wound is a secure method of communication under HIPAA regulations.
  • Texting a picture of a client's wound is encouraged for better patient outcomes under HIPAA.

Explanation: Answer reason: Standard texting is often not encrypted, may store images on personal devices/cloud backups, and can be accessed by unauthorized individuals, all of which risk disclosure of PHI. Even if the recipient is authorized, HIPAA requires safeguards such as secure, approved messaging platforms, access controls, and minimum necessary use. Using unsecured communication methods can create a reportable breach if confidentiality is compromised.

A nurse is caring for a teenage patient who is pregnant and has not told her parents. The parents ask the nurse about the patient’s condition. What is the most appropriate response by the nurse?

  • She’s doing fine, but I can’t share any details.
  • You’ll need to speak with your daughter directly about her condition.
  • I’m sorry, but I cannot disclose any information without the patient’s consent.
  • As her parents, you have the right to know everything about her care.

Explanation: Answer reason: Health information is protected, and the nurse must not share details with anyone who is not authorized, including family members, unless the patient consents or a specific legal exception applies. This response clearly sets the confidentiality boundary while remaining professional and nonjudgmental. It also avoids inadvertently confirming sensitive information beyond what is necessary and maintains the therapeutic relationship.

A nurse is admitting a client who 1 week postpartum and reports excessive vaginal bleeding. The nurse does not speak the same language as the client. The client’s partner and 10-year-old child are accompanying her. Which of the following actions should the nurse take to gather the client’s admission data?

  • Have the client’s child translate
  • Allow the client’s partner to translate
  • Request a female interpreter through the facility
  • Ask a nursing student who speaks the same language as the client to translate

Explanation: Answer reason: Using a trained facility interpreter ensures accurate, complete communication and reduces errors when collecting critical postpartum assessment information. It also supports client privacy and minimizes risk of coercion or withheld information that can occur when family members interpret. A female interpreter may increase the client’s comfort discussing sensitive reproductive concerns and bleeding. Children, partners, and untrained staff/students should not be used due to confidentiality and high risk of mistranslation.

A nurse is providing care for a surgeon on a medical-surgical unit. A nurse from another unit asks the nurse about the surgeon's medical diagnosis. The nurse responds that he is unable to provide the information requested. The nurse is displaying which of the following ethical principles?

  • Utility
  • Paternalism
  • Justice
  • Nonmaleficence

Explanation: Answer reason: Sharing a client’s diagnosis with staff who are not involved in that client’s care breaches confidentiality and can cause harm through stigma, discrimination, or loss of trust. Refusing to disclose protected health information helps prevent foreseeable harm and supports professional duty to safeguard privacy. Utility focuses on greatest good for the greatest number, paternalism involves overriding autonomy for perceived benefit, and justice concerns fairness in distribution and treatment—none primarily address preventing harm from inappropriate disclosure.

A Bosnian Muslim woman who does not speak English seeks care at a community clinic. Through physical gestures, the woman indicates that she has pain originating either in the pelvic or genital region. Assuming several people are available to interpret, who would be the most appropriate choice?

  • A female neighbor of the client who is also from Bosnia
  • A female interpreter who does not know the client
  • The client’s adult daughter
  • A Bosnian male, who is a certified medical interpreter

Explanation: Answer reason: This situation involves sensitive pelvic/genital symptoms, so privacy, dignity, and accurate communication are essential. Using a professional interpreter who is not personally connected to the client reduces risks of breached confidentiality, added embarrassment, and distorted translation. A female interpreter also supports cultural comfort for discussing intimate concerns. Family members or acquaintances may omit, alter, or withhold information and should not be used when a qualified interpreter is available.

The following individuals, in the absence of any written authorization from the adult inmate-patient, may have access to that patient's medical records?

  • Inmate's attorney
  • Private physician
  • U.S. congressman
  • None of the above

Explanation: Answer reason: Adult patients, including incarcerated individuals, retain privacy rights and their health information is protected; release generally requires the patient’s written authorization unless a specific legal exception applies. An attorney, private physician, or a U.S. congressman does not automatically have the right to access medical records without proper authorization or a valid legal mandate (e.g., court order, subpoena, or statutory requirement). The safest and most compliant action is to deny access and follow facility policy for verifying legal documentation and consent. This upholds confidentiality and information security standards.

