HCCA – CHPC EXAM ACTUAL EXAM AND STUDY
GUIDE LATEST COMPLETE QUESTIONS AND
CORRECT DETAILED ANSWERS JUST RELEASED
What is the purpose of HIPAA? - ✔✔• Protect PHI from unauthorized disclosure/use;
• Prevent fraud, waste and abuse (via Administrative Simplification);
• Make health insurance portable under ERISA;
• Move health care onto a nationally standardized electronic billing platform
Ref. https://quizlet.com/6202453/hcca-chpc-overview-
flash-cards/ More on HIPAA:
https://www.hhs.gov/hipaa/index.html
HIPAA resides in which CFR section? - ✔✔45 CFR sections 164.102 through 164.534
https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
What are the subparts of HIPAA part 164? - ✔✔HIPAA - 45 CFR 164,
subparts: Subpart A - General rules
Subpart C - Security
Subpart D - Breach
notification Subpart E -
Privacy
https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
How do you determine if an organization is a "Covered Entity"? - ✔✔1. compare if the
organization meets one of the 3 types of CE (provider, health plan, clearinghouse)
and
2. determine if the organization electronically transmits one of the 9 defined transactions:
• Health claims or equivalent encounter information
,• Health claims attachments
• Enrollment and disenrollment in a health plan
• Eligibility for a health plan
• Health care payment and remittance advice
• Health plan premium payments
• First report of injury
• Health claim status
• Referral certification and authorization
In addition, business associates of covered entities must follow parts of the HIPAA
regulations. https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-
consumers/index.html
This Act established in 1974 was created for government agencies placing restrictions on how
the government can share the information maintained in Federal systems of records that
might infringe on an individual's privacy rights with other individuals and agencies. - ✔✔The
Privacy Act of 1974
Which of the following is not considered a HIPAA Entity Designation:
1. Affiliated covered entity
2. Entity that performs healthcare and non-healthcare component activities including both
covered and non-covered functions
3. A group health plan
4. Contract arrangement with FEDEX carrier - ✔✔4. Contract arrangement with FEDEX carrier
What is Gramm-Leach-Bliley Act (GLBA)? - ✔✔Gramm-Leach-Bliley Act (GLBA), also known as
the Financial Services Modernization Act of 1999, includes The Financial Privacy Rule and The
Safeguards Rule requires all financial institutions to protect customer's personal financial
information.
What is an OHCA? - ✔✔OHCA (Organized Health Care Arrangement) it's a clinically integrated
care setting where individuals receive health care from more than one provider.
These are joint arrangements/activities and have an Integrated Delivery System for easy
exchange of PHI data. See 45 CFR 160.103. OHCAs can also utilize a joint NPP. See 45 CFR §
164.520(d).
,ACE (Affiliated Covered Entity) do not have an Integrated Delivery System because these are
legally separate covered entities that are associated in business, or affiliated as a result of
some common control or ownership.
Both the OHCA and the ACE would allow sharing of PHI across participating entity lines for
treatment, payment, operations purposes (TPO).
What's an ACE? - ✔✔ACE (Affiliated Covered Entity)
Legally separate covered entities that share common control/ownership and designate
themselves as a single CE for the purpose of complying with the HIPAA Privacy standards.
ACEs do not have an Integrated Delivery System, while OHCA do, and can share a single NPP.
See 45 CFR
§ 164.520(d)
ACE example: a health system composed on several affiliated hospitals.
Both the OHCA and the ACE would allow sharing of PHI across participating entity lines for
treatment, payment, operations purposes (TPO).
What's a Hybrid Entity? - ✔✔Entity that conducts both covered functions (or healthcare-
functions) and non-covered functions (other biz/non-healthcare functions) to elect to be a
"hybrid entity."
For instance, a University System that has a research laboratory or academic medical
center. The post-secondary functions (non-healthcare components) do NOT need to
comply with HIPAA.
The research lab/med center functions (healthcare component) needs to comply with HIPAA
provisions to protect the use/disclosure of PHI involved.
https://www.hhs.gov/hipaa/for-professionals/faq/315/when-does-a-covered-entity-have-
discretion-to- determine-covered-
functions/index.html#:~:text=For%20example%2C%20a%20hybrid%20entity,hybrid%20entity's%20
healt h%20care%20component.
, https://privacyruleandresearch.nih.gov/pr_06.asp
The transmission of information between two parties to carry out financial or administrative
activities related to health care is called: - ✔✔Transaction (healthcare transaction).
Few examples of healthcare transactions:
healthcare claims;
coordination of benefits;
health plan premium payments;
remittance advice (or ETF, electronic fund transfer);
referral certification and authorization
What are examples of a BA? - ✔✔BA (Business Associate) - performs functions or activities on
behalf of a covered entity that involve access by the business associate to protected health
information.
