Certified Inpatient Coding (CIC) Practice Exam

Which action is considered a violation of HIPAA's privacy rule?

• A. The attending physician asking the nurse to give Mr. Brown his pain medication
• B. The hospital receptionist stating, "Yes Ms. Roland is in room 511 B. I will transfer you."
• C. A nurse and an orderly at a state hospital discussed the HIV/AIDS status of a patient in earshot of other patients
• D. The doctor's office calling central scheduling to schedule Mr. Tom's tendon release

The correct answer is: A nurse and an orderly at a state hospital discussed the HIV/AIDS status of a patient in earshot of other patients

The action described involves discussing a patient's HIV/AIDS status in a setting where other patients can overhear. This scenario constitutes a violation of HIPAA's privacy rule because it breaches the confidentiality of protected health information (PHI). Under HIPAA, healthcare providers are required to maintain the privacy and security of patients' medical information, and sharing sensitive information in an environment where unauthorized individuals can hear it is a clear infringement. This highlights the importance of safeguarding patient information and keeping discussions confidential to protect patient rights. The other actions listed do not violate HIPAA's privacy rule. For example, the attending physician discussing medication with the nurse is part of the treatment process and is permissible under HIPAA as long as it is done appropriately within the care team. The hospital receptionist confirming a patient's room number is typically acceptable, as this does not disclose sensitive health information and pertains to operational aspects of facility management. Likewise, the doctor's office calling for scheduling does not involve divulging any private health details, focusing instead on logistical arrangements.