The group used an audio recorder to capture what transpired during the interview. After the transcription, which of the following action is APPROPRIATE for the group to do with the audiotape?

  • Keep the audiotape in a vault and dispose of it a year after.
  • Submit the audiotape to their research adviser.
  • Throw it in the trash bin immediately after it was used.
  • Post the recording on their university research website for others to listen.

Explanation: Answer reason: Research recordings containing participant information must be protected to maintain confidentiality and comply with ethical standards for information security. Secure, access-controlled storage limits unauthorized disclosure while allowing legitimate audit or verification needs during the retention period. Disposing of the recording after an appropriate retention interval reduces ongoing privacy risk once it is no longer necessary for the study. Posting the recording publicly or discarding it in regular trash creates a high risk of identifiable data exposure, and handing it off without clear security controls can also violate data-protection procedures.

When nurse Clarence respects the clients self-disclosure, this is gauge for the nurses?

  • Respectfulness
  • Loyalty
  • Trustworthiness
  • Professionalism

Explanation: Answer reason: Respecting a client’s self-disclosure reflects maintaining confidentiality and honoring the therapeutic relationship, which is essential for building patient trust. When a nurse demonstrates that private information will be handled appropriately, the client is more likely to communicate honestly and fully, improving assessment and care. This behavior directly signals that the nurse can be relied upon to protect sensitive information and act in the client’s best interest. Options like respectfulness and professionalism are broader concepts, but the specific gauge tied to handling disclosed information is whether the nurse is trustworthy.

What is the relationship between HIPPA and technological advances?

  • Technology helps to foster HIPPA confidentiality.
  • Computers help us to share information with others.
  • Computer screens are not visible to others in the area.
  • Technology places us at risk for HIPPA violations.

Explanation: Answer reason: The core principle is that electronic health information is easier to access, copy, transmit, and inadvertently disclose than paper records, so privacy risks increase as technology use expands. Devices and systems such as EHRs, messaging, email, cloud storage, and portable media can lead to breaches through misdirected communication, weak passwords, unauthorized access, or improper screen visibility. This option directly reflects the real-world patient-safety and legal reality that technology introduces new vectors for privacy violations even when intended to improve care. A common trap is assuming technology automatically improves confidentiality, but safeguards (access controls, encryption, auditing, secure workflows) are required to prevent breaches. Therefore, the best relationship described is increased risk for violations without appropriate controls.

Which technological advance is MOST likely to place you at risk for HIPPA violations?

  • Social media
  • Word processing programs
  • Spreadsheets
  • Clouds and SOtts

Explanation: Answer reason: Social platforms encourage rapid posting, wide distribution, and screenshots/resharing, making inadvertent disclosure much more likely than in local, controlled office files. Even “de-identified” stories can become identifiable when combined with timing, location, unique diagnoses, or photos. Word processors, spreadsheets, and cloud storage can pose risks, but they are typically used in more controlled workflows with access controls and auditability when managed correctly; social platforms are inherently public-facing and high-risk.

A client with a diagnosis of bipolar disorder has been referred to a local boarding home for consideration for placement. The social worker telephoned the hospital unit for information about the client’s mental status and adjustment. The appropriate response of the nurse should be which of these statements?

  • I am sorry. Referral information can only be provided by the client’s health care providers.
  • “I can never give any information out by telephone. How do I know who you are?”
  • Since this is a referral, I can give you the this information.
  • I need to get the client’s written consent before I release any information to you.

Explanation: Answer reason: Client confidentiality requires authorization before disclosing protected health information to outside agencies that are not directly providing current care. A boarding home placement inquiry is not an emergency exception and typically needs a signed release specifying what can be shared and with whom. This response protects privacy while allowing appropriate coordination once consent is obtained. The “since this is a referral” statement is unsafe because referral status alone does not waive confidentiality. The telephone-based refusal is overly absolute and fails to apply the correct standard of obtaining consent and verifying permissible disclosure.

