NCLEX Law Tips for Nurses

by

NCLEX legal questions evaluate whether nursing practice complies with federal privacy requirements, consent standards, patient rights, mandatory reporting duties, advance care planning laws, and tort liability principles.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 is a U.S. federal law that protects the privacy and confidentiality of a patient’s protected health information and regulates how protected health information is used and disclosed.

Need-To-Know Disclosures

Protected health information is shared only with workforce members directly involved in the patient’s care. Access and disclosures are limited to the information required to perform the assigned task.

Accredited HIPAA Certification

Clinical status details are not shared with staff who are not participating in treatment, even when the requester holds a clinical title. A request based on personal interest, neighborhood familiarity, or family connection does not create a permitted purpose.

Prohibited Chart Access

Accessing a chart without a current work-related need is unauthorized access. Viewing a record to “check on” a relative, friend, or former patient is not a permitted workforce activity when the nurse is not assigned to the patient’s care.

Audit logs capture user access activity. Unauthorized access can trigger employment action and regulatory reporting obligations under organizational policy.

Prohibited Conversation Locations

Protected health information is not discussed in hallways, elevators, cafeterias, waiting rooms, or outside the facility. Conversations about a patient’s diagnosis, results, or treatment plan are conducted in controlled areas where noninvolved persons cannot readily overhear.

Incidental overhearing does not automatically create a violation when reasonable safeguards are used, such as privacy curtains and lowered voices, and the underlying communication is otherwise permitted.

Computer And Charting Security Practices

Credential integrity and session control support access management and accountability.

  • Passwords are not shared with any person.
  • The workstation is logged off when stepping away.
  • An unattended session left open by another user is secured by logging off or locking the workstation.

Credential sharing eliminates reliable attribution in audit logs and can create individual accountability for actions taken under the shared credentials.

Removal And Disposal Of Protected Health Information

Paper and printed materials containing protected health information are handled as regulated records.

  • Protected health information is not taken home.
  • Report sheets are disposed of using secure shredding.
  • Older records are stored in secured locations under access control.

Transport of documents outside the facility for convenience creates an impermissible disclosure pathway and defeats secure disposal controls.

Release Of Information To Family And Friends

Patients have a right to access their own records. Protected health information is not released to spouses, family members, or friends without the patient’s permission or another permitted basis applied through organizational policy aligned to HIPAA.

Verification processes are part of disclosure compliance. Telephone requests for laboratory results or diagnoses require confirmation that the patient has authorized the disclosure or that a permissible disclosure pathway applies.

Reporting Suspected Breaches

Observed or suspected privacy incidents are reported through the organization’s incident reporting pathway. The covered entity performs the required breach risk assessment and determines notification obligations under compliance procedures.

Common Exam Traps

Spousal requests are commonly framed as routine. The compliant response confirms the patient’s permission before disclosure. Disclosures to transporters and unit clerks are limited to task-related instructions, not diagnosis, prognosis, or laboratory detail.

Nonviolations Frequently Used In Questions

The following actions are treated as nonviolations when diagnosis and detailed clinical information are not disclosed.

  • Calling out a patient’s full legal name in a waiting room for identification.
  • Visitors discussing their loved one in a waiting room.
  • A roommate overhearing limited report content through a curtain when reasonable safeguards were used.
  • Writing a patient’s last name on a whiteboard.
  • Instructing visitors to wear a mask for isolation without disclosing diagnosis.
  • General discussion of diseases without identifying a specific patient.

Exceptions For Safety And Legal Duties

Certain disclosures are permitted or required for safety and legal obligations. Threats of self-harm or harm to others can require disclosure under safety and duty-to-warn frameworks. Mandatory reporting obligations for suspected abuse or neglect can require disclosure to authorities without patient consent.

Patient Self-Determination Act (PSDA)

The Patient Self-Determination Act is a federal law that supports patient rights to make decisions about medical care, including end-of-life care preferences, through advance care planning.

Facilities ask admitted patients whether they have an advance directive. Facilities provide written information about patient rights and options for healthcare decision-making when no advance directive is available in the record.

Admission processes are evaluated for documentation of the inquiry and provision of written materials.

Advance Directives

Advance directives are legal documents that state desired medical care when a patient cannot communicate decisions due to incapacity.

Documentation And Availability

Advance directives are placed in the medical record. Copies are distributed to identified healthcare agents and other persons involved in decision support. Storage practices address availability during emergencies, including avoiding reliance on a single copy stored offsite.

Witnessing And Execution

Advance directives often do not require notarization. Completion with two witnesses is accepted in many settings, subject to state law and facility policy.

  • Witnesses are not staff directly involved in the patient’s care.
  • Witnesses are not the named healthcare agent.

No Advance Directive Present

When no directive is available, treatment decisions default to the standard applied to an average reasonable person in a similar situation, which commonly results in full treatment pending clarification.

Durable Power Of Attorney For Health Care (DPOA-HC)

Durable Power Of Attorney For Health Care designates a healthcare agent to make medical decisions when the patient lacks decision-making capacity. The named healthcare agent holds decision authority even when family members disagree.

