2025 CHPC Exam Study Guide New Latest Version with All
Questions from Actual Past Exam and 100% Correct
Answers
Which of the following uses of patient health information do not require the patient's
authorization?
a. Treatment, payment, health care administration
b. Marketing
c. Genetic testing and research studies
d. Release of psychotherapy notes ---------- Correct Answer --------- a. Treatment, payment,
health care administration
The HIPAA security regulations apply only to protected health information in electronic form.
What about the HIPAA privacy regulations?
a. These also apply only to information in electronic form
b. Privacy regulations apply to information being faxed
c. Privacy regulations do not apply to Medicare patients
d. Privacy regulations apply to both paper and electronic formatted information ---------- Correct
Answer --------- d. Privacy regulations apply to both paper and electronic formatted information
A new privacy officer is reviewing an
organization's current policy on patient
requests for amendments. Which of
the following is the MOST critical to the
evaluation process?
A. effective and revision dates of
the policy
B. accurate description of the
regulatory requirements
C. nature of complaints related to
the policy
D. description of the form letters used
to respond to requests ---------- Correct Answer --------- B. accurate description of the
regulatory requirements
Which of the following are considered protected health information under HIPAA? Select all
that apply.
a. Phone number
b. Medical record number
c. License plate number
d. Email address ---------- Correct Answer --------- a. Phone number b. Medical record number c.
License plate number d. Email address
HIPAA rules do not require providers to grant patient access to which of the following types of
,information?
a. Accounting disclosures
b. Office visit documentation
c. Psychotherapy notes
d. Medication list ---------- Correct Answer --------- c. Psychotherapy notes
The "Notice of Privacy Practices" explains the ways the practice will use patient information and
describes patients' rights regarding their information. a. True b. False ---------- Correct Answer --
------- a. True
There are three things that a practice must do regarding communicating with the patient about
privacy practices and procedures, except for one of the following:
a. Give every patient a notice describing the physician office privacy practices b. Make a "good
faith" effort to obtain the patient's written acknowledgment of receiving the notice
c. Obtain the patient's authorization for disclosures or uses not covered by the "Notice of Privacy
Practices"
d. Give every patient a copy of his or her medical record ---------- Correct Answer --------- d.
Give every patient a copy of his or her medical record
Sign-in sheets include protected health information. However, they may be used without
violating privacy rules for this reason:
a. Patient name is not protected health information
b. The sign-in sheet is used for health care operations and is considered an incidental disclosure
c. The patient name is usually not legible
d. Not all persons signing the sheet are patients ---------- Correct Answer --------- b. The sign-in
sheet is used for health care operations and is considered an incidental disclosure
A physician office employee sees her neighbor at the office. It is acceptable for the employee to
mention to another friend that she saw the patient at the doctor's office, as long as the employee
did not mention why the patient was there. a. True b. False ---------- Correct Answer --------- b.
False
The rights of individual patients under HIPAA rules cover their access to their information and
its disclosure to others. Which of the following is not a patient right under HIPAA rules?
a. To inspect and copy his or her health information
b. To request changes to his or her records
c. To obtain an accounting of disclosures of his or her information
d. To inspect the protected health information of his or her spouse ---------- Correct Answer ------
--- d. To inspect the protected health information of his or her spouse
When must the patient authorize the use or disclosure of health information?
a. At every visit
b. Only when the information will be provided to law enforcement
c. Only when used for purposes other than treatment, day-to-day operations, or to comply with a
request to which the practice is legally obligated to respond
d. Only in emergency situations ---------- Correct Answer --------- c. Only when used for
,purposes other than treatment, day-to-day operations, or to comply with a request to which the
practice is legally obligated to respond
HIPAA rules and regulations cover what kind of information?
a. All personal health information in any format, for any person
b. Protected health information held or transmitted by a covered entity or its business associate,
in any form or media, whether electronic, paper, or oral
c. Diagnoses and procedure information
d. All health information for persons who have insurance ---------- Correct Answer --------- b.
Protected health information held or transmitted by a covered entity or its business associate, in
any form or media, whether electronic, paper, or oral
Under what circumstances are employees allowed to repeat to others PHI that is heard or seen on
the job?
a. Only when authorized for their job duties
b. Once they have been terminated
c. After a patient dies
d. If they do not think the patient would mind ---------- Correct Answer --------- a. Only when
authorized for their job duties
What should an employee do when he or she suspects another employee is in violation of the
privacy or security policies?
a. Gather solid evidence against the person
b. Confront the individual and tell the person that he or she is violating the rules
c. Nothing
d. Report suspicions to the office manager, privacy/security officer, or other designated person --
-------- Correct Answer --------- d. Report suspicions to the office manager, privacy/security
officer, or other designated person
Which of the following phrases should employees keep in mind when deciding if they should
access a patient's information?
a. Since the employee works there he or she can access every patient's information
b. Just a quick peek at a file will not hurt anything
c. Only use what is needed to perform his or her job duties
d. Thinking it is okay to look at a patient's information as long as it is not shared with anyone
else ---------- Correct Answer --------- c. Only use what is needed to perform his or her job duties
A staff member needs to leave a HIPAA compliant message on a voicemail or with someone
else. Which of the following is not an acceptable practice when contacting patients via phone?
a. Following the minimum necessary standard when leaving a message with whoever answers
the phone
b. Leaving detailed PHI on a voicemail without having the patient's permission
c. Leaving the minimum amount of information needed: name, number, and practice or physician
name
d. Leaving a detailed message, if the patient has given permission to do so ---------- Correct
Answer --------- b. Leaving detailed PHI on a voicemail without having the patient's permission
, One of the administrative safeguard standards under the Security Rule deals with information
access management. One of the basic rules of access management is:
a. Information users should be authorized to access only the information they need to do their
jobs
b. Information users should never be allowed to discuss protected health information
c. Patients are routinely questioned about their need to access medical records
d. Only clinical personnel should have access to medical records ---------- Correct Answer --------
- a. Information users should be authorized to access only the information they need to do their
jobs
Workstation security is among the physical safeguard standards. Which item below is not an
appropriate practice?
a. Workstations placed in a physically secure location
b. Visitors should not be able to view information on computer screens
c. Administrator workstations that can enable or disable security features located in secure areas
d. Computer stations located in a patient waiting room ---------- Correct Answer --------- d.
Computer stations located in a patient waiting room
Before faxing PHI or confidential information, which of the following should an employee do?
Select all that apply.
a. Use a fax cover sheet with approved confidentiality statement
b. Confirm the fax number before sending
c. Send the minimum information necessary
d. Use any cover sheet as long as it contains the organization's name and contact information ----
------ Correct Answer --------- a. Use a fax cover sheet with approved confidentiality statement
b. Confirm the fax number before sending
c. Send the minimum information necessary
As part of due diligence on Business
Associates, a privacy officer would be
MOST concerned with confirming that
they conduct:
A. criminal background checks.
B. credit history checks.
C. provider credentialing checks.
D. health screening checks. ---------- Correct Answer --------- A. criminal background checks.
Data breach response training is
required by which of the following
regulations?
A. HITECH
B. GLBA
C. FMLA
D. Privacy Act ---------- Correct Answer --------- A. HITECH
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller johnwachi22. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $27.99. You're not tied to anything after your purchase.
