CERTIFIED IN HEALTHCARE PRIVACY AND
SECURITY (CHPS) EXAM BANK 2026 |
ACCURATE REAL EXAM QUESTIONS WITH
VERIFIED ANSWERS| ALL YOU NEED FOR A
GUARANTEED PASS | LATEST UPDATE
TABLE OF CONTENT
CHPS Exam Prep (v1) ………………………………………………..………………………….… 2
CHPS Exam Prep (v2) ……………………………………………………………..……………… 26
CHPS- - AHIMA- Utilizing the Introduction to Health Information Privacy &
Security Text by AHIMA ………………………………………………………………………… 69
Pg. 1
,Certified in Healthcare Privacy and Security (CHPS) Exam Preparation
Which document is used to establish the permitted use and disclosure,
established who is permitted to use or receive the data set, and ensure the
recipient will not use the information outside the intent and use appropriate
safeguards to protect the data set? - CORRECT ANSWER ✔✔- Data use agreement
A request for an electronic copy of protected health information was received at
an organization. The organization has to provide a copy of protected health
information from the designated record set from what system(s)? - CORRECT
ANSWER ✔✔- All electronic systems.
A healthcare organization must comply with a restriction when a patient receives
a service, pays out of pocket, and requests that information is not sent to his/her -
CORRECT ANSWER ✔✔- health insurance company
If a covered entity denies a request for an amendment of protected health
information, what is one of the reasons that a covered entity may deny the
request? - CORRECT ANSWER ✔✔- The information is not part of the
organization's designated record set.
Which of the following would be considered an exception under the marketing
and would not need an authorization for disclosure for marketing? - CORRECT
ANSWER ✔✔- Providing refill reminders to a patient on a specific drug.
If a covered entity denies a request for an amendment of protected health
information, the request for the amendment and denial letter must be - CORRECT
Pg. 2
,ANSWER ✔✔- linked to specific protected health information subject to request
and appropriately disclosed.
Documentation of an alarm system being used, locking of the organization's
doors, and video surveillance cameras used within the organization can be found
within the facility - CORRECT ANSWER ✔✔- security plan
Some of the requirements of which document include describing the permitted
and required uses and disclosures of PHI, prohibiting an organization from further
using or disclosing information, requiring appropriate safeguards be
implemented, requiring assurances from subcontractors for protections of PHI,
conducting a risk analysis, and having risk management program? - CORRECT
ANSWER ✔✔- Business associate agreement
Business associates must comply with the following requirements under HIPAA: -
CORRECT ANSWER ✔✔- All of the HIPAA Security Rule and parts of the HIPAA
Privacy Rule
The right to access, copy, request restrictions, and complain is all described in
what document? - CORRECT ANSWER ✔✔- Notice of Privacy Practices (NOPP)
The minimum necessary requirements apply to which of the following scenarios?
- CORRECT ANSWER ✔✔- Disclosures for business associates activities
When requesting an amendment of protected health information, the
amendment request can only pertain to health information defined in the -
CORRECT ANSWER ✔✔- Designated record set
Pg. 3
, Which of the following information would not be provided to a patient when
requesting a copy of his/her medical record - CORRECT ANSWER ✔✔-
Psychotherapy notes
Federal subpoenas are examples of which type of document that mandates the
release of health records for judicial proceeding? - CORRECT ANSWER ✔✔- Court
order
During a regular assessment of the computer systems, an organization
determined that on of the workforce's computers downloaded a file with a virus
on it. The organization should follow what documentation to resolve the matter?
- CORRECT ANSWER ✔✔- Security incident procedure
During a recent evaluation of the organization's computers and laptops, it was
uncovered that two providers have patient information stored on the hard drives
of the laptops and that the laptops travel with them between clinics and personal
residences. What is the best method of protection to prevent unauthorized access
or disclosure? - CORRECT ANSWER ✔✔- Implement full-disk encryption to the
laptops
The use of role-based access is an example of - CORRECT ANSWER ✔✔- access
control.
