CHPC Exam - Questions With Expert Solutions
A new privacy officer is reviewing an
organization's current policy on patient
requests for amendments. Which of
the following is the MOST critical to the
evaluation process?
A. effective and revision dates of
the policy
B. accurate description of the
regulatory requirements
C. nature of complaints related to
the policy
D. description of the form letters used
to respond to requests Correct Answer - B. accurate
description of the
regulatory requirements
As part of due diligence on Business
Associates, a privacy officer would be
MOST concerned with confirming that
they conduct:
A. criminal background checks.
B. credit history checks.
C. provider credentialing checks.
D. health screening checks. Correct Answer - A. criminal
background checks.
Data breach response training is
required by which of the following
regulations?
A. HITECH
B. GLBA
C. FMLA
, D. Privacy Act Correct Answer - A. HITECH
A business associate has contacted
an organization's privacy officer to
alert him that some of the patient
information that they hold in relation
to the BAA may have been breached.
An employee took a laptop that
contained patient information from
several vendors and misplaced it at an
airport. They are not 100% sure that
information from the organization was
on the laptop. Which of the following is
the MOST appropriate response by the
privacy officer?
A. Rely on the business associate to
conduct any needed notifications.
B. Notify each individual whose PHI
has been possibly disclosed.
C. Determine if the breach involved
more than 500 individuals.
D. Assure that all notifications
occur no later than 90 days after
discovery. Correct Answer - C. Determine if the breach
involved
more than 500 individuals.
During an internal investigation, it is
discovered that the Institutional Review
Board (IRB) has not been reviewing the
informed consents or authorizations
completed by research subjects. Which
of the following should a privacy
officer do FIRST?
A new privacy officer is reviewing an
organization's current policy on patient
requests for amendments. Which of
the following is the MOST critical to the
evaluation process?
A. effective and revision dates of
the policy
B. accurate description of the
regulatory requirements
C. nature of complaints related to
the policy
D. description of the form letters used
to respond to requests Correct Answer - B. accurate
description of the
regulatory requirements
As part of due diligence on Business
Associates, a privacy officer would be
MOST concerned with confirming that
they conduct:
A. criminal background checks.
B. credit history checks.
C. provider credentialing checks.
D. health screening checks. Correct Answer - A. criminal
background checks.
Data breach response training is
required by which of the following
regulations?
A. HITECH
B. GLBA
C. FMLA
, D. Privacy Act Correct Answer - A. HITECH
A business associate has contacted
an organization's privacy officer to
alert him that some of the patient
information that they hold in relation
to the BAA may have been breached.
An employee took a laptop that
contained patient information from
several vendors and misplaced it at an
airport. They are not 100% sure that
information from the organization was
on the laptop. Which of the following is
the MOST appropriate response by the
privacy officer?
A. Rely on the business associate to
conduct any needed notifications.
B. Notify each individual whose PHI
has been possibly disclosed.
C. Determine if the breach involved
more than 500 individuals.
D. Assure that all notifications
occur no later than 90 days after
discovery. Correct Answer - C. Determine if the breach
involved
more than 500 individuals.
During an internal investigation, it is
discovered that the Institutional Review
Board (IRB) has not been reviewing the
informed consents or authorizations
completed by research subjects. Which
of the following should a privacy
officer do FIRST?
