.png){kind=logo}
HCCA-CHPC EXAM LATEST 2026-2027 ACTUAL EXAM 400 QUESTIONS AND CORRECT DETAILED ANSWERS WITH RATIONALES (VERIFIED ANSWERS) |AGRADE
- HCCA-CHPC EXAM LATEST 2026-2027 ACTUAL
- EXAM 400 QUESTIONS AND CORRECT
- DETAILED ANSWERS WITH RATIONALES
- (VERIFIED ANSWERS) |AGRADE
- Which of the following is not listed as a physical safeguard in the
- Security Rule (Subpart C)?
- A. Facility Access Controls
- B. Automatic Log Off
- C. Workstation Use
- D. Workstation Security - ANSWER- B. Automatic Log Off
- Rationale: Automatic log off, passwords, encryption, unique user ID are
- examples of technical safeguards, not physical.
- Which of the following is not listed as a physical safeguard in the
- Security Rule (Subpart C)?
- A. Facility Access Plan
- B. Disposal processes
- C. Data backup and storage
- D. Unique user ID - ANSWER- D. Unique user ID
- Rationale: Automatic log off, passwords, encryption, unique user ID are
- examples of technical safeguards, not physical.
- True or False:
- Covered entities, such as physician's offices, may use patient sign-in
- sheets or call out patient names in waiting rooms, so long as the
- information disclosed is appropriately limited. - ANSWER- TRUE
- Rationale: The HIPAA Privacy Rule explicitly permits the incidental
- disclosures that may result from this practice. For example, the sign-in
- sheet may not display medical information that is not necessary for the
- purpose of signing in (e.g., the medical problem for which the patient is
- seeing the physician). See 45 CFR 164.502(a)(1)(iii).Ref.
- In determining the amount of any civil money penalty for violations of
- HIPAA, the following factors are considered:
- a. The nature and extent of the violation.
- b. The nature and extent of the harm resulting from the violation.
- c. The history of prior compliance with the administrative simplification
- provisions, including violations, by the covered entity or business
- associate.
- d. The financial condition of the covered entity or business associate.
- e. Such other matters as justice may require.
- f. All of the above - ANSWER- f. All of the above
- Under HIPAA, a covered entity is required to disclose Protected Health
- Information (PHI) when:
- a. the disclosure is requested by the police department
- b. a subpoena signed by an attorney is received
- c. the disclosure is required by medical staff bylaws
- d. the Secretary of DHHS requests the information - ANSWER- d. the
- Secretary of DHHS requests the information
- A privacy professional is reviewing a program for an academic medical
- center that include a faculty group practice, hospital, student health
- center, and self-funded group health plan. The privacy professional
- should evaluate if the program has notices for:
- a. GINA
- b. FMLA
- c. HIPAA
- d. FISMA - ANSWER- c. HIPAA
- A health system implemented an EHR in 55 clinics. The privacy
- professional is told employees are inconsistently interpreting the policy
- addressing employee access to EHR. Which of the following is the
- privacy professional's BEST strategy?
- a. Collaborate with HR to ensure appropriate discipline
- b. Perform an audit under Attorney-Client Privilege
- c. Conduct surveys of clinic employees concerns
- d. Audit a random sampling of clinics across the organization -
- ANSWER- c. Conduct surveys of clinic employees concerns
- A privacy professional is assisting IT with the development of proper
- controls to protect the privacy of the organization's data. Which of the
- following is an employee-related control?
- a. Breach response procedures
- b. Annual evaluations
- c. Contractual requirements
- d. User passwords - ANSWER- d. User passwords
- The primary purpose of a privacy exit interview is to:
- a. Meet HITECH requirements
- b. Prevent whistleblower lawsuits
- c. Evaluate for rehire
- d. Determine the appropriate discipline - ANSWER- b. Prevent
- whistleblower lawsuits
- Rationale: Best practice is to conduct these far in advance (don't wait
- until last day); spend enough time to collect information, identify any
- issues for management that could be otherwise unknown.
- Exit Interviews are part of an effective compliance program.
- Should be perform by the Compliance Officer
- Create a policy to specify process
- Use open-ended questions, include questions such how their departing
- experience has been, if any concerns, issues, violations the employee
- would like to let you know for management to address, etc.
.png)