Operational practice distinguishes medical decision authority from financial authority. Documentation should confirm that the instrument grants healthcare decision-making authority.

Living Will

A living will outlines treatment preferences when the patient is incapacitated. The living will can address life-sustaining interventions such as ventilator support and artificial nutrition and hydration, along with resuscitation preferences.

Code status terminology commonly includes Full Code, Do Not Resuscitate, Do Not Intubate, and Allow Natural Death. Comfort measures can remain permissible depending on the document and related orders. Oxygen by nasal cannula, selected medications, and fluids may be consistent with comfort-focused care when ordered and aligned to documented wishes.

Physician Orders For Life-Sustaining Treatment (POLST)

Physician Orders For Life-Sustaining Treatment is a portable medical order that translates patient preferences into actionable clinical orders across care settings. The form is used to communicate treatment intensity and resuscitation choices in a standardized format.

Informed Consent

Informed consent is a legal doctrine requiring a patient’s voluntary agreement to an invasive procedure or surgery after receiving information about the intervention, risks and benefits, risks of no treatment, and reasonable alternatives.

Battery Exposure For Procedures Without Consent

Performing an invasive procedure without valid consent can constitute battery as an intentional tort. Consent failures include absent consent, lack of capacity, coercion, or proceeding after a competent refusal.

Who Can Provide Consent

Consent is provided by a competent adult patient or by a legally authorized decision maker when the patient lacks capacity.

Common authorized sources include a parent or guardian for a minor, a court-specified representative, a legal guardian, and a healthcare surrogate or proxy consistent with state law. Emancipated minors can provide consent within the scope permitted by state law.

Altered level of consciousness and impaired decision-making capacity can occur with unconsciousness, intoxication, delirium, dementia, and acute psychiatric episodes that prevent understanding and voluntary decision-making.

Medical Interpreter Requirement

A patient who does not speak English requires a medical interpreter for informed consent. Family members and friends are not used as interpreters for consent discussions due to accuracy risk and conflicts of interest.

Provider And Nurse Responsibilities

The provider obtains informed consent and explains procedure-specific risks, benefits, and alternatives and answers procedure-specific questions. The nurse supports the process without substituting for the provider.

  • The nurse witnesses the signature on the consent form.
  • The nurse documents the date and time of signatures.
  • The nurse verifies apparent competence and voluntariness.
  • The nurse assesses understanding and notifies the provider when misunderstanding exists.
  • The nurse provides general perioperative teaching that does not involve procedure-specific risk counseling.

Additional Procedures During Surgery

When an additional non-emergent procedure is identified during surgery, consent is obtained from the medical power of attorney or next of kin consistent with state law and facility policy. Telephone consent is witnessed by two authorized individuals. Life-saving emergencies proceed under emergency treatment authority consistent with code status and documented directives.

Leaving Against Medical Advice (AMA)

Leaving Against Medical Advice is a patient right concept allowing a competent patient to leave a facility before discharge after receiving information about risks.

A patient may leave when the patient has decision-making capacity, receives education about the risks of leaving, and is not subject to a legal hold. Suicide holds and certain psychiatric holds restrict the ability to leave.

Practice expectations in AMA scenarios include provider notification, documentation of education and capacity, and removal of invasive lines when clinically appropriate and safe.

  • Risks of leaving are explained in factual terms.
  • The provider is notified of the patient’s decision.
  • Security is not used to prevent departure in the absence of legal authority.
  • The patient signs an AMA form or refusal to sign is documented.
  • Intravenous lines and tubes are removed when clinically appropriate.

Mandatory Reporting

Mandatory reporting laws require nurses to report suspected abuse or neglect involving children, elders, and other vulnerable adults. Reporting is based on reasonable suspicion formed during assessment rather than confirmed proof.

Assessment precedes reporting actions within clinical workflow. Assessment includes interview, physical examination, and history. Documentation captures objective findings and relevant statements.

  • The patient is protected from immediate harm.
  • The patient is interviewed separately from the suspected abuser.
  • Evidence is collected and preserved within policy.
  • Safety planning is initiated and resources for shelters and safe housing are provided.

Child interviews use open-ended questions. Communication avoids promises of secrecy because reporting is required.

  • The child is told the abuse is not the child’s fault.
  • The child is told the child is not in trouble.
  • Promises are not made and secrecy is not offered.

Tort Law

Tort law addresses civil wrongs that violate rights and can create legal liability. The burden of proof rests with the accuser in a tort claim.

Unintentional Torts

Negligence is failure to meet the standard of care expected of a reasonable prudent nurse in the same role and circumstances. Malpractice is professional negligence by a licensed clinician that causes patient harm. Abandonment occurs when a nurse accepts responsibility for a patient and leaves without transferring care to an appropriate clinician.

Intentional Torts

Assault is a threat of harm that creates apprehension. Battery is harmful or nonconsensual touching or procedures, including treatment administered after a competent refusal. False imprisonment is restraint or confinement against a patient’s will without legal authority, excluding lawful psychiatric or suicide holds. Invasion of privacy involves unauthorized disclosure of patient information and overlaps operationally with HIPAA violations. Defamation of character harms reputation through false statements.

Libel is written defamation. Slander is spoken defamation.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]