CRIS TEST ACTUAL 2025/2026 QUESTIONS AND
100% CORRECT ANSWERS | GRADED A
INTRODUCTION
This CRIS TEST practice exam is designed for Health Information Management (HIM) professionals,
medical records technicians, release of information specialists, and healthcare compliance officers
seeking CRIS certification for the 2025/2026 testing cycle. The 200 questions are based on verified
exam materials from multiple top-rated sources and cover all critical domains required for the CRIS
certification examination, including medical record ownership and control, release of information
principles and procedures, HIPAA authorization requirements and core elements, valid authorizations
vs. invalid authorizations, special protections for sensitive information (chemical dependency, HIV,
mental health, genetic testing), disclosures without authorization (treatment, payment, operations,
public health, law enforcement), patient rights to access and amend records, accounting of disclosures,
legal requests and subpoenas, court orders vs. subpoenas, deceased patient record access, minors and
emancipated minor rights, designated record sets, breach notification requirements, enforcement
actions (civil and criminal penalties), and state-specific requirements vs. federal preemption. Content
aligns with HIPAA Privacy and Security Rules, CMS requirements, state privacy laws, and current
healthcare compliance best practices. Each question includes a detailed rationale explaining the
correct answer and relevant regulatory references or legal principles to reinforce learning and ensure
exam readiness.
DOMAIN 1: MEDICAL RECORD OWNERSHIP & CONTROL (20 Questions)
Question 1
Who legally owns the medical record?
A. The patient
B. The healthcare facility or provider
C. The insurance company
D. The government
Correct Answer: B
Rationale: The healthcare facility or provider owns the physical medical record. While patients
have rights to access and obtain copies of their health information, they do not own the actual
record. The record is considered the property of the healthcare provider who created it. This
distinction is fundamental in health information management.
Question 2
,What does the patient own regarding their medical record?
A. The physical paper record
B. The electronic storage system
C. The information contained within the record
D. The filing cabinets
Correct Answer: C
Rationale: While the healthcare facility owns the physical or electronic record, the patient owns
the information contained within it. This gives patients the right to access, inspect, and obtain
copies of their health information, but not the right to take possession of the original record
itself.
Question 3
Which of the following is included in the "designated record set" definition under HIPAA?
A. Only physician progress notes
B. Medical records, billing records, enrollment records, case management records, and quality
assessment records
C. Only laboratory results
D. Only discharge summaries
Correct Answer: B
Rationale: HIPAA defines "designated record set" as a group of records maintained by or for a
covered entity that includes medical records, billing records, enrollment records, case
management records, and quality assessment records. This comprehensive definition ensures
patients can access all information used to make decisions about their care.
Question 4
When a provider-patient relationship terminates, what determines medical record retention
requirements?
A. Federal law only
B. State law and statute of limitations
C. The patient's preference
,D. The insurance company's requirements
Correct Answer: B
Rationale: Record retention requirements after termination of the provider-patient relationship
are primarily governed by state law and the statute of limitations for medical malpractice
claims. While federal regulations like HIPAA require records be maintained for 6 years, state
laws may require longer retention periods, and the statute of limitations determines how long
records should be kept for legal protection.
Question 5
Which of the following is NOT part of the designated record set?
A. Medical records used for patient care decisions
B. Billing records used for payment decisions
C. Quality assessment records used for quality improvement
D. Psychotherapy notes maintained separately by the therapist
Correct Answer: D
Rationale: Psychotherapy notes are specifically excluded from the designated record set under
HIPAA. These notes are recorded by a mental health professional documenting or analyzing the
contents of conversation during private counseling sessions and are kept separate from the rest
of the medical record. They have special protection and are not subject to the same access
rights as other health information.
Question 6
Under HIPAA, how long must covered entities maintain documentation of their privacy practices
and policies?
A. 3 years
B. 6 years
C. 10 years
D. Permanently
Correct Answer: B
Rationale: HIPAA requires covered entities to maintain documentation of their privacy practices,
policies, and procedures for 6 years from the date of creation or the date when it last was in
, effect, whichever is later. This applies to privacy policies, authorizations, accounting of
disclosures, and other compliance documentation.
Question 7
What happens to medical record ownership when a healthcare facility is sold or transferred?
A. The patient automatically gains ownership
B. The records become government property
C. The new owner assumes responsibility for the records
D. All records must be destroyed
Correct Answer: C
Rationale: When a healthcare facility is sold or transferred, the new owner assumes
responsibility for maintaining the medical records. The ownership of the records transfers to the
new entity, which must continue to protect patient privacy and honor patient rights to access
their information under HIPAA and applicable state laws.
Question 8
Which statement is TRUE regarding state laws on medical record ownership?
A. All states have identical ownership laws
B. State laws vary but generally recognize provider ownership
C. Federal law prohibits states from regulating record ownership
D. Patients own records in all 50 states
Correct Answer: B
Rationale: State laws regarding medical record ownership vary, but the general principle across
jurisdictions is that healthcare providers own the physical or electronic record while patients
own the information contained within it. Some states have specific statutes addressing record
ownership, while others rely on common law principles.
Question 9
What is the primary purpose of maintaining medical records?
A. To generate revenue for the facility
B. To document patient care and ensure continuity of care
100% CORRECT ANSWERS | GRADED A
INTRODUCTION
This CRIS TEST practice exam is designed for Health Information Management (HIM) professionals,
medical records technicians, release of information specialists, and healthcare compliance officers
seeking CRIS certification for the 2025/2026 testing cycle. The 200 questions are based on verified
exam materials from multiple top-rated sources and cover all critical domains required for the CRIS
certification examination, including medical record ownership and control, release of information
principles and procedures, HIPAA authorization requirements and core elements, valid authorizations
vs. invalid authorizations, special protections for sensitive information (chemical dependency, HIV,
mental health, genetic testing), disclosures without authorization (treatment, payment, operations,
public health, law enforcement), patient rights to access and amend records, accounting of disclosures,
legal requests and subpoenas, court orders vs. subpoenas, deceased patient record access, minors and
emancipated minor rights, designated record sets, breach notification requirements, enforcement
actions (civil and criminal penalties), and state-specific requirements vs. federal preemption. Content
aligns with HIPAA Privacy and Security Rules, CMS requirements, state privacy laws, and current
healthcare compliance best practices. Each question includes a detailed rationale explaining the
correct answer and relevant regulatory references or legal principles to reinforce learning and ensure
exam readiness.
DOMAIN 1: MEDICAL RECORD OWNERSHIP & CONTROL (20 Questions)
Question 1
Who legally owns the medical record?
A. The patient
B. The healthcare facility or provider
C. The insurance company
D. The government
Correct Answer: B
Rationale: The healthcare facility or provider owns the physical medical record. While patients
have rights to access and obtain copies of their health information, they do not own the actual
record. The record is considered the property of the healthcare provider who created it. This
distinction is fundamental in health information management.
Question 2
,What does the patient own regarding their medical record?
A. The physical paper record
B. The electronic storage system
C. The information contained within the record
D. The filing cabinets
Correct Answer: C
Rationale: While the healthcare facility owns the physical or electronic record, the patient owns
the information contained within it. This gives patients the right to access, inspect, and obtain
copies of their health information, but not the right to take possession of the original record
itself.
Question 3
Which of the following is included in the "designated record set" definition under HIPAA?
A. Only physician progress notes
B. Medical records, billing records, enrollment records, case management records, and quality
assessment records
C. Only laboratory results
D. Only discharge summaries
Correct Answer: B
Rationale: HIPAA defines "designated record set" as a group of records maintained by or for a
covered entity that includes medical records, billing records, enrollment records, case
management records, and quality assessment records. This comprehensive definition ensures
patients can access all information used to make decisions about their care.
Question 4
When a provider-patient relationship terminates, what determines medical record retention
requirements?
A. Federal law only
B. State law and statute of limitations
C. The patient's preference
,D. The insurance company's requirements
Correct Answer: B
Rationale: Record retention requirements after termination of the provider-patient relationship
are primarily governed by state law and the statute of limitations for medical malpractice
claims. While federal regulations like HIPAA require records be maintained for 6 years, state
laws may require longer retention periods, and the statute of limitations determines how long
records should be kept for legal protection.
Question 5
Which of the following is NOT part of the designated record set?
A. Medical records used for patient care decisions
B. Billing records used for payment decisions
C. Quality assessment records used for quality improvement
D. Psychotherapy notes maintained separately by the therapist
Correct Answer: D
Rationale: Psychotherapy notes are specifically excluded from the designated record set under
HIPAA. These notes are recorded by a mental health professional documenting or analyzing the
contents of conversation during private counseling sessions and are kept separate from the rest
of the medical record. They have special protection and are not subject to the same access
rights as other health information.
Question 6
Under HIPAA, how long must covered entities maintain documentation of their privacy practices
and policies?
A. 3 years
B. 6 years
C. 10 years
D. Permanently
Correct Answer: B
Rationale: HIPAA requires covered entities to maintain documentation of their privacy practices,
policies, and procedures for 6 years from the date of creation or the date when it last was in
, effect, whichever is later. This applies to privacy policies, authorizations, accounting of
disclosures, and other compliance documentation.
Question 7
What happens to medical record ownership when a healthcare facility is sold or transferred?
A. The patient automatically gains ownership
B. The records become government property
C. The new owner assumes responsibility for the records
D. All records must be destroyed
Correct Answer: C
Rationale: When a healthcare facility is sold or transferred, the new owner assumes
responsibility for maintaining the medical records. The ownership of the records transfers to the
new entity, which must continue to protect patient privacy and honor patient rights to access
their information under HIPAA and applicable state laws.
Question 8
Which statement is TRUE regarding state laws on medical record ownership?
A. All states have identical ownership laws
B. State laws vary but generally recognize provider ownership
C. Federal law prohibits states from regulating record ownership
D. Patients own records in all 50 states
Correct Answer: B
Rationale: State laws regarding medical record ownership vary, but the general principle across
jurisdictions is that healthcare providers own the physical or electronic record while patients
own the information contained within it. Some states have specific statutes addressing record
ownership, while others rely on common law principles.
Question 9
What is the primary purpose of maintaining medical records?
A. To generate revenue for the facility
B. To document patient care and ensure continuity of care
