CHPS Study Guide 2026
Everything you need to pass the CHPS exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📋 CHPS Exam Format at a Glance
📚 CHPS Topics to Study (21)
✍️ Sample CHPS Questions & Answers
1. The Workforce Security standard under the HIPAA Security Rule's Administrative Safeguards requires covered entities to:
Workforce Security requires policies ensuring appropriate ePHI access for those who need it while preventing unauthorized access by those who do not, covering authorization, supervision, and termination procedures.
2. What is the HIPAA standard for de-identification using the Expert Determination method?
Expert Determination requires a qualified statistical or scientific expert to certify that the risk of re-identification is very small using generally accepted principles.
3. What does the Evaluation standard under the HIPAA Security Rule's Administrative Safeguards require a covered entity to perform?
The Evaluation standard requires covered entities to periodically assess how well their security policies and procedures meet the Security Rule requirements, particularly after operational or environmental changes.
4. Under the HIPAA Security Rule's Physical Safeguards, what does the Workstation Use standard require?
The Workstation Use standard requires policies defining proper workstation functions and the physical environment of workstations that access ePHI, such as positioning screens away from unauthorized viewers.
5. A hospital's privacy program is undergoing an external assessment. Which standard would be MOST appropriate for benchmarking privacy program maturity in a US healthcare context?
The NIST Privacy Framework (PF) provides a voluntary, risk-based framework for managing privacy risks that aligns well with US healthcare privacy requirements including HIPAA.
6. Under HIPAA, which term describes a vendor that provides services to a covered entity and creates, receives, maintains, or transmits PHI in the course of providing those services?
A business associate is a person or entity that performs services for a covered entity involving the use or disclosure of PHI, and must sign a Business Associate Agreement.