HCCA CHPC STUDY GUIDE EXAM SCRIPT
2026 FULL SOLUTIONS AND ANSWERS
ALREADY PASSED
⩥ HIPAA CFR section. Answer: 45 CFR sections 164.102 through
164.534.
⩥ Subparts of HIPAA part 164. Answer: Subpart A - General rules;
Subpart C - Security; Subpart D - Breach notification; Subpart E -
Privacy.
⩥ Covered Entity Determination. Answer: 1. Compare if the
organization meets one of the 3 types of CE (provider, health plan,
clearinghouse) and 2. Determine if the organization electronically
transmits one of the 9 defined transactions.
⩥ Defined Transactions. Answer: Health claims or equivalent encounter
information; Health claims attachments; Enrollment and disenrollment
in a health plan; Eligibility for a health plan; Health care payment and
remittance advice; Health plan premium payments; First report of injury;
Health claim status; Referral certification and authorization.
⩥ Business Associates. Answer: Business associates of covered entities
must follow parts of the HIPAA regulations.
,⩥ Privacy Act of 1974. Answer: Established restrictions on how
government agencies can share information maintained in Federal
systems of records that might infringe on an individual's privacy rights.
⩥ HIPAA Entity Designation. Answer: Not considered a HIPAA Entity
Designation: Contract arrangement with FEDEX carrier.
⩥ Gramm-Leach-Bliley Act (GLBA). Answer: Also known as the
Financial Services Modernization Act of 1999, includes The Financial
Privacy Rule and The Safeguards Rule requiring all financial institutions
to protect customer's personal financial information.
⩥ OHCA. Answer: Organized Health Care Arrangement, a clinically
integrated care setting where individuals receive health care from more
than one provider.
⩥ ACE. Answer: Affiliated Covered Entity, legally separate covered
entities that share common control/ownership and designate themselves
as a single CE for the purpose of complying with the HIPAA Privacy
standards.
⩥ ACE Example. Answer: A health system composed of several
affiliated hospitals.
,⩥ Hybrid Entity. Answer: Entity that conducts both covered functions
(healthcare functions) and non-covered functions (other biz/non-
healthcare functions) to elect to be a 'hybrid entity.'
⩥ Hybrid Entity Example. Answer: A University System that has a
research laboratory or academic medical center.
⩥ HIPAA. Answer: Health Insurance Portability and Accountability Act,
which provides standards for the access, disclosure, transmission, and
retention of PHI.
⩥ PHI. Answer: Protected Health Information, which is any information
that can be used to identify an individual and relates to their health
status, provision of health care, or payment for health care.
⩥ Transaction (healthcare transaction). Answer: The transmission of
information between two parties to carry out financial or administrative
activities related to health care.
⩥ Examples of healthcare transactions. Answer: Healthcare claims,
coordination of benefits, health plan premium payments, remittance
advice (or ETF, electronic fund transfer), referral certification and
authorization.
, ⩥ BA (Business Associate). Answer: Performs functions or activities on
behalf of a covered entity that involve access by the business associate
to protected health information.
⩥ Examples of Business Associate functions. Answer: Claims
processing, data analysis, billing, benefit management, quality
assurance, quality improvement, practice management, legal, actuarial,
accounting, accreditation, and other administrative services.
⩥ Business Associate contract requirement. Answer: A hospital is not
required to have a business associate contract with the specialist to
whom it refers a patient and transmits the patient's medical chart for
treatment purposes.
⩥ TPO. Answer: Treatment, Payment, and Operations; use and
disclosure of PHI for these purposes requires no specific authorization.
⩥ HITECH. Answer: Health Information Technology for Economic and
Clinical Health Act, which made business associates directly responsible
for HIPAA compliance.
⩥ Deemed status of business associates. Answer: Contracted vendors or
individuals performing services related to handling PHI are classified as
business associates by law, regardless of their awareness of this status.
2026 FULL SOLUTIONS AND ANSWERS
ALREADY PASSED
⩥ HIPAA CFR section. Answer: 45 CFR sections 164.102 through
164.534.
⩥ Subparts of HIPAA part 164. Answer: Subpart A - General rules;
Subpart C - Security; Subpart D - Breach notification; Subpart E -
Privacy.
⩥ Covered Entity Determination. Answer: 1. Compare if the
organization meets one of the 3 types of CE (provider, health plan,
clearinghouse) and 2. Determine if the organization electronically
transmits one of the 9 defined transactions.
⩥ Defined Transactions. Answer: Health claims or equivalent encounter
information; Health claims attachments; Enrollment and disenrollment
in a health plan; Eligibility for a health plan; Health care payment and
remittance advice; Health plan premium payments; First report of injury;
Health claim status; Referral certification and authorization.
⩥ Business Associates. Answer: Business associates of covered entities
must follow parts of the HIPAA regulations.
,⩥ Privacy Act of 1974. Answer: Established restrictions on how
government agencies can share information maintained in Federal
systems of records that might infringe on an individual's privacy rights.
⩥ HIPAA Entity Designation. Answer: Not considered a HIPAA Entity
Designation: Contract arrangement with FEDEX carrier.
⩥ Gramm-Leach-Bliley Act (GLBA). Answer: Also known as the
Financial Services Modernization Act of 1999, includes The Financial
Privacy Rule and The Safeguards Rule requiring all financial institutions
to protect customer's personal financial information.
⩥ OHCA. Answer: Organized Health Care Arrangement, a clinically
integrated care setting where individuals receive health care from more
than one provider.
⩥ ACE. Answer: Affiliated Covered Entity, legally separate covered
entities that share common control/ownership and designate themselves
as a single CE for the purpose of complying with the HIPAA Privacy
standards.
⩥ ACE Example. Answer: A health system composed of several
affiliated hospitals.
,⩥ Hybrid Entity. Answer: Entity that conducts both covered functions
(healthcare functions) and non-covered functions (other biz/non-
healthcare functions) to elect to be a 'hybrid entity.'
⩥ Hybrid Entity Example. Answer: A University System that has a
research laboratory or academic medical center.
⩥ HIPAA. Answer: Health Insurance Portability and Accountability Act,
which provides standards for the access, disclosure, transmission, and
retention of PHI.
⩥ PHI. Answer: Protected Health Information, which is any information
that can be used to identify an individual and relates to their health
status, provision of health care, or payment for health care.
⩥ Transaction (healthcare transaction). Answer: The transmission of
information between two parties to carry out financial or administrative
activities related to health care.
⩥ Examples of healthcare transactions. Answer: Healthcare claims,
coordination of benefits, health plan premium payments, remittance
advice (or ETF, electronic fund transfer), referral certification and
authorization.
, ⩥ BA (Business Associate). Answer: Performs functions or activities on
behalf of a covered entity that involve access by the business associate
to protected health information.
⩥ Examples of Business Associate functions. Answer: Claims
processing, data analysis, billing, benefit management, quality
assurance, quality improvement, practice management, legal, actuarial,
accounting, accreditation, and other administrative services.
⩥ Business Associate contract requirement. Answer: A hospital is not
required to have a business associate contract with the specialist to
whom it refers a patient and transmits the patient's medical chart for
treatment purposes.
⩥ TPO. Answer: Treatment, Payment, and Operations; use and
disclosure of PHI for these purposes requires no specific authorization.
⩥ HITECH. Answer: Health Information Technology for Economic and
Clinical Health Act, which made business associates directly responsible
for HIPAA compliance.
⩥ Deemed status of business associates. Answer: Contracted vendors or
individuals performing services related to handling PHI are classified as
business associates by law, regardless of their awareness of this status.
