CHPC EXAM STUDY SET 1 QUESTIONS
AND ANSWERS WITH VERIFIED
SOLUTIONS 100% CORRECT!!!
Most critical to evaluating a policy on patient requests for amendments:
Answer✔✔: B. Accurate description of the regulatory requirements
A policy should accurately describe the regulatory requirements to ensure
compliance with HIPAA and other relevant laws. This is essential in guiding the
proper handling of patient requests for amendments to health information.
2. Most critical due diligence concern for Business Associates:
Answer✔✔: A. Criminal background checks
When conducting due diligence on Business Associates (BAs), it is important to
confirm that BAs conduct criminal background checks to ensure that they are
trustworthy and meet the necessary security and privacy standards.
3. Data breach response training required by which regulation?
Answer✔✔: A. HITECH
The HITECH Act (Health Information Technology for Economic and Clinical
Health Act) requires data breach response training as part of efforts to ensure that
organizations are prepared to address and report data breaches involving Protected
Health Information (PHI).
4. Appropriate response to a potential breach involving a business associate:
Answer✔✔: C. Determine if the breach involved more than 500
individuals
The first step is to assess whether the breach involved more than 500 individuals,
as this triggers different reporting requirements and actions under HIPAA.
, 5. First action when discovering an IRB has not been reviewing consents or
authorizations:
Answer✔✔: C. Contact legal counsel
The privacy officer should first contact legal counsel to discuss the potential legal
and regulatory implications of the IRB's failure to review informed consents and
authorizations.
6. Use of patient health information that does not require authorization:
Answer✔✔: a. Treatment, payment, health care administration
These activities are considered "permitted uses" under HIPAA and do not require
the patient's specific authorization.
7. What is considered Protected Health Information (PHI) under HIPAA?
Answer✔✔:
o a. Phone number
o b. Medical record number
o c. License plate number
o d. Email address
All of these are considered PHI because they can identify an individual, and
HIPAA protects all personally identifiable health information.
8. Information HIPAA rules do not require providers to grant access to:
Answer✔✔: c. Psychotherapy notes
Under HIPAA, psychotherapy notes are treated separately from other health
records and are not subject to the same access and disclosure requirements as other
types of medical records.
AND ANSWERS WITH VERIFIED
SOLUTIONS 100% CORRECT!!!
Most critical to evaluating a policy on patient requests for amendments:
Answer✔✔: B. Accurate description of the regulatory requirements
A policy should accurately describe the regulatory requirements to ensure
compliance with HIPAA and other relevant laws. This is essential in guiding the
proper handling of patient requests for amendments to health information.
2. Most critical due diligence concern for Business Associates:
Answer✔✔: A. Criminal background checks
When conducting due diligence on Business Associates (BAs), it is important to
confirm that BAs conduct criminal background checks to ensure that they are
trustworthy and meet the necessary security and privacy standards.
3. Data breach response training required by which regulation?
Answer✔✔: A. HITECH
The HITECH Act (Health Information Technology for Economic and Clinical
Health Act) requires data breach response training as part of efforts to ensure that
organizations are prepared to address and report data breaches involving Protected
Health Information (PHI).
4. Appropriate response to a potential breach involving a business associate:
Answer✔✔: C. Determine if the breach involved more than 500
individuals
The first step is to assess whether the breach involved more than 500 individuals,
as this triggers different reporting requirements and actions under HIPAA.
, 5. First action when discovering an IRB has not been reviewing consents or
authorizations:
Answer✔✔: C. Contact legal counsel
The privacy officer should first contact legal counsel to discuss the potential legal
and regulatory implications of the IRB's failure to review informed consents and
authorizations.
6. Use of patient health information that does not require authorization:
Answer✔✔: a. Treatment, payment, health care administration
These activities are considered "permitted uses" under HIPAA and do not require
the patient's specific authorization.
7. What is considered Protected Health Information (PHI) under HIPAA?
Answer✔✔:
o a. Phone number
o b. Medical record number
o c. License plate number
o d. Email address
All of these are considered PHI because they can identify an individual, and
HIPAA protects all personally identifiable health information.
8. Information HIPAA rules do not require providers to grant access to:
Answer✔✔: c. Psychotherapy notes
Under HIPAA, psychotherapy notes are treated separately from other health
records and are not subject to the same access and disclosure requirements as other
types of medical records.
