CHPC EXAM 2024 COMPLETE 260
QUESTIONS WITH DETAILED VERIFIED
AND 100% CORRECT ANSWERS BRAND
NEW ALREADY GRADED A+
An employee contacts a privacy professional about the
employee's involvement in possible illegal activity
involving the misuse of individually identifiable
information. Which of the following should the privacy
professional do FIRST?
a. Ask the CFO for assistance.
b. Contact legal counsel.
c. Notify local law enforcement.
d. Refer the employee to human resources. -
....ANSWER...b. Contact legal counsel.
When asked to give a presentation to the board on the
implementation of a privacy program, a privacy
1
,professional should consider which of the following
elements FIRST?
a. Program budget.
b. Audit plan.
c. Training plan.
D. Program scope. - ....ANSWER...d. Program scope.
Which of the following topics should be included in a
training presentation on privacy safeguards?
a. Recycling paper documents.
b. Maintaining medical records for a specific number of
year.
c. Requiring BAAs of vendors.
d. Shredding paper documents. - ....ANSWER...d.
Shredding paper documents.
A privacy professional has been notified that there had
been a data breach of a clinical system containing
protected health information. Which of the following is the
source of the notification requirements?
a. FERPA provisions.
b. HIPAA Security Rule.
c. HITECH Act.
d. Privacy Act - ....ANSWER...c. HITECH Act
2
,A photo of a nurse doing a procedure on a patient in the
hospital has been posted on a social networking site. HR
has identified both the nurse in the photo and the patient.
HR asks the privacy professional for a recommendation for
disciplinary action. Before providing a recommendation,
the privacy professional should determine if the:
a. 60-day timeline for reporting the breach to DHHS has
lapsed.
b. Photo was posted during work hours or an unpaid break.
c. Nurse was aware that she was being photographed.
d. Patient says they gave permission for the photo. -
....ANSWER...c. Nurse was aware that she was being
photographed.
A privacy professional verified that a Business Associate
(BA) is selling an individual's PHI. The BA can claim they
were compliant with regulatory requirements if they
obtained:
a. Authorization from the individual.
b. Consent from the individual.
c. Authorization from the healthcare entity.
d. Consent from the healthcare entity. - ....ANSWER...a.
Authorization from the individual.
3
, A clinic has patient data that an independent researcher
would like to access. The researcher only needs de-
identified information, but the clinic does not have the
resources to strip the patient identifiers from the data being
requested. The researcher does have the resources and
offers to remove the identifiers before beginning the
research. A privacy professional should inform the clinic
that it can provide the PHI to the researcher if the clinic:
a. Notifies each patient whose information is disclosed.
b. Modifies the hospital's Notice of Privacy Practices.
c. Requires the researcher to obtain a waiver of
authorization.
d. Has the researcher show proof of privacy training. -
....ANSWER...c. Requires the researcher to obtain a waiver
of authorization.
Thee is a message on a hotline from a patient indicating
that her PHI has been used to contact her about
participating in a research study. As the NEXT step in the
investigation, the privacy professional should contact the:
a. Patient for additional information.
b. Patient's primary care physician to confirm the
information.
c. Principal investigator about how she got the patient's
name.
d. Medical record department regarding the release. -
....ANSWER...a. Patient for additional information.
4
QUESTIONS WITH DETAILED VERIFIED
AND 100% CORRECT ANSWERS BRAND
NEW ALREADY GRADED A+
An employee contacts a privacy professional about the
employee's involvement in possible illegal activity
involving the misuse of individually identifiable
information. Which of the following should the privacy
professional do FIRST?
a. Ask the CFO for assistance.
b. Contact legal counsel.
c. Notify local law enforcement.
d. Refer the employee to human resources. -
....ANSWER...b. Contact legal counsel.
When asked to give a presentation to the board on the
implementation of a privacy program, a privacy
1
,professional should consider which of the following
elements FIRST?
a. Program budget.
b. Audit plan.
c. Training plan.
D. Program scope. - ....ANSWER...d. Program scope.
Which of the following topics should be included in a
training presentation on privacy safeguards?
a. Recycling paper documents.
b. Maintaining medical records for a specific number of
year.
c. Requiring BAAs of vendors.
d. Shredding paper documents. - ....ANSWER...d.
Shredding paper documents.
A privacy professional has been notified that there had
been a data breach of a clinical system containing
protected health information. Which of the following is the
source of the notification requirements?
a. FERPA provisions.
b. HIPAA Security Rule.
c. HITECH Act.
d. Privacy Act - ....ANSWER...c. HITECH Act
2
,A photo of a nurse doing a procedure on a patient in the
hospital has been posted on a social networking site. HR
has identified both the nurse in the photo and the patient.
HR asks the privacy professional for a recommendation for
disciplinary action. Before providing a recommendation,
the privacy professional should determine if the:
a. 60-day timeline for reporting the breach to DHHS has
lapsed.
b. Photo was posted during work hours or an unpaid break.
c. Nurse was aware that she was being photographed.
d. Patient says they gave permission for the photo. -
....ANSWER...c. Nurse was aware that she was being
photographed.
A privacy professional verified that a Business Associate
(BA) is selling an individual's PHI. The BA can claim they
were compliant with regulatory requirements if they
obtained:
a. Authorization from the individual.
b. Consent from the individual.
c. Authorization from the healthcare entity.
d. Consent from the healthcare entity. - ....ANSWER...a.
Authorization from the individual.
3
, A clinic has patient data that an independent researcher
would like to access. The researcher only needs de-
identified information, but the clinic does not have the
resources to strip the patient identifiers from the data being
requested. The researcher does have the resources and
offers to remove the identifiers before beginning the
research. A privacy professional should inform the clinic
that it can provide the PHI to the researcher if the clinic:
a. Notifies each patient whose information is disclosed.
b. Modifies the hospital's Notice of Privacy Practices.
c. Requires the researcher to obtain a waiver of
authorization.
d. Has the researcher show proof of privacy training. -
....ANSWER...c. Requires the researcher to obtain a waiver
of authorization.
Thee is a message on a hotline from a patient indicating
that her PHI has been used to contact her about
participating in a research study. As the NEXT step in the
investigation, the privacy professional should contact the:
a. Patient for additional information.
b. Patient's primary care physician to confirm the
information.
c. Principal investigator about how she got the patient's
name.
d. Medical record department regarding the release. -
....ANSWER...a. Patient for additional information.
4
