Top Color:
Main Color:
Bottom Color:
Header Image:
  • background1
  • background2
  • background3
  • background4
  • background5
  • background6
  • background7
  • background8
  • background9
Layout Style:
  • Wide
  • Boxed

  |  
888-580-8373 | 952-405-7900
ccb@compliancecertification.org

Have a question?

Call CCB at 888-580-8373 or email ccb@compliancecertification.org

Sample CHPC exam questions

1. A new privacy officer is reviewing an organization’s current policy on patient requests for 
    amendments. Which of the following is the MOST critical to the evaluation process?


The sample questions are only intended to help familiarize you with the format of the exam. Questions presented here are not indicative of the actual exam, and results should not be inferred of actual exam results.

        a. Effective and revision dates of the policy
        b. Accurate description of the regulatory requirements
        c. Nature of complaints related to the policy
        d. Description of the form letters used to respond to requests

2. A new privacy officer performs an analysis to determine whether 
    the institution should be providing a notice of privacy practices 
    related to the Gramm-Leach-Bliley Act. Which of the following 
    business practices would require a healthcare institution to 
    provide such notice?

        a. Patients are expected to pay all claims at time of service through 
            either cash or commercial credit cards
        b. Patients are allowed to carry small balances forward from visit to visit
        c. Patients may pay for non-covered services through a low interest line
            of credit
        d. Patients must demonstrate proof of financial need in order to receive 
            a charity discount

3. According to the HIPAA Privacy Rule, which of the following may 
    be included in the fee charged when responding to a request for 
    medical records?

     Postage Retrieving
information
Summary
preparation
 
   a.

yes

 no

 yes

   b.

 yes

 yes

 yes

   c.

 no

 yes

 yes

   d.

 yes

 no

 no

 

4. As part of due diligence on business associates, a privacy officer would be MOST concerned 
    with confirming that they conduct:

        a. Criminal background checks
        b. Credit history checks
        c. Provider credentialing checks
        d. Health screening checks

5. Data breach response training is required by which of the following regulations?
        a. HITECH
        b. GLBA
        c. FMLA
        d. Privacy Act

6. A privacy program monitoring tool identifies a large number of records sent by an employee 
    to an outside email address. To determine whether this is a problem, which of the following 
    should the privacy officer confirm FIRST?

        a. The position of the employee emailing the records
        b. The identity of patient records involved 
        c. The time of day the records were sent
        d. The reason the records were emailed

7. A business associate has contacted an organization’s privacy officer to alert him that some 
    patient information that they hold in relation to the BAA may have been breached. An 
    employee took a laptop that contained patient information from several vendors and 
    misplaced it at an airport. They are not 100% sure that information from the organization 
    was on the laptop. Which of the following is the MOST appropriate response by the privacy officer?

        a. Rely on the business associate to conduct any needed notifications
        b. Notify each individual whose PHI has been possibly disclosed
        c. Determine if the breach involved more than 500 individuals
        d. Assure that all notifications occur no later than 90 days after discovery


Answer key: 1. B, 2. C, 3. A, 4. A, 5. A, 6. D, 7. C