You are at lunch in the cafeteria. One of the nurses from another floor asks you about one of your patients and states, "She's my neighbor. I heard she was in the hospital." Choose the best response?

  • "We can talk about it when we leave the hospital."
  • "I really can't discuss any of my patients."
  • "I can't divulge much information, even if you know the patient. What do you want to know?"
  • "She's doing well. They thought she had a heart attack, but it was only angina."

Explanation: Answer reason: " Patient information is protected health information and must not be shared without a legitimate need-to-know for care, regardless of personal relationships like being a neighbor. The scenario is a public area (cafeteria) and the nurse is from another floor, so there is no established care-related reason to disclose anything. This response sets a clear boundary and prevents any inadvertent disclosure. Options that suggest talking later or asking what they want to know invite further discussion and risk privacy violations, and giving clinical details is an explicit breach of confidentiality.

The spouse of a patient in a long term treatment facility asks for the patient's treatment plan. The nurse should respond as follows?

  • Ask the patient for the information.
  • I cannot give you information on any patient.
  • The doctor will speak to you about the treatment plan.
  • Can you give me the Social Security Number?

Explanation: Answer reason: Patient health information (including the plan of care) is protected and may only be shared with others if the patient has authorized disclosure or if the requester is verified as a legally appropriate recipient. The safest immediate nursing action is to involve the patient to determine permission and preferences for what can be shared and with whom, preserving autonomy and confidentiality. A blanket refusal is not therapeutic and fails to address whether consent exists, while deferring to the provider is unnecessary because nurses can discuss the care plan when consent is verified. Requesting a Social Security number is not a valid authorization method and introduces privacy/security risk.

Two health care personnel are talking about a client by name in the facility elevator. The conversation is overheard by visitors in the same elevator. Which client right is violated?

  • The client’s right to review their medical records.
  • The client’s right to privacy.
  • The client’s right to have an advance directive.
  • The client’s right to refuse treatment.

Explanation: Answer reason: Discussing a client’s identifiable health information in a public area is a breach of confidentiality and violates the expectation that private information is only shared with those involved in care. Using the client’s name makes the information directly identifiable, increasing the privacy risk and failing the minimum-necessary standard. Elevators and hallways are not appropriate locations for clinical discussions because unintended listeners (visitors, other patients) can overhear. The other options relate to record access, end-of-life planning, and autonomy in accepting care, none of which is the issue in this scenario.

The violation of client confidentiality, as defined by HIPAA regulations, for the privacy and confidentiality of health information is a violation of?

  • Hospital policy on the confidentiality of health information.
  • The state nurse practice act.
  • Federal legislation enacted to assure the confidentiality of health information.
  • The nursing code of ethics.

Explanation: Answer reason: HIPAA is a federal law that establishes national standards for protecting individuals’ health information and governs permissible uses and disclosures. A breach of confidentiality under HIPAA therefore constitutes a violation of federal legislation, potentially triggering mandated reporting, civil penalties, and corrective actions. Hospital policies and the nursing code of ethics also require confidentiality, but they do not define HIPAA requirements and penalties. The nurse practice act may address professional conduct broadly, yet HIPAA-specific privacy rules originate from federal statute and regulations.

The 22-year-old client with a severe head injury is admitted to the critical care unit. Some of the client’s friends come to the nurse’s station requesting information. Which action would be most appropriate by the nurse?

  • Tell the friends to talk to the parents.
  • Discuss the client’s situation with the friends.
  • Allow the friends to visit the client for 10 minutes.
  • Explain that no information can be shared with the friends.

Explanation: Answer reason: Client health information is protected and may only be disclosed to individuals authorized by the client or legal surrogate. With a severe head injury, the client is likely unable to provide consent, so the nurse must not share condition updates or details with friends who are not verified decision-makers. Directing friends to the parents can still imply the client’s status and does not address the confidentiality requirement at the nurse’s station. Visitation decisions also require unit policy and patient/surrogate permission and do not substitute for protecting private information.

At the end of the shift, the nurse is reviewing charting information on the computer when called to a client’s room to assist with turning. The nurse should?

  • Ask another nurse to watch the computer screen as the first nurse leaves to assist with turning the client.
  • Nothing because the computer will automatically turn off.
  • Set the computer screen to screen saver mode.
  • Exit the chart and return to the computer password screen.

