AHIMA CHPS
Domain 1 - 4
READINESS ASSESSMENT GUIDE
Q&S
©2024/2025
,1. Which federal regulation primarily governs the privacy of
health information in the United States?
- A) Affordable Care Act (ACA)
- B) Health Insurance Portability and Accountability Act
(HIPAA)
- C) Family Educational Rights and Privacy Act (FERPA)
- D) Americans with Disabilities Act (ADA)
- Correct Answer: B)
2. In a healthcare organization, which of the following
would be considered a necessary technical safeguard
under HIPAA?
- A) Annual training on privacy policies
- B) Physical security of paper records
- C) Encryption of electronic health records (EHRs)
- D) Patient consent forms
- Correct Answer: C)
3. What is the primary purpose of a Privacy Impact
Assessment (PIA)?
- A) To evaluate the financial health of an organization
- B) To identify and mitigate privacy risks associated with
the collection of personal information
- C) To ensure compliance with labor laws
- D) To analyze environmental impacts of healthcare
delivery
- Correct Answer: B)
4. When conducting an internal compliance audit, which of
the following should be assessed first?
- A) Employee satisfaction surveys
- B) Organizational policies and procedures
©2024/2025
, - C) Patient care outcomes
- D) External stakeholder feedback
- Correct Answer: B)
5. In the context of telehealth, which factor is vital for
maintaining patient privacy?
- A) Using social media to promote services
- B) Secure transmission of health data
- C) Public broadcasting of consultations
- D) Allowing unrestricted access to staff
- Correct Answer: B)
6. Which of the following is NOT considered a “covered
entity” under HIPAA?
- A) Health care providers
- B) Health plans
- C) Business associates
- D) Research participants
- Correct Answer: D)
7. What is a common component of an effective security
risk analysis under HIPAA?
- A) Identifying workflow efficiencies
- B) Assessing local market competition
- C) Evaluating potential risks to protected health
information (PHI)
- D) Conducting employee satisfaction assessments
- Correct Answer: C)
8. Which of the following best describes the principle of
“minimum necessary” under HIPAA?
- A) Providers can share all PHI with other providers.
- B) Only the necessary amount of PHI should be shared
©2024/2025
Domain 1 - 4
READINESS ASSESSMENT GUIDE
Q&S
©2024/2025
,1. Which federal regulation primarily governs the privacy of
health information in the United States?
- A) Affordable Care Act (ACA)
- B) Health Insurance Portability and Accountability Act
(HIPAA)
- C) Family Educational Rights and Privacy Act (FERPA)
- D) Americans with Disabilities Act (ADA)
- Correct Answer: B)
2. In a healthcare organization, which of the following
would be considered a necessary technical safeguard
under HIPAA?
- A) Annual training on privacy policies
- B) Physical security of paper records
- C) Encryption of electronic health records (EHRs)
- D) Patient consent forms
- Correct Answer: C)
3. What is the primary purpose of a Privacy Impact
Assessment (PIA)?
- A) To evaluate the financial health of an organization
- B) To identify and mitigate privacy risks associated with
the collection of personal information
- C) To ensure compliance with labor laws
- D) To analyze environmental impacts of healthcare
delivery
- Correct Answer: B)
4. When conducting an internal compliance audit, which of
the following should be assessed first?
- A) Employee satisfaction surveys
- B) Organizational policies and procedures
©2024/2025
, - C) Patient care outcomes
- D) External stakeholder feedback
- Correct Answer: B)
5. In the context of telehealth, which factor is vital for
maintaining patient privacy?
- A) Using social media to promote services
- B) Secure transmission of health data
- C) Public broadcasting of consultations
- D) Allowing unrestricted access to staff
- Correct Answer: B)
6. Which of the following is NOT considered a “covered
entity” under HIPAA?
- A) Health care providers
- B) Health plans
- C) Business associates
- D) Research participants
- Correct Answer: D)
7. What is a common component of an effective security
risk analysis under HIPAA?
- A) Identifying workflow efficiencies
- B) Assessing local market competition
- C) Evaluating potential risks to protected health
information (PHI)
- D) Conducting employee satisfaction assessments
- Correct Answer: C)
8. Which of the following best describes the principle of
“minimum necessary” under HIPAA?
- A) Providers can share all PHI with other providers.
- B) Only the necessary amount of PHI should be shared
©2024/2025
