CHPC EXAM STUDY SET 1 TEST WITH
QUESTIONS AND 100% CORRECT
ANSWERS A+ GUARANTEED!!!
Question: A new privacy officer is reviewing an organization's current policy on patient requests
for amendments. Which of the following is the MOST critical to the evaluation process?
A. effective and revision dates of the policy
B. accurate description of the regulatory requirements
C. nature of complaints related to the policy
D. description of the form letters used to respond to requests
Answer: B. accurate description of the regulatory requirements
Question: As part of due diligence on Business Associates, a privacy officer would be MOST
concerned with confirming that they conduct:
A. criminal background checks.
B. credit history checks.
C. provider credentialing checks.
D. health screening checks.
Answer: A. criminal background checks.
Question: Data breach response training is required by which of the following regulations?
A. HITECH
B. GLBA
C. FMLA
D. Privacy Act
Answer: A. HITECH
Question: A business associate has contacted an organization's privacy officer to alert him that
some of the patient information that they hold in relation to the BAA may have been breached.
An employee took a laptop that contained patient information from several vendors and
misplaced it at an airport. They are not 100% sure that information from the organization was on
the laptop. Which of the following is the MOST appropriate response by the privacy officer?
A. Rely on the business associate to conduct any needed notifications.
B. Notify each individual whose PHI has been possibly disclosed.
C. Determine if the breach involved more than 500 individuals.
, D. Assure that all notifications occur no later than 90 days after discovery.
Answer: C. Determine if the breach involved more than 500 individuals.
Question: During an internal investigation, it is discovered that the Institutional Review Board
(IRB) has not been reviewing the informed consents or authorizations completed by research
subjects. Which of the following should a privacy officer do FIRST?
A. Report the issue to OHRP.
B. Report the issue to the OCR.
C. Contact legal counsel.
D. Contact the provost.
Answer: C. Contact legal counsel.
Question: Which of the following uses of patient health information do not require the patient's
authorization?
a. Treatment, payment, health care administration
b. Marketing
c. Genetic testing and research studies
d. Release of psychotherapy notes
Answer: a. Treatment, payment, health care administration
Question: Which of the following are considered protected health information under HIPAA?
Select all that apply.
a. Phone number
b. Medical record number
c. License plate number
d. Email address
Answer: a. Phone number
b. Medical record number
c. License plate number
d. Email address
Question: HIPAA rules do not require providers to grant patient access to which of the
following types of information?
a. Accounting disclosures
b. Office visit documentation
c. Psychotherapy notes
d. Medication list
Answer: c. Psychotherapy notes
QUESTIONS AND 100% CORRECT
ANSWERS A+ GUARANTEED!!!
Question: A new privacy officer is reviewing an organization's current policy on patient requests
for amendments. Which of the following is the MOST critical to the evaluation process?
A. effective and revision dates of the policy
B. accurate description of the regulatory requirements
C. nature of complaints related to the policy
D. description of the form letters used to respond to requests
Answer: B. accurate description of the regulatory requirements
Question: As part of due diligence on Business Associates, a privacy officer would be MOST
concerned with confirming that they conduct:
A. criminal background checks.
B. credit history checks.
C. provider credentialing checks.
D. health screening checks.
Answer: A. criminal background checks.
Question: Data breach response training is required by which of the following regulations?
A. HITECH
B. GLBA
C. FMLA
D. Privacy Act
Answer: A. HITECH
Question: A business associate has contacted an organization's privacy officer to alert him that
some of the patient information that they hold in relation to the BAA may have been breached.
An employee took a laptop that contained patient information from several vendors and
misplaced it at an airport. They are not 100% sure that information from the organization was on
the laptop. Which of the following is the MOST appropriate response by the privacy officer?
A. Rely on the business associate to conduct any needed notifications.
B. Notify each individual whose PHI has been possibly disclosed.
C. Determine if the breach involved more than 500 individuals.
, D. Assure that all notifications occur no later than 90 days after discovery.
Answer: C. Determine if the breach involved more than 500 individuals.
Question: During an internal investigation, it is discovered that the Institutional Review Board
(IRB) has not been reviewing the informed consents or authorizations completed by research
subjects. Which of the following should a privacy officer do FIRST?
A. Report the issue to OHRP.
B. Report the issue to the OCR.
C. Contact legal counsel.
D. Contact the provost.
Answer: C. Contact legal counsel.
Question: Which of the following uses of patient health information do not require the patient's
authorization?
a. Treatment, payment, health care administration
b. Marketing
c. Genetic testing and research studies
d. Release of psychotherapy notes
Answer: a. Treatment, payment, health care administration
Question: Which of the following are considered protected health information under HIPAA?
Select all that apply.
a. Phone number
b. Medical record number
c. License plate number
d. Email address
Answer: a. Phone number
b. Medical record number
c. License plate number
d. Email address
Question: HIPAA rules do not require providers to grant patient access to which of the
following types of information?
a. Accounting disclosures
b. Office visit documentation
c. Psychotherapy notes
d. Medication list
Answer: c. Psychotherapy notes