Explanation: Answer reason: Protecting confidentiality requires securing electronic health information any time the workstation is unattended, even briefly. Logging out/locking to the password screen is the most reliable way to prevent unauthorized viewing or chart access by visitors or staff who are not involved in the client’s care. Relying on an automatic shutoff or a screen saver does not ensure immediate protection and may still allow access if it is not password-protected. Having another nurse “watch” the screen is not an acceptable substitute for properly securing the record and does not eliminate the risk of a privacy breach.

In which circumstance may a nurse legally and ethically disclose confidential information about a client?

  • The human immunodeficiency virus (HIV) status of a single male client to his family members
  • The diagnosis of pancreatic cancer to the client’s significant other
  • The diagnosis of an uncontrolled seizure disorder of a taxi driver to a state agency
  • The client is 32 weeks pregnant with twins and is legally separated

Explanation: Answer reason: An uncontrolled seizure disorder in a commercial driver creates an immediate safety hazard to the public, and many jurisdictions require or permit reporting of medical conditions that impair driving to the appropriate authority. Disclosing HIV status to family or a cancer diagnosis to a significant other is not permitted without the client’s consent because it violates privacy and does not meet mandatory-reporting criteria. Pregnancy status and marital separation do not create a reportable condition that justifies releasing confidential information.

HIPAA is federal legislation enacted in 1996 to protect the privacy of health information and assure broader access to health insurance. HIPAA is an acronym for?

  • Health Insurance Portability and Accountability Act.
  • Health Information Privacy and Accountability Act.
  • Health Information Privacy and Access Act.
  • Hospital Information Privacy and Accountability Act.

Explanation: Answer reason: The core principle is that HIPAA is the U.S. federal law that establishes national standards for protecting individually identifiable health information and supporting insurance portability. The correct expansion explicitly includes “Insurance,” “Portability,” and “Accountability,” which are the defining elements of the statute’s name and scope. The distractors incorrectly swap in terms like “Information Privacy” or “Hospital,” which are not part of the law’s formal title and can mislead learners into focusing only on privacy rather than portability and accountability. Recognizing the exact acronym is essential for applying confidentiality and information-security rules in clinical documentation and communication.

The client had Billroth II surgery 24 hours ago. The client’s son approaches the nurse in the hallway and asks for information regarding his father’s condition. The wife is listed as the designated contact person. Which nurse response is best?

  • “What has the surgeon told you about your father’s condition?”
  • “Let’s both go into your father’s room and ask him how he feels.”
  • “Let’s go to a more private place to discuss your father’s condition.”
  • “Let’s review your father’s medical record information together.”

Explanation: Answer reason: Patient confidentiality requires that health information be shared only with the patient or the person the patient has authorized (here, the wife), so the nurse should not disclose details to the son in the hallway. Involving the client directly allows the client to decide what information to share and with whom, which aligns with privacy laws and client rights. It also moves the discussion to an appropriate context without implying unauthorized disclosure. Options that offer a private discussion with the son or review the medical record would still violate confidentiality if the client has not authorized him to receive information.

Before hospitalization, an adolescent client had decided to give up her newborn for adoption. The client had an uncomplicated vaginal delivery and is still committed to her decision. Which intervention should the nurse exclude?

  • Offer to the client a transfer to a different unit within the hospital.
  • Talk to the client about having possible feelings of ambivalence.
  • Initiate a case management or social work consult for the client.
  • Notify her family to ensure that support is available upon her discharge.

Explanation: Answer reason: Client confidentiality and autonomy require that the nurse not disclose sensitive reproductive/adoption decisions to others without the client’s permission. Automatically involving the family violates privacy and can undermine the adolescent’s right to control who receives her health information. Appropriate nursing care includes supporting normal emotional responses such as ambivalence and ensuring access to multidisciplinary resources (e.g., social work/case management) to address legal, psychosocial, and discharge needs. Offering environmental options (such as transfer) can also be therapeutic if exposure to other newborns increases distress, and it does not breach confidentiality.

