HIPAA or Hearsay?
Privacy Pitfalls
Who Needs to Know?
Autonomy in Action
What Would You Do?
100

Can a client’s name be posted on a public whiteboard in a rehab gym?

No- It violates HIPAA

100

You overhear two OTs discussing a client’s mental health in the hallway. Is this a problem?

Yes – it’s a breach of confidentiality.

100

Should a client's caregiver always receive updates?

Only if there is signed consent.

100

A client refuses a recommended adaptive device. What principle applies?

Autonomy

100

A client shares suicidal thoughts in session. Do you keep it private?

No – you have a duty to report for safety.

200

Is it okay to email client progress notes to a supervisor?

Only through a secure, encrypted system

200

You take a selfie in the clinic with a client in the background. Is this a problem?

Yes – unintentional privacy breach.

200

You’re working with a teen. Can their parents access all session notes?

It depends on the law and age of consent.

200

A client wants to work on cooking, but the family insists on grooming. What should guide you?

Client-centered goals.

200

A coworker jokes about a client’s diagnosis in the break room. What do you do?

Address the behavior professionally or report it.

300

You leave a paper chart open at the nurse’s station. Is this a HIPAA violation?

Yes- Exposed PHI

300

Can you text a client a reminder for an appointment?

Only with consent and no health info included.

300

Who can access therapy documentation?

Authorized providers, client, or others with consent.

300

A client refuses to participate in group therapy. Your response?

Respect their choice; explore alternatives.

300

A family asks you to lie to the client about their prognosis. What do you do?

Uphold veracity and client autonomy.

400

You use initials instead of names in emails. Still a HIPAA concern?

Yes – may still be identifiable info.

400

You post a case success story (no names) on social media. Is this okay?

Only with written consent.

400

A physician calls about your client. Can you give details?

Only if involved in the care team and proper release exists.

400

Your client declines services mid-treatment. Can they?

Yes – they have the right to withdraw.

400

You see your client at the grocery store and say, “Hi, how’s therapy going?” Is this a problem?

Yes – public disclosure of private info.

500

Can you discuss a case in class as a student?

Yes, but only with full de-identification.

500

Can you use case examples in your portfolio?

Only with consent and anonymization.

500

A family member without Power of Attorney wants updates. What do you do?

Deny request unless client approves.

500

A client wants to skip a key part of the discharge plan. Your approach?

Explore why; adapt collaboratively.

500

You accidentally share a client’s info in a group email. Now what?

Report breach per policy and notify supervisor.