CHPS Study Guide 2026

Everything you need to pass the CHPS exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.

📋 CHPS Exam Format at a Glance

150
Questions
210 min
Time Limit
70.00%
Passing Score

📚 CHPS Topics to Study (21)

✍️ Sample CHPS Questions & Answers

1. The Workforce Security standard under the HIPAA Security Rule's Administrative Safeguards requires covered entities to:
Implement policies and procedures to ensure that workforce members have appropriate access to ePHI and to prevent those who do not have access from obtaining it

Workforce Security requires policies ensuring appropriate ePHI access for those who need it while preventing unauthorized access by those who do not, covering authorization, supervision, and termination procedures.

2. What is the HIPAA standard for de-identification using the Expert Determination method?
A qualified statistical expert determines the risk of identifying an individual is very small

Expert Determination requires a qualified statistical or scientific expert to certify that the risk of re-identification is very small using generally accepted principles.

3. What does the Evaluation standard under the HIPAA Security Rule's Administrative Safeguards require a covered entity to perform?
Periodic technical and non-technical evaluations of the security policies and procedures in response to environmental or operational changes

The Evaluation standard requires covered entities to periodically assess how well their security policies and procedures meet the Security Rule requirements, particularly after operational or environmental changes.

4. Under the HIPAA Security Rule's Physical Safeguards, what does the Workstation Use standard require?
Policies and procedures specifying proper functions performed at workstations and the physical attributes of the surroundings of workstations with access to ePHI

The Workstation Use standard requires policies defining proper workstation functions and the physical environment of workstations that access ePHI, such as positioning screens away from unauthorized viewers.

5. A hospital's privacy program is undergoing an external assessment. Which standard would be MOST appropriate for benchmarking privacy program maturity in a US healthcare context?
NIST Privacy Framework (PF)

The NIST Privacy Framework (PF) provides a voluntary, risk-based framework for managing privacy risks that aligns well with US healthcare privacy requirements including HIPAA.

6. Under HIPAA, which term describes a vendor that provides services to a covered entity and creates, receives, maintains, or transmits PHI in the course of providing those services?
Business Associate

A business associate is a person or entity that performs services for a covered entity involving the use or disclosure of PHI, and must sign a Business Associate Agreement.

🎯 Free CHPS Practice Tests

📖 CHPS Guides & Articles

Your CHPS Study Path
1. Learn with Flashcards → 2. Drill Practice Tests → 3. Take the Full Exam Simulation