Welcome to the official MedicoExam syllabus guide for the AHIMA Certified in Healthcare Privacy and Security certification. This page delivers a clear, structured overview of the AHIMA CHPS exam, including key exam details, syllabus topics, and preparation references to support effective study planning. The AHIMA Certified in Healthcare Privacy and Security (CHPS) is intended for professionals pursuing roles aligned with Healthcare Privacy & Security, with assessment centered on applied competencies such as Privacy and security program management, physical and technical safeguards, investigation compliance and enforcement within real-world settings like Hospitals and health systems, clinics and provider organizations, insurance companies and healthcare organizations.
The syllabus outline below reflects the core domains and expectations defined by the official AHIMA certification framework and aligns with the cognitive and professional standards assessed in the AHIMA CHPS exam. Candidates can use this guide alongside official vendor resources and structured practice to align their preparation with current exam standards and professional expectations for Healthcare privacy and security professionals, HIM and health informatics professionals, healthcare compliance and risk professionals
AHIMA CHPS Exam Summary and Key Details
| Exam Name | AHIMA Certified in Healthcare Privacy and Security |
| Credential | AHIMA Certified in Healthcare Privacy and Security (CHPS) |
| Vendor | American Health Information Management Association (AHIMA) |
| Exam Code | CHPS » AHIMA CHPS Certification Practice Exam |
| Exam Delivery Mode | Pearson VUE authorized test center; OnVUE remote proctoring for eligible U.S. candidates |
| Exam Duration | 210 mins |
| Number of Questions | 150 (125 Scored Items / 25 Pretest Items) |
| Passing Score | 300 (on a scale of 100-400) |
| Exam Price |
AHIMA members - $259 (USD) AHIMA non-members - $329 (USD) |
| Scheduling Window | 120 days from eligibility authorization |
| Schedule Exam | Pearson VUE |
| Sample Questions | AHIMA CHPS Exam Sample Questions |
| Recommended Practice | AHIMA CHPS Certification Practice Exam |
AHIMA CHPS Exam Syllabus Topics and Weighting
| Topic Areas | Topic Details, Courses, Books | Weighting |
|---|---|---|
| Ethical, Legal, and Regulatory Issues/ Environmental Assessment |
- Identify responsibilities as a privacy officer and/or security officer - Serve as a resource (provide guidance) to your organization regarding privacy and security laws, regulations, and standards of accreditation agencies to help interpret and apply the standards - Apply preemption principles to ensure compliance with state regulations that are applicable to privacy - Evaluate the privacy and security policies related to health information exchanges - Demonstrate privacy and security compliance with documentation, production and retention as required by State and Federal law as well as accrediting agencies - Analyze the impact of access to protected health information (PHI) during a public health emergency |
10-18% |
| Privacy and Security Program Management and Administration |
- Manage the distribution process of the organization’s Notice of Privacy Practices - Manage the process for requests for patients’ rights as outlined in the Notice of Privacy Practices (e.g., restrictions, amendments, etc.) - Manage contracts and business associate relationships and secure appropriate agreements related to privacy and security (e.g., business associate agreement [BAA], service level agreement [SLA], etc.) - Evaluate and monitor the facility security plan to safeguard unauthorized physical access to information, and to prevent theft or tampering - Establish a preventative program to detect and prevent privacy/security breaches - Develop, deliver, evaluate, and document training and awareness on information privacy and security to provide an informed workforce - Educate workforce members on the changes to organizational policies, procedures, and practices related to privacy and security - Collaborate with appropriate organization officials to verify that information used or disclosed for research purposes complies with organizational policies and procedures and applicable privacy regulations - Manage appropriate de-identification processes - Assess and communicate risks and ramifications of privacy and security incidents to a designated organizational leadership, including those by business associates - Verify that requesters of protected information are authorized and permitted access to the protected health information (PHI) - Apply the “minimum necessary” standard when creating, documenting, and communicating protected health information (PHI) - Define HIPAA-designated record sets for the organization in order to appropriately respond to a request for release of protected health information (PHI) - Identify information and record sets requiring special privacy protections - Manage disclosures for marketing and fundraising related to protected health information (PHI) |
30-40% |
| Information Technology/Physical and Technical Safeguards |
- Develop and manage an organization’s information security plan, taking into consideration 45 CFR 164.306 - Manage policies, procedures, and rules to protect the integrity, availability, and confidentiality of communication of health information across networks - Ensure reasonable safeguards to reduce incidental disclosures and prevent privacy breaches - Collaborate in the development of a business continuity plan for planned downtime and contingency planning for emergencies and disaster recovery - Evaluate, select, and implement information privacy and security solutions - Monitor compliance with the security policies and ensure compliance with technical, physical, and administrative safeguards - Assess the risk to and criticalities of new information systems which contain protected health information (PHI) - Assess and monitor physical security mechanisms to limit the access of unauthorized personnel to facilities, equipment, and information - Assess and monitor technical security mechanisms to control access and protect electronic protected health information (PHI) - Perform ongoing risk assessments for existing information systems which contain protected health information (PHI) - Ensure appropriate technologies are used to protect information received from or transmitted to external users - Manage the process for verifying and controlling access authorizations, authentication mechanisms, and privileges including emergency access - Identify event triggers for abnormal conditions within a network system (e.g., intrusion detection, denial of service, and invalid log-on attempts) - Manage the media control practices that govern the receipt, removal, re-use, or disposal (internal and external destruction) of any media or devices containing sensitive data - Develop and maintain the inventory of software, hardware, and all data to protect information assets and to facilitate risk analysis |
24-35% |
| Investigation, Compliance, and Enforcement |
- Monitor and assess compliance with state and federal laws and regulations on a routine basis related to privacy and security to update organizational practices, policies, procedures, and training of workforce - Develop policy and procedure for breach notification - Establish an incident/complaint investigation process, and develop a response plan to mitigate a privacy or security incident - Ensure workforce is knowledgeable on how to report a potential privacy or security incident - Enforce privacy and security policies, procedures, and guidelines to facilitate compliance with federal, state, and other regulatory or accrediting bodies - Monitor and audit access to protected health information (PHI) - Perform risk assessment for breach notification - Coordinate the organization’s response to inquiries and investigations from external entities relating to privacy and security to provide response consistent with organizational policies and procedures within the required timeframe - Notify appropriate individuals/agencies/media within time frame for breach notification - Maintain the appropriate documentation for breach notification |
19-24% |
The AHIMA CHPS certification exam is designed to assess both theoretical knowledge and applied professional judgment in Healthcare Privacy & Security. The exam evaluates competencies such as Privacy and security program management, physical and technical safeguards, investigation compliance and enforcement, ensuring candidates are prepared for real-world responsibilities as Healthcare privacy and security professionals, HIM and health informatics professionals, healthcare compliance and risk professionals working in settings such as Hospitals and health systems, clinics and provider organizations, insurance companies and healthcare organizations.
To prepare effectively for the AHIMA Certified in Healthcare Privacy and Security exam, candidates are encouraged to review official vendor materials, complete structured practice assessments, and gain hands-on experience relevant to their professional role.
