CIIP Cheat Sheet 2026

The 30 highest-yield CIIP facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

170 questions
170 min time limit
70% to pass
  1. What is the main goal of a radiology department's Image Quality Management (IQM) program? Ensure images meet diagnostic quality standards while managing dose and workflow
  2. Which DICOM attribute must be removed to properly de-identify an image per DICOM PS3.15 standard? Patient Name (0010,0010)
  3. What is the maximum number of days a covered entity has to notify affected individuals after discovering a HIPAA breach? 60 days
  4. Which DICOM service class operations are used to query and retrieve images from a VNA? C-FIND and C-MOVE (or C-GET)
  5. What surface in the reading room has the greatest influence on sound transmission? The ceiling
  6. Which federal regulation, beyond HIPAA, governs the cybersecurity posture of healthcare organizations connected to federal networks? NIST Cybersecurity Framework (CSF)
  7. Tissue characteristics exploited by MRI to manipulate tissue contrast: T1- T2,Proton density, Blood flow, Perfusion- Diffusion
  8. Which accreditation standard specifically addresses the quality and safety of teleradiology services in the United States? ACR Practice Parameter for Teleradiology
  9. A radiology technologist accidentally emails a patient's MRI report to the wrong recipient. Under HIPAA, this is classified as a: Breach of unsecured PHI
  10. Which accreditation body sets quality standards for diagnostic imaging in the United States that directly impact informatics systems? American College of Radiology (ACR)
  11. When shopping for a new healthcare information system, what is the most important document for which to ask? IHE integration statement
  12. Which HIPAA rule specifically governs the technical safeguards for electronic PHI stored in PACS? HIPAA Security Rule
  13. Which scenario triggers mandatory reporting to HHS under HIPAA's Breach Notification Rule? A breach affecting 500 or more individuals in a state
  14. Under HIPAA, which of the following is considered Protected Health Information (PHI) in a radiology context? Patient name combined with a radiological diagnosis
  15. What is the purpose of a Radiology Information System (RIS)? To manage patient scheduling and appointment tracking for radiology procedures
  16. What is a Picture Archive and Communication System (PACS) administrator responsible for? Managing and maintaining the PACS infrastructure
  17. What is the primary goal of imaging informatics? To optimize the storage and retrieval of medical images and related data
  18. What does the principle of 'minimum necessary' require in an imaging informatics context? Staff should access only the PHI needed to perform their specific job duties
  19. What is the recommended approach for securing DICOM transmissions over a public or untrusted network? TLS-encrypted DICOM or VPN tunneling
  20. In a PACS implementation, which quality assurance step ensures that images are stored and retrieved without data corruption? Bit-exact verification of stored vs. retrieved DICOM files
  21. In imaging informatics, which process ensures that a new PACS version does not introduce regression errors before clinical deployment? User acceptance testing (UAT) with validated test cases
  22. What component in an enterprise imaging architecture enables images from a VNA to be served to multiple departmental viewing systems? Vendor-agnostic image distribution broker or universal image hub
  23. Which of the following is a primary goal of a comprehensive Quality Assurance (QA) program within a clinical imaging workflow? To ensure the consistent provision of prompt and accurate patient diagnoses.
  24. Which of the following is a required element of a HIPAA Security Rule risk analysis for an imaging department? Identifying potential threats and vulnerabilities to ePHI
  25. Which of the following standards is commonly used for the exchange of medical images and related information? Digital Imaging and Communications in Medicine (DICOM)
  26. A Business Associate Agreement (BAA) is required when a PACS vendor: Has access to ePHI while providing services to a covered entity
  27. What is the purpose of the ACR's Dose Index Registry (DIR) in imaging informatics compliance? Benchmark CT radiation dose indices against national and peer norms
  28. What does FDA 21 CFR Part 11 regulate in the context of imaging informatics? Electronic records and electronic signatures in regulated environments
  29. Which method provides secure DICOM image transmission over the internet or wide-area networks? DICOM over TLS or DICOMweb over HTTPS
  30. In imaging informatics, which network security measure prevents unauthorized DICOM queries from external sources? Application Entity (AE) title whitelisting
Turn these facts into recall: