HCCA CHPC EXAMINATION 2026 ACTUAL
QUESTIONS WITH DETAILED ANSWERS
GRADED A+
⩥HIPAA resides in which CFR section? Answer: 45 CFR sections
164.102 through 164.534
https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
⩥What are the subparts of HIPAA part 164? Answer: HIPAA - 45 CFR
164, subparts:
Subpart A - General rules
Subpart C - Security
Subpart D - Breach notification
Subpart E - Privacy
https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
⩥How do you determine if an organization is a "Covered Entity"?
Answer: 1. compare if the organization meets one of the 3 types of CE
(provider, health plan, clearinghouse)
and
,2. determine if the organization electronically transmits one of the 9
defined transactions:
• Health claims or equivalent encounter information
• Health claims attachments
• Enrollment and disenrollment in a health plan
• Eligibility for a health plan
• Health care payment and remittance advice
• Health plan premium payments
• First report of injury
• Health claim status
• Referral certification and authorization
In addition, business associates of covered entities must follow parts of
the HIPAA regulations.
https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-
consumers/index.html
⩥This Act established in 1974 was created for government agencies
placing restrictions on how the government can share the information
maintained in Federal systems of records that might infringe on an
individual's privacy rights with other individuals and agencies. Answer:
The Privacy Act of 1974
⩥Which of the following is not considered a HIPAA Entity Designation:
,1. Affiliated covered entity
2. Entity that performs healthcare and non-healthcare component
activities including both covered and non-covered functions
3. A group health plan
4. Contract arrangement with FEDEX carrier Answer: 4. Contract
arrangement with FEDEX carrier
⩥What is Gramm-Leach-Bliley Act (GLBA)? Answer: Gramm-Leach-
Bliley Act (GLBA), also known as the Financial Services Modernization
Act of 1999, includes The Financial Privacy Rule and The Safeguards
Rule requires all financial institutions to protect customer's personal
financial information.
⩥What is an OHCA? Answer: OHCA (Organized Health Care
Arrangement) it's a clinically integrated care setting where individuals
receive health care from more than one provider.
These are joint arrangements/activities and have an Integrated Delivery
System for easy exchange of PHI data. See 45 CFR 160.103. OHCAs
can also utilize a joint NPP. See 45 CFR § 164.520(d).
ACE (Affiliated Covered Entity) do not have an Integrated Delivery
System because these are legally separate covered entities that are
associated in business, or affiliated as a result of some common control
or ownership.
, Both the OHCA and the ACE would allow sharing of PHI across
participating entity lines for treatment, payment, operations purposes
(TPO).
⩥What's an ACE? Answer: ACE (Affiliated Covered Entity)
Legally separate covered entities that share common control/ownership
and designate themselves as a single CE for the purpose of complying
with the HIPAA Privacy standards.
ACEs do not have an Integrated Delivery System, while OHCA do, and
can share a single NPP. See 45 CFR § 164.520(d)
ACE example: a health system composed on several affiliated hospitals.
Both the OHCA and the ACE would allow sharing of PHI across
participating entity lines for treatment, payment, operations purposes
(TPO).
⩥What's a Hybrid Entity? Answer: Entity that conducts both covered
functions (or healthcare-functions) and non-covered functions (other
biz/non-healthcare functions) to elect to be a "hybrid entity."
For instance, a University System that has a research laboratory or
academic medical center.
The post-secondary functions (non-healthcare components) do NOT
need to comply with HIPAA.
QUESTIONS WITH DETAILED ANSWERS
GRADED A+
⩥HIPAA resides in which CFR section? Answer: 45 CFR sections
164.102 through 164.534
https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
⩥What are the subparts of HIPAA part 164? Answer: HIPAA - 45 CFR
164, subparts:
Subpart A - General rules
Subpart C - Security
Subpart D - Breach notification
Subpart E - Privacy
https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
⩥How do you determine if an organization is a "Covered Entity"?
Answer: 1. compare if the organization meets one of the 3 types of CE
(provider, health plan, clearinghouse)
and
,2. determine if the organization electronically transmits one of the 9
defined transactions:
• Health claims or equivalent encounter information
• Health claims attachments
• Enrollment and disenrollment in a health plan
• Eligibility for a health plan
• Health care payment and remittance advice
• Health plan premium payments
• First report of injury
• Health claim status
• Referral certification and authorization
In addition, business associates of covered entities must follow parts of
the HIPAA regulations.
https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-
consumers/index.html
⩥This Act established in 1974 was created for government agencies
placing restrictions on how the government can share the information
maintained in Federal systems of records that might infringe on an
individual's privacy rights with other individuals and agencies. Answer:
The Privacy Act of 1974
⩥Which of the following is not considered a HIPAA Entity Designation:
,1. Affiliated covered entity
2. Entity that performs healthcare and non-healthcare component
activities including both covered and non-covered functions
3. A group health plan
4. Contract arrangement with FEDEX carrier Answer: 4. Contract
arrangement with FEDEX carrier
⩥What is Gramm-Leach-Bliley Act (GLBA)? Answer: Gramm-Leach-
Bliley Act (GLBA), also known as the Financial Services Modernization
Act of 1999, includes The Financial Privacy Rule and The Safeguards
Rule requires all financial institutions to protect customer's personal
financial information.
⩥What is an OHCA? Answer: OHCA (Organized Health Care
Arrangement) it's a clinically integrated care setting where individuals
receive health care from more than one provider.
These are joint arrangements/activities and have an Integrated Delivery
System for easy exchange of PHI data. See 45 CFR 160.103. OHCAs
can also utilize a joint NPP. See 45 CFR § 164.520(d).
ACE (Affiliated Covered Entity) do not have an Integrated Delivery
System because these are legally separate covered entities that are
associated in business, or affiliated as a result of some common control
or ownership.
, Both the OHCA and the ACE would allow sharing of PHI across
participating entity lines for treatment, payment, operations purposes
(TPO).
⩥What's an ACE? Answer: ACE (Affiliated Covered Entity)
Legally separate covered entities that share common control/ownership
and designate themselves as a single CE for the purpose of complying
with the HIPAA Privacy standards.
ACEs do not have an Integrated Delivery System, while OHCA do, and
can share a single NPP. See 45 CFR § 164.520(d)
ACE example: a health system composed on several affiliated hospitals.
Both the OHCA and the ACE would allow sharing of PHI across
participating entity lines for treatment, payment, operations purposes
(TPO).
⩥What's a Hybrid Entity? Answer: Entity that conducts both covered
functions (or healthcare-functions) and non-covered functions (other
biz/non-healthcare functions) to elect to be a "hybrid entity."
For instance, a University System that has a research laboratory or
academic medical center.
The post-secondary functions (non-healthcare components) do NOT
need to comply with HIPAA.
