HCCA - CHPC STUDY QUESTIONS
(MASTER FLASHCARDS)AND 100%
CORRECT ANSWERS REVIEWED
AND VERIFIED BY EXPERT 2025 NEW
UPDATE.
What is the purpose of HIPAA?
ANS:
Protect PHI from unauthorized use or disclosure.
Prevent fraud, waste, and abuse via Administrative Simplification.
Make health insurance portable under ERISA.
Transition healthcare to standardized electronic billing systems.
What sections of the CFR does HIPAA reside in?
ANS:
45 CFR sections 164.102 through 164.534
What are the subparts of HIPAA Part 164?
ANS:
Subpart A: General Rules
Subpart C: Security
Subpart D: Breach Notification
Subpart E: Privacy
How do you determine if an organization is a "Covered Entity"?
ANS:
1. Compare if the organization meets one of the 3 types of CE (provider, health plan,
clearinghouse).
, 2. Determine if the organization electronically transmits one of the 9 defined transactions,
such as:
o Health claims or equivalent encounter information
o Health claims attachments
o Enrollment and disenrollment in a health plan
o Eligibility for a health plan
o Health care payment and remittance advice
o Health plan premium payments
o First report of injury
o Health claim status
o Referral certification and authorization
Which Act was created in 1974 to restrict how the government shares information in
Federal records that might infringe on an individual’s privacy rights?
ANS:
The Privacy Act of 1974
Which of the following is not considered a HIPAA Entity Designation?
ANS:
Contract arrangement with FEDEX carrier
Options:
1. Affiliated Covered Entity
2. Entity that performs healthcare and non-healthcare component activities including both
covered and non-covered functions
3. A group health plan
4. Contract arrangement with FEDEX carrier
What is the Gramm-Leach-Bliley Act (GLBA)?
ANS:
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services
Modernization Act of 1999, includes the Financial Privacy Rule and the Safeguards Rule,
which require financial institutions to protect customers' personal financial information.
,What is an OHCA (Organized Healthcare Arrangement)?
ANS:
OHCA refers to a clinically integrated care setting where individuals receive healthcare
from more than one provider, with joint arrangements for easy exchange of PHI data.
OHCAs can also utilize a joint NPP (Notice of Privacy Practices).
What is an ACE (Affiliated Covered Entity)?
ANS:
ACEs are legally separate covered entities that share common control or ownership and
designate themselves as a single CE for HIPAA Privacy standards compliance.
ACEs do not have an Integrated Delivery System like OHCAs, and they may share a
single NPP.
What is a Hybrid Entity?
ANS:
A Hybrid Entity is an entity that conducts both healthcare and non-healthcare functions.
Only its healthcare component is subject to HIPAA provisions.
Example: A University System with both healthcare and non-healthcare components,
such as a research laboratory.
What is a healthcare transaction under HIPAA?
ANS:
The transmission of information between two parties to carry out financial or
administrative activities related to healthcare.
Examples of healthcare transactions include:
o Healthcare claims
o Coordination of benefits
o Health plan premium payments
What are examples of Business Associates (BA)?
ANS:
, A BA performs functions or activities on behalf of a covered entity that involve access to
PHI.
Examples:
o Claims processing
o Data analysis
o Billing
o Benefit management
o Quality assurance
True or False: A hospital is not required to have a business associate contract with the
specialist to whom it refers a patient and transmits the patient's medical chart for
treatment purposes.
ANS:
TRUE (Use and disclosure of PHI for treatment, payment, and operations purposes
require no specific authorization.)
True or False: Under HIPAA and HITECH, individuals or entities who have been
identified as business associates are obligated to enter into a business associate agreement
with their contracted covered entities.
ANS:
TRUE
Except for TPO, list two examples where a CE requires authorization to use/disclose PHI.
ANS:
1. Sales and marketing
2. Psychotherapy notes
How do you determine if an entity is subject to HIPAA?
ANS:
By understanding the applicability (healthcare component), and ensuring that the entity
transmits health information and falls under one of the 3 types of CE (health plans,
clearinghouses, and providers).