Examples:
claims
processing data
analysis billing
benefit
management
quality assurance
quality
improvement
practice
management legal
actuarial
accounting
accreditation
other administrative services
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html
GUIDE LATEST COMPLETE QUESTIONS AND
CORRECT DETAILED ANSWERS JUST RELEASED
What is the purpose of HIPAA? - ✔✔• Protect PHI from unauthorized disclosure/use;
• Prevent fraud, waste and abuse (via Administrative Simplification);
• Make health insurance portable under ERISA;
• Move health care onto a nationally standardized electronic billing platform
Ref. https://quizlet.com/6202453/hcca-chpc-overview-
flash-cards/ More on HIPAA:
https://www.hhs.gov/hipaa/index.html
HIPAA resides in which CFR section? - ✔✔45 CFR sections 164.102 through 164.534
https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
What are the subparts of HIPAA part 164? - ✔✔HIPAA - 45 CFR 164,
subparts: Subpart A - General rules
Subpart C - Security
Subpart D - Breach
notification Subpart E -
Privacy
https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164
How do you determine if an organization is a "Covered Entity"? - ✔✔1. compare if the
organization meets one of the 3 types of CE (provider, health plan, clearinghouse)
and
2. determine if the organization electronically transmits one of the 9 defined transactions:
• Health claims or equivalent encounter information
,• Health claims attachments
• Enrollment and disenrollment in a health plan
• Eligibility for a health plan
• Health care payment and remittance advice
• Health plan premium payments
• First report of injury
• Health claim status
• Referral certification and authorization
In addition, business associates of covered entities must follow parts of the HIPAA
regulations. https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-
consumers/index.html
This Act established in 1974 was created for government agencies placing restrictions on how
the government can share the information maintained in Federal systems of records that
might infringe on an individual's privacy rights with other individuals and agencies. - ✔✔The
Privacy Act of 1974
Which of the following is not considered a HIPAA Entity Designation:
1. Affiliated covered entity
2. Entity that performs healthcare and non-healthcare component activities including both
covered and non-covered functions
3. A group health plan
4. Contract arrangement with FEDEX carrier - ✔✔4. Contract arrangement with FEDEX carrier
What is Gramm-Leach-Bliley Act (GLBA)? - ✔✔Gramm-Leach-Bliley Act (GLBA), also known as
the Financial Services Modernization Act of 1999, includes The Financial Privacy Rule and The
Safeguards Rule requires all financial institutions to protect customer's personal financial
information.
What is an OHCA? - ✔✔OHCA (Organized Health Care Arrangement) it's a clinically integrated
care setting where individuals receive health care from more than one provider.
These are joint arrangements/activities and have an Integrated Delivery System for easy
exchange of PHI data. See 45 CFR 160.103. OHCAs can also utilize a joint NPP. See 45 CFR §
164.520(d).
,ACE (Affiliated Covered Entity) do not have an Integrated Delivery System because these are
legally separate covered entities that are associated in business, or affiliated as a result of
some common control or ownership.
Both the OHCA and the ACE would allow sharing of PHI across participating entity lines for
treatment, payment, operations purposes (TPO).
What's an ACE? - ✔✔ACE (Affiliated Covered Entity)
Legally separate covered entities that share common control/ownership and designate
themselves as a single CE for the purpose of complying with the HIPAA Privacy standards.
ACEs do not have an Integrated Delivery System, while OHCA do, and can share a single NPP.
See 45 CFR
§ 164.520(d)
ACE example: a health system composed on several affiliated hospitals.
Both the OHCA and the ACE would allow sharing of PHI across participating entity lines for
treatment, payment, operations purposes (TPO).
What's a Hybrid Entity? - ✔✔Entity that conducts both covered functions (or healthcare-
functions) and non-covered functions (other biz/non-healthcare functions) to elect to be a
"hybrid entity."
For instance, a University System that has a research laboratory or academic medical
center. The post-secondary functions (non-healthcare components) do NOT need to
comply with HIPAA.
The research lab/med center functions (healthcare component) needs to comply with HIPAA
provisions to protect the use/disclosure of PHI involved.
https://www.hhs.gov/hipaa/for-professionals/faq/315/when-does-a-covered-entity-have-
discretion-to- determine-covered-
functions/index.html#:~:text=For%20example%2C%20a%20hybrid%20entity,hybrid%20entity's%20
healt h%20care%20component.
, https://privacyruleandresearch.nih.gov/pr_06.asp
The transmission of information between two parties to carry out financial or administrative
activities related to health care is called: - ✔✔Transaction (healthcare transaction).
Few examples of healthcare transactions:
healthcare claims;
coordination of benefits;
health plan premium payments;
remittance advice (or ETF, electronic fund transfer);
referral certification and authorization
What are examples of a BA? - ✔✔BA (Business Associate) - performs functions or activities on
behalf of a covered entity that involve access by the business associate to protected health
information.
Examples:
claims
processing data
analysis billing
benefit
management
quality assurance
quality
improvement
practice
management legal
actuarial
accounting
accreditation
other administrative services
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html
