CIIP Cheat Sheet 2026
The 30 highest-yield CIIP facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
170 questions
170 min time limit
70% to pass
- What is the main goal of a radiology department's Image Quality Management (IQM) program? → Ensure images meet diagnostic quality standards while managing dose and workflow
- Which DICOM attribute must be removed to properly de-identify an image per DICOM PS3.15 standard? → Patient Name (0010,0010)
- What is the maximum number of days a covered entity has to notify affected individuals after discovering a HIPAA breach? → 60 days
- Which DICOM service class operations are used to query and retrieve images from a VNA? → C-FIND and C-MOVE (or C-GET)
- What surface in the reading room has the greatest influence on sound transmission? → The ceiling
- Which federal regulation, beyond HIPAA, governs the cybersecurity posture of healthcare organizations connected to federal networks? → NIST Cybersecurity Framework (CSF)
- Tissue characteristics exploited by MRI to manipulate tissue contrast: → T1- T2,Proton density, Blood flow, Perfusion- Diffusion
- Which accreditation standard specifically addresses the quality and safety of teleradiology services in the United States? → ACR Practice Parameter for Teleradiology
- A radiology technologist accidentally emails a patient's MRI report to the wrong recipient. Under HIPAA, this is classified as a: → Breach of unsecured PHI
- Which accreditation body sets quality standards for diagnostic imaging in the United States that directly impact informatics systems? → American College of Radiology (ACR)
- When shopping for a new healthcare information system, what is the most important document for which to ask? → IHE integration statement
- Which HIPAA rule specifically governs the technical safeguards for electronic PHI stored in PACS? → HIPAA Security Rule
- Which scenario triggers mandatory reporting to HHS under HIPAA's Breach Notification Rule? → A breach affecting 500 or more individuals in a state
- Under HIPAA, which of the following is considered Protected Health Information (PHI) in a radiology context? → Patient name combined with a radiological diagnosis
- What is the purpose of a Radiology Information System (RIS)? → To manage patient scheduling and appointment tracking for radiology procedures
- What is a Picture Archive and Communication System (PACS) administrator responsible for? → Managing and maintaining the PACS infrastructure
- What is the primary goal of imaging informatics? → To optimize the storage and retrieval of medical images and related data
- What does the principle of 'minimum necessary' require in an imaging informatics context? → Staff should access only the PHI needed to perform their specific job duties
- What is the recommended approach for securing DICOM transmissions over a public or untrusted network? → TLS-encrypted DICOM or VPN tunneling
- In a PACS implementation, which quality assurance step ensures that images are stored and retrieved without data corruption? → Bit-exact verification of stored vs. retrieved DICOM files
- In imaging informatics, which process ensures that a new PACS version does not introduce regression errors before clinical deployment? → User acceptance testing (UAT) with validated test cases
- What component in an enterprise imaging architecture enables images from a VNA to be served to multiple departmental viewing systems? → Vendor-agnostic image distribution broker or universal image hub
- Which of the following is a primary goal of a comprehensive Quality Assurance (QA) program within a clinical imaging workflow? → To ensure the consistent provision of prompt and accurate patient diagnoses.
- Which of the following is a required element of a HIPAA Security Rule risk analysis for an imaging department? → Identifying potential threats and vulnerabilities to ePHI
- Which of the following standards is commonly used for the exchange of medical images and related information? → Digital Imaging and Communications in Medicine (DICOM)
- A Business Associate Agreement (BAA) is required when a PACS vendor: → Has access to ePHI while providing services to a covered entity
- What is the purpose of the ACR's Dose Index Registry (DIR) in imaging informatics compliance? → Benchmark CT radiation dose indices against national and peer norms
- What does FDA 21 CFR Part 11 regulate in the context of imaging informatics? → Electronic records and electronic signatures in regulated environments
- Which method provides secure DICOM image transmission over the internet or wide-area networks? → DICOM over TLS or DICOMweb over HTTPS
- In imaging informatics, which network security measure prevents unauthorized DICOM queries from external sources? → Application Entity (AE) title whitelisting
Turn these facts into recall: