1 | Page
CERTIFIED IN HEALTHCARE
PRIVACY AND SECURITY (CHPS)
2026 LATEST QUESTIONS WITH
100% VERIFIED SOLUTIONS.
Which of the following is a goal of the minimum necessary
requirement under the HIPAA Privacy Rule? - answer -Ensure
that all workforce members have the same access to PHI within
an organization.
A patient is checking in at the registration desk and overhears a
conversation between another patient and the billing specialist
regarding a specific diagnosis that is not being covered under the
patient's insurance. This is an example of what type of
disclosure? - answer -Incidental
Which of the following is the only scenario where breach
notification can be delayed past the 60-day notification
requirement? - answer -When law enforcement requests a delay
due to open criminal investigation.
,2 | Page
During a recent change in a computer system's access, an
organization determined that they were going to create role-based
access defined on the need for each job type within the
organization. This is an example of application of which of the
following: - answer -Minimum necessary
An organization just finished updating the minimum necessary
policy and procedure. The new policy took effect on February 12,
2016. How long do they have to maintain the previous version of
the policy? - answer -February 12, 2020
Which of the following is considered a patient's right under the
HIPAA Privacy Rule? - answer -Accounting of disclosure (AOD)
How long does a covered entity have to respond to an accounting
of disclosure request? - answer -30 days with one 30 day
extension.
,3 | Page
A patient has requested three accounting-of-disclosures reports in
the past month. Which of the following statements is true
regarding the accounting of disclosure? - answer -The CE is
allowed to charge a reasonable, cost-based fee for the second
and third request for accounting disclosures and must inform the
patient prior.
In the final HIPAA Omnibus Rule of 2013, which of the following
was added to the regulations regarding patient access? - answer -
A patient has a right to receive his or her designated record set
electronically, if maintained electronically.
If a state requires that all medical records are disclosed within 15
days from the request, and HIPAA requires for disclosures to be
completed within 30 days from the request, which timeline should
be followed? - answer -State law because it is more stringent than
HIPAA.
Which of the following is allowed under the applicable fees and
charges when charging for a copy of medical records? - answer -
Labor cost
, 4 | Page
if a patient put in a request for an amendment to his or her
medical record on July 20, 2020, when would be the last possible
day that the CE would need to provide outcome information on
the amendment or notification of a 30-day extension? - answer -
September 20, 2020
If a patient chooses to make a complaint against a CE to the
Secretary of Health and Human Services, the complaint must be
made in _____ days from the date the complaint was known or
should have been known. - answer -180
A patient made a request for an accounting of disclosure on
March 31, 2020. What is the date range that must be provided on
the accounting-of-disclosure document? - answer -March 31,
2015 -March 31, 2020. 6 years prior.
What was the compliance date for all covered entities and
business associates to bring all of the grandfathered business
associate agreements into compliance with the final Omnibus
Rule of 2013? - answer -September 23, 2014
CERTIFIED IN HEALTHCARE
PRIVACY AND SECURITY (CHPS)
2026 LATEST QUESTIONS WITH
100% VERIFIED SOLUTIONS.
Which of the following is a goal of the minimum necessary
requirement under the HIPAA Privacy Rule? - answer -Ensure
that all workforce members have the same access to PHI within
an organization.
A patient is checking in at the registration desk and overhears a
conversation between another patient and the billing specialist
regarding a specific diagnosis that is not being covered under the
patient's insurance. This is an example of what type of
disclosure? - answer -Incidental
Which of the following is the only scenario where breach
notification can be delayed past the 60-day notification
requirement? - answer -When law enforcement requests a delay
due to open criminal investigation.
,2 | Page
During a recent change in a computer system's access, an
organization determined that they were going to create role-based
access defined on the need for each job type within the
organization. This is an example of application of which of the
following: - answer -Minimum necessary
An organization just finished updating the minimum necessary
policy and procedure. The new policy took effect on February 12,
2016. How long do they have to maintain the previous version of
the policy? - answer -February 12, 2020
Which of the following is considered a patient's right under the
HIPAA Privacy Rule? - answer -Accounting of disclosure (AOD)
How long does a covered entity have to respond to an accounting
of disclosure request? - answer -30 days with one 30 day
extension.
,3 | Page
A patient has requested three accounting-of-disclosures reports in
the past month. Which of the following statements is true
regarding the accounting of disclosure? - answer -The CE is
allowed to charge a reasonable, cost-based fee for the second
and third request for accounting disclosures and must inform the
patient prior.
In the final HIPAA Omnibus Rule of 2013, which of the following
was added to the regulations regarding patient access? - answer -
A patient has a right to receive his or her designated record set
electronically, if maintained electronically.
If a state requires that all medical records are disclosed within 15
days from the request, and HIPAA requires for disclosures to be
completed within 30 days from the request, which timeline should
be followed? - answer -State law because it is more stringent than
HIPAA.
Which of the following is allowed under the applicable fees and
charges when charging for a copy of medical records? - answer -
Labor cost
, 4 | Page
if a patient put in a request for an amendment to his or her
medical record on July 20, 2020, when would be the last possible
day that the CE would need to provide outcome information on
the amendment or notification of a 30-day extension? - answer -
September 20, 2020
If a patient chooses to make a complaint against a CE to the
Secretary of Health and Human Services, the complaint must be
made in _____ days from the date the complaint was known or
should have been known. - answer -180
A patient made a request for an accounting of disclosure on
March 31, 2020. What is the date range that must be provided on
the accounting-of-disclosure document? - answer -March 31,
2015 -March 31, 2020. 6 years prior.
What was the compliance date for all covered entities and
business associates to bring all of the grandfathered business
associate agreements into compliance with the final Omnibus
Rule of 2013? - answer -September 23, 2014
