CHPC EXAM QUESTIONS AND ANSWERS (VERIFIED AND WELL
CHPC Exam Study Set 1
DETAILED ANSWERS) LATEST UPDATE 2025/2026
Study online at https://quizlet.com/_hijmcx
1. A new privacy officer is reviewing an B. accurate description of
organization's current policy on patient the
requests for amendments. Which of regulatory requirements
the following is the MOST critical to the
evaluation process?
A. effective and revision dates of
the policy
B. accurate description of the
regulatory requirements
C. nature of complaints related to
the policy
D. description of the form letters used
to respond to requests
2. As part of due diligence on Business A. criminal background
Associates, a privacy officer would be checks.
MOST concerned with confirming that
they conduct:
A. criminal background checks.
B. credit history checks.
C. provider credentialing checks.
D. health screening checks.
3. Data breach response training is A. HITECH
required by which of the following
regulations?
A. HITECH
B. GLBA
C. FMLA
D. Privacy Act
4.
1/9
, CHPC Exam Study Set 1
Study online at https://quizlet.com/_hijmcx
A business associate has contacted C. Determine if the breach
an organization's privacy officer to involved
alert him that some of the patient more than 500 individuals.
information that they hold in relation
to the BAA may have been breached.
An employee took a laptop that
contained patient information from
several vendors and misplaced it at an
airport. They are not 100% sure that
information from the organization was
on the laptop. Which of the following is
the MOST appropriate response by the
privacy officer?
A. Rely on the business associate to
conduct any needed notifications.
B. Notify each individual whose PHI
has been possibly disclosed.
C. Determine if the breach involved
more than 500 individuals.
D. Assure that all notifications
occur no later than 90 days after
discovery.
5. During an internal investigation, it is C. Contact legal counsel.
discovered that the Institutional Review
Board (IRB) has not been reviewing the
informed consents or authorizations
completed by research subjects. Which
of the following should a privacy
officer do FIRST?
A. Report the issue to OHRP.
B. Report the issue to the OCR.
2/9
CHPC Exam Study Set 1
DETAILED ANSWERS) LATEST UPDATE 2025/2026
Study online at https://quizlet.com/_hijmcx
1. A new privacy officer is reviewing an B. accurate description of
organization's current policy on patient the
requests for amendments. Which of regulatory requirements
the following is the MOST critical to the
evaluation process?
A. effective and revision dates of
the policy
B. accurate description of the
regulatory requirements
C. nature of complaints related to
the policy
D. description of the form letters used
to respond to requests
2. As part of due diligence on Business A. criminal background
Associates, a privacy officer would be checks.
MOST concerned with confirming that
they conduct:
A. criminal background checks.
B. credit history checks.
C. provider credentialing checks.
D. health screening checks.
3. Data breach response training is A. HITECH
required by which of the following
regulations?
A. HITECH
B. GLBA
C. FMLA
D. Privacy Act
4.
1/9
, CHPC Exam Study Set 1
Study online at https://quizlet.com/_hijmcx
A business associate has contacted C. Determine if the breach
an organization's privacy officer to involved
alert him that some of the patient more than 500 individuals.
information that they hold in relation
to the BAA may have been breached.
An employee took a laptop that
contained patient information from
several vendors and misplaced it at an
airport. They are not 100% sure that
information from the organization was
on the laptop. Which of the following is
the MOST appropriate response by the
privacy officer?
A. Rely on the business associate to
conduct any needed notifications.
B. Notify each individual whose PHI
has been possibly disclosed.
C. Determine if the breach involved
more than 500 individuals.
D. Assure that all notifications
occur no later than 90 days after
discovery.
5. During an internal investigation, it is C. Contact legal counsel.
discovered that the Institutional Review
Board (IRB) has not been reviewing the
informed consents or authorizations
completed by research subjects. Which
of the following should a privacy
officer do FIRST?
A. Report the issue to OHRP.
B. Report the issue to the OCR.
2/9