When a healthcare organization purchases cybersecurity insurance due to the
increased risk of cybersecurity attacks, this is an example of what type of risk
management? - CORRECT ANSWER ✔✔- Risk transfer
Pg. 4
SECURITY (CHPS) EXAM BANK 2026 |
ACCURATE REAL EXAM QUESTIONS WITH
VERIFIED ANSWERS| ALL YOU NEED FOR A
GUARANTEED PASS | LATEST UPDATE
TABLE OF CONTENT
CHPS Exam Prep (v1) ………………………………………………..………………………….… 2
CHPS Exam Prep (v2) ……………………………………………………………..……………… 26
CHPS- - AHIMA- Utilizing the Introduction to Health Information Privacy &
Security Text by AHIMA ………………………………………………………………………… 69
Pg. 1
,Certified in Healthcare Privacy and Security (CHPS) Exam Preparation
Which document is used to establish the permitted use and disclosure,
established who is permitted to use or receive the data set, and ensure the
recipient will not use the information outside the intent and use appropriate
safeguards to protect the data set? - CORRECT ANSWER ✔✔- Data use agreement
A request for an electronic copy of protected health information was received at
an organization. The organization has to provide a copy of protected health
information from the designated record set from what system(s)? - CORRECT
ANSWER ✔✔- All electronic systems.
A healthcare organization must comply with a restriction when a patient receives
a service, pays out of pocket, and requests that information is not sent to his/her -
CORRECT ANSWER ✔✔- health insurance company
If a covered entity denies a request for an amendment of protected health
information, what is one of the reasons that a covered entity may deny the
request? - CORRECT ANSWER ✔✔- The information is not part of the
organization's designated record set.
Which of the following would be considered an exception under the marketing
and would not need an authorization for disclosure for marketing? - CORRECT
ANSWER ✔✔- Providing refill reminders to a patient on a specific drug.
If a covered entity denies a request for an amendment of protected health
information, the request for the amendment and denial letter must be - CORRECT
Pg. 2
,ANSWER ✔✔- linked to specific protected health information subject to request
and appropriately disclosed.
Documentation of an alarm system being used, locking of the organization's
doors, and video surveillance cameras used within the organization can be found
within the facility - CORRECT ANSWER ✔✔- security plan
Some of the requirements of which document include describing the permitted
and required uses and disclosures of PHI, prohibiting an organization from further
using or disclosing information, requiring appropriate safeguards be
implemented, requiring assurances from subcontractors for protections of PHI,
conducting a risk analysis, and having risk management program? - CORRECT
ANSWER ✔✔- Business associate agreement
Business associates must comply with the following requirements under HIPAA: -
CORRECT ANSWER ✔✔- All of the HIPAA Security Rule and parts of the HIPAA
Privacy Rule
The right to access, copy, request restrictions, and complain is all described in
what document? - CORRECT ANSWER ✔✔- Notice of Privacy Practices (NOPP)
The minimum necessary requirements apply to which of the following scenarios?
- CORRECT ANSWER ✔✔- Disclosures for business associates activities
When requesting an amendment of protected health information, the
amendment request can only pertain to health information defined in the -
CORRECT ANSWER ✔✔- Designated record set
Pg. 3
, Which of the following information would not be provided to a patient when
requesting a copy of his/her medical record - CORRECT ANSWER ✔✔-
Psychotherapy notes
Federal subpoenas are examples of which type of document that mandates the
release of health records for judicial proceeding? - CORRECT ANSWER ✔✔- Court
order
During a regular assessment of the computer systems, an organization
determined that on of the workforce's computers downloaded a file with a virus
on it. The organization should follow what documentation to resolve the matter?
- CORRECT ANSWER ✔✔- Security incident procedure
During a recent evaluation of the organization's computers and laptops, it was
uncovered that two providers have patient information stored on the hard drives
of the laptops and that the laptops travel with them between clinics and personal
residences. What is the best method of protection to prevent unauthorized access
or disclosure? - CORRECT ANSWER ✔✔- Implement full-disk encryption to the
laptops
The use of role-based access is an example of - CORRECT ANSWER ✔✔- access
control.
When a healthcare organization purchases cybersecurity insurance due to the
increased risk of cybersecurity attacks, this is an example of what type of risk
management? - CORRECT ANSWER ✔✔- Risk transfer
Pg. 4
