The CHPC (Certified in Healthcare Privacy Compliance) credential is awarded jointly by the Health Care Compliance Association (HCCA) and the Society of Corporate Compliance and Ethics (SCCE). It validates mastery of HIPAA Privacy, Security, and Breach Notification rules, state privacy laws, 42 CFR Part 2, healthcare fraud statutes, and privacy program development. Our free printable PDF gives you a curated set of exam-style questions you can study anywhere โ no internet required.
Print the PDF, work through every question, then check your answers on the last page. Pair it with the online CHPC practice test for timed simulation and instant scoring.
Questions test covered entities, business associates, and the PHI definition. You must know the minimum necessary standard, permitted uses and disclosures for treatment/payment/operations versus those requiring written authorization, and patient rights including access, amendment, accounting of disclosures, and restriction requests.
The exam addresses all three safeguard categories. Administrative safeguards include risk analysis, workforce training, and access management. Physical safeguards cover facility access controls and workstation security. Technical safeguards encompass access controls, audit controls, and encryption standards.
Know the legal definition of a breach, the three exceptions (inadvertent access, good-faith belief, redisclosure), and the notification timelines: 60 days to affected individuals, annual reporting to HHS for small breaches, and prompt reporting for large breaches affecting 500 or more individuals.
State laws that are more stringent than HIPAA preempt the federal standard. The CHPC exam references California CMIA, mental health records, and HIV records as examples. Substance use disorder records under 42 CFR Part 2 require specific patient consent for each disclosure โ a stricter standard than HIPAA.
The False Claims Act includes qui tam provisions that allow whistleblowers to sue on behalf of the government. The Anti-Kickback Statute has defined safe harbors. The Stark Law prohibits physician self-referral for designated health services unless an exception applies.
Expect questions on the privacy officer role, building training programs, drafting policies and procedures, conducting privacy risk assessments, and designing incident response procedures. The exam also covers HIPAA authorization requirements for research, IRB oversight, and the two de-identification standards: Safe Harbor and Expert Determination.
The PDF is ideal for offline review, but timed online testing builds the exam stamina you need on test day. Use the CHPC practice test to simulate real exam conditions, review answer explanations, and identify the topics that need the most attention before your scheduled exam date.