(MASTER FLASHCARDS)AND 100%
CORRECT ANSWERS REVIEWED
AND VERIFIED BY EXPERT 2025 NEW
UPDATE.
What is the purpose of HIPAA?
ANS:
Protect PHI from unauthorized use or disclosure.
Prevent fraud, waste, and abuse via Administrative Simplification.
Make health insurance portable under ERISA.
Transition healthcare to standardized electronic billing systems.
What sections of the CFR does HIPAA reside in?
ANS:
45 CFR sections 164.102 through 164.534
What are the subparts of HIPAA Part 164?
ANS:
Subpart A: General Rules
Subpart C: Security
Subpart D: Breach Notification
Subpart E: Privacy
How do you determine if an organization is a "Covered Entity"?
ANS:
1. Compare if the organization meets one of the 3 types of CE (provider, health plan,
clearinghouse).
, 2. Determine if the organization electronically transmits one of the 9 defined transactions,
such as:
o Health claims or equivalent encounter information
o Health claims attachments
o Enrollment and disenrollment in a health plan
o Eligibility for a health plan
o Health care payment and remittance advice
o Health plan premium payments
o First report of injury
o Health claim status
o Referral certification and authorization
Which Act was created in 1974 to restrict how the government shares information in
Federal records that might infringe on an individual’s privacy rights?
ANS:
The Privacy Act of 1974
Which of the following is not considered a HIPAA Entity Designation?
ANS:
Contract arrangement with FEDEX carrier
Options:
1. Affiliated Covered Entity
2. Entity that performs healthcare and non-healthcare component activities including both
covered and non-covered functions
3. A group health plan
4. Contract arrangement with FEDEX carrier
What is the Gramm-Leach-Bliley Act (GLBA)?
ANS:
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services
Modernization Act of 1999, includes the Financial Privacy Rule and the Safeguards Rule,
which require financial institutions to protect customers' personal financial information.
,What is an OHCA (Organized Healthcare Arrangement)?
ANS:
OHCA refers to a clinically integrated care setting where individuals receive healthcare
from more than one provider, with joint arrangements for easy exchange of PHI data.
OHCAs can also utilize a joint NPP (Notice of Privacy Practices).
What is an ACE (Affiliated Covered Entity)?
ANS:
ACEs are legally separate covered entities that share common control or ownership and
designate themselves as a single CE for HIPAA Privacy standards compliance.
ACEs do not have an Integrated Delivery System like OHCAs, and they may share a
single NPP.
What is a Hybrid Entity?
ANS:
A Hybrid Entity is an entity that conducts both healthcare and non-healthcare functions.
Only its healthcare component is subject to HIPAA provisions.
Example: A University System with both healthcare and non-healthcare components,
such as a research laboratory.
What is a healthcare transaction under HIPAA?
ANS:
The transmission of information between two parties to carry out financial or
administrative activities related to healthcare.
Examples of healthcare transactions include:
o Healthcare claims
o Coordination of benefits
o Health plan premium payments
What are examples of Business Associates (BA)?
ANS:
, A BA performs functions or activities on behalf of a covered entity that involve access to
PHI.
Examples:
o Claims processing
o Data analysis
o Billing
o Benefit management
o Quality assurance
True or False: A hospital is not required to have a business associate contract with the
specialist to whom it refers a patient and transmits the patient's medical chart for
treatment purposes.
ANS:
TRUE (Use and disclosure of PHI for treatment, payment, and operations purposes
require no specific authorization.)
True or False: Under HIPAA and HITECH, individuals or entities who have been
identified as business associates are obligated to enter into a business associate agreement
with their contracted covered entities.
ANS:
TRUE
Except for TPO, list two examples where a CE requires authorization to use/disclose PHI.
ANS:
1. Sales and marketing
2. Psychotherapy notes
How do you determine if an entity is subject to HIPAA?
ANS:
By understanding the applicability (healthcare component), and ensuring that the entity
transmits health information and falls under one of the 3 types of CE (health plans,
clearinghouses, and providers).
