CHPS Exam Prep
Organized Healthcare Arrangement (OHCA) - ANSIs described by the Privacy Rule as an
arrangement between two or more legally separated CEs to participate in join activities to share
PHI about shared patients with the purpose of managing and benefiting the joint operations. To
qualify for an OHCA, the entities must be legally separate CEs that are either clinically or
operationally integrated and share PHI for the purposes joint management and operations
based on the arrangement. It would be appropriate for an independent physician would enter
into an OHCA to share PHI to support clinical operations without having to receive an
authorization to share information.
Type of PHI Share for Fundraising - ANSInformation that can be share for fundraising: 1)
demographic information (name, address, other contact information, age, gender, and DOB, 2)
dates of healthcare provided to the individual, 3) department of services, 4) treating physician,
5) outcome information, and 6) health insurance status. 45 CFR 164.514(f)(1)
Research Waiver - ANSIn order for research to be conducted, it must meet a minimum set of
waiver criteria elements. Elements that must be met to meet wavier criteria are: 1) the use or
disclosure for the research involved minimum risk to the patient; 2) the research could not be
conducted without proper access to the waiver being approved; and 3) the research could not
be conducted without proper access to the use of the PHI. 45 CFR 164.512 (i)(2)
Limited Data Set - ANSA limited data set is PHI that removes 16 specific identifiers. Limited data
sets are used for the purpose of research, public health, or healthcare operations. In addition to
the 16 specific identifiers, to use a limited data set, a CE also needs to get a data usage
agreement signed by the receiving induvial(s) that establishes an agreement between the CE
and the recipient defining the permitted uses and disclosures and by whom. 45 CFR 164.514(e)
Risk Avoidance - ANSthe process of terminating a process or activity due to the increased risk
to the organization and inappropriate controls in place to reduce the risk.
Two-factor Authentication - ANSUses two different methods of authentication to get access to a
system. Methods of authentication are something you know, something you have, and
something you are.
Quantitative Risk Analysis - ANSAttempts to assign a monetary value to each of the identified
risks that an organization has determined through the risk analysis process.
Security Incident - ANSIs defined as "the attempted or successful unauthorized access, use,
disclosure, modification, or destruction of information or interference with system operations in
an information system.
Organized Healthcare Arrangement (OHCA) - ANSIs described by the Privacy Rule as an
arrangement between two or more legally separated CEs to participate in join activities to share
PHI about shared patients with the purpose of managing and benefiting the joint operations. To
qualify for an OHCA, the entities must be legally separate CEs that are either clinically or
operationally integrated and share PHI for the purposes joint management and operations
based on the arrangement. It would be appropriate for an independent physician would enter
into an OHCA to share PHI to support clinical operations without having to receive an
authorization to share information.
Type of PHI Share for Fundraising - ANSInformation that can be share for fundraising: 1)
demographic information (name, address, other contact information, age, gender, and DOB, 2)
dates of healthcare provided to the individual, 3) department of services, 4) treating physician,
5) outcome information, and 6) health insurance status. 45 CFR 164.514(f)(1)
Research Waiver - ANSIn order for research to be conducted, it must meet a minimum set of
waiver criteria elements. Elements that must be met to meet wavier criteria are: 1) the use or
disclosure for the research involved minimum risk to the patient; 2) the research could not be
conducted without proper access to the waiver being approved; and 3) the research could not
be conducted without proper access to the use of the PHI. 45 CFR 164.512 (i)(2)
Limited Data Set - ANSA limited data set is PHI that removes 16 specific identifiers. Limited data
sets are used for the purpose of research, public health, or healthcare operations. In addition to
the 16 specific identifiers, to use a limited data set, a CE also needs to get a data usage
agreement signed by the receiving induvial(s) that establishes an agreement between the CE
and the recipient defining the permitted uses and disclosures and by whom. 45 CFR 164.514(e)
Risk Avoidance - ANSthe process of terminating a process or activity due to the increased risk
to the organization and inappropriate controls in place to reduce the risk.
Two-factor Authentication - ANSUses two different methods of authentication to get access to a
system. Methods of authentication are something you know, something you have, and
something you are.
Quantitative Risk Analysis - ANSAttempts to assign a monetary value to each of the identified
risks that an organization has determined through the risk analysis process.
Security Incident - ANSIs defined as "the attempted or successful unauthorized access, use,
disclosure, modification, or destruction of information or interference with system operations in
an information system.