How should computer monitors that display accessed client health information be positioned to ensure that no visitors to a health care facility or unauthorized persons will be able to view information stored on the facility's health information system?

  • Monitors should be positioned facing client rooms so that health care personnel can access the information easily.
  • Monitors should face away from any visitor area or client care area where information displayed could possibly be viewed by unauthorized persons.
  • Monitors should be turned off unless in use.
  • Monitors should be positioned for quick access. Visitors and unauthorized personnel are responsible not to view information not intended for their knowledge.

Explanation: Answer reason: The core principle is protecting confidentiality by preventing unauthorized disclosure of protected health information through simple environmental controls. Positioning screens away from public sightlines reduces the risk of incidental viewing (“shoulder surfing”) by visitors and other unauthorized individuals. Turning monitors off when not in use can help but does not address exposure while in use, which is the primary risk described. Relying on visitors to avert their eyes is not an acceptable safeguard because the facility is responsible for implementing reasonable protections for information security.

A 35-year-old client was admitted to the coronary care unit (CCU) 2 days ago with an acute myocardial infarction. Which action would breach client confidentiality?

  • The CCU nurse gives a verbal report to the nurse on the telemetry unit before transferring the client to that unit.
  • The CCU nurse notifies the on-call physician about a change in the client's condition.
  • The emergency department (ED) nurse calls up the latest electrocardiogram results to check the client's progress.
  • At the client's request, the CCU nurse updates the client's wife on his condition.

Explanation: Answer reason: Access to protected health information is permitted only for staff who are currently involved in the client’s care or who have a legitimate need-to-know. Two days after admission to the CCU, an ED nurse typically no longer has an active care role for this patient, so viewing new ECG results would be inappropriate access even if no information is shared externally. In contrast, handoff reporting during transfer and notifying the on-call physician are direct care communications within the treatment team. Sharing an update with the wife is permissible when the client requests it, reflecting patient-directed disclosure.

The neighbor of a nurse working in an urgent care clinic comes in for treatment. That evening after work, the nurse is out working in the yard when another neighbor walks by and says, "I heard that our neighbor went to the urgent care clinic today. Isn't that where you work? Was everything alright?" What response by the nurse demonstrates compliance with the confidentiality of health information?

  • Since I am off work and it was only a minor injury I can tell you.
  • It is nice of you to ask, and I do work at that urgent care clinic. The health information of every client is confidential and protected by law. Only our neighbor can give you that information.
  • I do work at the urgent care clinic. Our neighbor was fine, only a few minor scrapes and bruises. We have such a close, caring neighborhood.
  • I can neither confirm nor deny whether that client came to our urgent care clinic or not today.

Explanation: Answer reason: It is nice of you to ask, and I do work at that urgent care clinic. The health information of every client is confidential and protected by law. Only our neighbor can give you that information. HIPAA/confidentiality requires protecting all patient information, including the fact that a person sought care and any details about their condition, unless the patient has authorized disclosure. This response sets a clear boundary, explains the legal/ethical basis, and appropriately directs the inquirer to the patient as the only person who can choose to share. Options that describe the injury or even confirm attendance disclose protected information and violate confidentiality. A neutral refusal that still reinforces confidentiality and patient control is the safest and most professional approach.

Health care facilities store a large portion of their clients’ health information on the facility’s health information system. Each health care team member with a need to access health information is given a password or log in code. How closely is access to a facility’s health information system monitored?

  • Access is not monitored. After receiving a log in code and password, each employee accesses health information on the honor system.
  • Access is monitored intermittently.
  • Access of the health information system is monitored closely and constantly for inappropriate use of the system and health information stored on the system. There is a record of every log in, date, time and the information accessed.
  • Access is monitored only during business office hours when the system usage is the highest.

Explanation: Answer reason: Access of the health information system is monitored closely and constantly for inappropriate use of the system and health information stored on the system. There is a record of every log in, date, time and the information accessed. Health information systems must protect confidentiality by ensuring traceability and accountability for every access event. Continuous audit trails (user ID, timestamp, and record elements viewed) deter inappropriate access and allow investigation of suspected breaches. This aligns with standard privacy/security practices (e.g., HIPAA-aligned controls) where access is logged and reviewed, not left to an honor system. Options suggesting intermittent or business-hours-only monitoring are insufficient because privacy breaches can occur at any time and require auditable tracking to enforce client rights and institutional policy.

A friend contacts a nurse at work and states, “Our friend, _____, has just been in a car accident and is in your emergency room. I am so worried. Can you check your hospital computer system and tell me the extent of the injuries?” What is the most appropriate response by the nurse to the concerned friend?

  • I did not know about the accident, but I can’t look that information up for you. Every client’s health information is confidential and is protected by law. Unless I am caring for that person, I have no right to access their health information. I recommend that you contact the family for information.
  • I will look the information up, but do not tell anyone that I did. Health information is confidential and is protected by law.
  • OK, let me see here—the CAT scan looks terrible! You had better come to the emergency department as fast as you can!
  • I can’t look that up for you. I will get into trouble. Call the emergency department and see if they will give you any information.

Explanation: Answer reason: I did not know about the accident, but I can’t look that information up for you. Every client’s health information is confidential and is protected by law. Unless I am caring for that person, I have no right to access their health information. I recommend that you contact the family for information. Accessing or disclosing protected health information without a need-to-know relationship violates confidentiality and information-security standards. The nurse must not enter the chart or view results unless involved in the client’s care, and cannot release details to friends without authorization. This response both refuses the request and explains the legal/ethical basis while directing the caller to an appropriate source for updates. Options that promise secrecy or share diagnostic findings are clear breaches, and focusing only on “getting into trouble” is less professional and omits the client-rights rationale.

Which of the below choices is a violation of client PHI (protected health information)?

  • Client hears nurse speaking to another patient in a room seperated by a curtain
  • Nurse talks about a medication in the elevator
  • Nurse shares pregnancy test result with client's partner without client's permission
  • Nurse uses patient's name in waiting room

Explanation: Answer reason: A pregnancy test result is sensitive health information, and a partner is not automatically entitled to it without the client’s consent. This action is a direct, identifiable disclosure to an unauthorized person, which is a clear confidentiality breach. By contrast, using a patient’s name in a waiting room can be permissible as an incidental disclosure when done in a reasonable, minimum-necessary way.

The nurse answers a phone call regarding a patient who was discharged the day prior. The patient’s husband is stating they have a doctor’s appointment coming up and would like to share her test results from hospitalization at that appointment. The nurse hesitates and the husband voices the patient’s name and birthdate for verification. What should the nurse do?

  • Give the husband the information if he can provide the medical record number
  • Enter the patient’s chart to see if there is anything of significance the doctor would need to know at the next appointment
  • Voice that this information cannot be shared via telephone due to privacy and transfer the call to Medical Records
  • Call the doctor’s office to see if they have the same computer charting system as the hospital and if they can see the result themselves

Explanation: Answer reason: Protected health information can only be disclosed to the patient or a legally authorized person with documented permission; a spouse is not automatically entitled to results. Verifying identifiers like name and date of birth confirms patient identity, not the caller’s authorization to receive information. Directing the caller to the appropriate department supports release-of-information procedures (documentation of authorization, secure transmission, and proper accounting of disclosures). Options that disclose based on a medical record number or attempt informal cross-system access bypass required privacy safeguards and increase risk of an unauthorized disclosure.

Harry knows that he has to protect the rights of human research subjects. Which of the following actions of Harry ensures anonymity?

  • Keep the identities of the subject secret
  • Obtain informed consent
  • Provide equal treatment to all the subjects of the study
  • Release findings only to the participants of the study

Explanation: Answer reason: Anonymity means that the identity of participants is not disclosed or cannot be linked to their data. Keeping subjects’ identities secret protects anonymity. Informed consent relates to participant agreement, equal treatment relates to fairness, and limiting findings to participants does not ensure anonymity.

NCLEX SIMULATOR

Think you’re ready for the NCLEX?

Run through a full 150-question exam just like the real thing. You’ll hit the 85-question checkpoint and get a clear report showing where you stand.

150 questions Checkpoint at 85 Saved report
Start My Simulation Check my score →
Spread the love
← Back to Main Topic

Leave a Reply

Your email address will not be published. Required fields are marked *