Certified in Healthcare Privacy and Security (CHPS): Requirements, Exam, and How to Get Certified

The CHPS credential validates advanced expertise in healthcare privacy management and healthcare security compliance. As a health information management credential, it signals you can design, lead, and improve enterprise programs that protect PHI, meet regulations, and enable trustworthy data use.

This guide covers eligibility, exam structure, application and fees, preparation, maintenance, benefits, and an overview of AHIMA’s CHPS program—so you can plan a confident path to certification.

Eligibility Criteria for CHPS Certification

Education and experience pathways

Eligibility is based on AHIMA certification policies and typically blends formal education, professional experience, and role alignment. Common pathways include:

• Education-based: A degree in health information management, health informatics, information systems, cybersecurity, compliance, risk, or law, plus relevant work experience.
• Credential-based: Holding a recognized privacy, security, or HIM credential (for example, RHIA or RHIT) with documented practice in privacy and security functions.
• Experience-based: Several years of progressive responsibility in roles that manage PHI governance, compliance, or security within healthcare settings.

What counts as qualifying experience

• Building and maintaining privacy and security programs, policies, training, and governance.
• Conducting risk analysis, implementing safeguards, and overseeing access management and auditing.
• Leading incident response and breach notification activities across clinical and business operations.
• Managing vendor/BAA oversight, data sharing, and interoperability risks tied to health informatics standards.
• Driving compliance with HIPAA/HITECH and applicable state regulations in hospitals, clinics, payers, or health tech firms.

If your role clearly maps to CHPS domains and demonstrates sustained impact, you likely meet the intent; confirm details against current AHIMA certification policies.

CHPS Exam Structure and Content

Delivery options and format

The exam is computer-based and available at approved test centers or via a secure remote proctored examination. You must present valid identification and follow strict testing rules and confidentiality agreements.

Question types and timing

Expect multiple-choice and scenario-driven items that test judgment across real-world privacy and security decisions. You may encounter a small number of unscored pretest items mixed in. Total testing time is designed to allow careful reading and review within a single sitting.

Core content domains

• Privacy program management: governance, policies, workforce training, minimum necessary, de-identification, disclosures.
• Security program management: risk analysis, administrative/physical/technical safeguards, identity and access, encryption, monitoring.
• Regulatory compliance and auditing: HIPAA/HITECH, state laws, documentation, internal audits, remediation, OCR readiness.
• Information governance and lifecycle: data classification, retention and destruction, release of information, records integrity.
• Incident and breach response: investigation, risk-of-harm assessments, notification, corrective actions, lessons learned.
• Third-party risk and technology enablement: BAAs, cloud and telehealth considerations, alignment with health informatics standards.

Success hinges on applying principles to nuanced scenarios—selecting the best action, not just a correct statement.

Application Process and Fees

Step-by-step application

1. Confirm eligibility against current AHIMA certification policies and gather documentation (transcripts, résumé, or credential proof).
2. Create or update your AHIMA account and complete the CHPS application.
3. Pay the exam fee and submit any required materials.
4. Receive your authorization to test (ATT) with scheduling instructions.
5. Schedule at a test center or choose a remote proctored examination slot.
6. Review exam-day rules and technical requirements if testing remotely.
7. Sit for the exam, receive your result notification, and follow any post-exam steps.

Fees and practical considerations

Exam pricing varies by AHIMA membership status and location. Nonmembers typically pay a higher rate. Budget for the base exam fee plus potential costs for rescheduling, retakes, or international test delivery. Many employers reimburse fees; confirm your organization’s policy.

Preparation Strategies for the CHPS Exam

Build a focused study plan

Pick a target date and commit to consistent study blocks over 6–8 weeks. Start with the exam blueprint, identify your strongest and weakest domains, and prioritize practice in scenario-based decision making.

• Weeks 1–2: Blueprint review, resource gathering, baseline self-assessment, and goal setting.
• Weeks 3–5: Deep dives by domain; write or refine sample policies, risk analyses, and incident playbooks.
• Weeks 6–7: Full-length practice sets, spaced repetition, and targeted remediation.
• Final week: Light review, exam-day logistics check, rest and readiness.

Master the core knowledge

• HIPAA Privacy, Security, and Breach Notification Rules, plus common state-law variations.
• Risk analysis and safeguards, access controls, monitoring, and incident response leadership.
• Information governance, release of information, retention, and data lifecycle controls.
• Vendor risk management, cloud/telehealth, and integration points with health informatics standards.

Study methods that work

• Map each blueprint task to actionable activities from your workplace or case studies.
• Create policy one-pagers and checklists you can mentally “carry” into scenarios.
• Use practice questions to refine pacing and eliminate distractors under time pressure.
• Teach-back concepts to a peer; explaining forces clarity and reveals gaps.

Exam-day tactics

• Budget time per question and flag items to revisit; avoid getting stuck early.
• Use “best practice” thinking—prefer options that satisfy compliance, mitigate risk, and are operationally feasible.
• Watch for absolutes and red flags (e.g., ignoring minimum necessary or bypassing risk analysis).

Maintaining CHPS Certification

CHPS is maintained on a recurring cycle by earning continuing education units CEUs and submitting recertification on time. Activities should align with the CHPS domains and reflect current practice in privacy, security, compliance, and HIM.

Plan and document your CEUs

• Build an annual CEU plan that mixes conferences, webinars, academic coursework, publishing, or teaching.
• Ensure a meaningful portion directly strengthens healthcare privacy management and healthcare security compliance.
• Track certificates, agendas, and learning outcomes to streamline audits.
• Submit recertification and fees before your cycle ends; late actions may require additional steps.

If your credential lapses, reinstatement or retesting options may apply under AHIMA certification policies; verify your specific path and deadlines.

Role and Benefits of CHPS Credential

CHPS demonstrates that you can translate regulations into workable programs, advise leadership, and coordinate across clinical, IT, legal, and compliance teams. It is especially valued for roles that steward PHI and enterprise risk.

• Career impact: Strengthens candidacy for privacy officer, security leader, HIM director, or compliance manager roles.
• Organizational value: Elevates risk posture, audit readiness, and culture through standardized practices and metrics.
• Professional credibility: A respected health information management credential that complements horizontal certs.

For employers, CHPS-backed leaders accelerate policy adoption, vendor oversight, and incident readiness—reducing exposure while enabling secure data use.

Overview of AHIMA's CHPS Program

Administered by AHIMA, CHPS targets professionals who lead privacy and security in healthcare delivery, payers, and digital health. The program evolves to reflect regulatory updates, technology shifts, and emerging risks.

• Structured eligibility options tied to education, credentials, and professional experience.
• Continuous application with flexible scheduling at test centers or via remote proctored examination.
• Clear exam rules, identification requirements, and accommodations processes.
• Transparent scoring and retake policies governed by AHIMA certification policies.
• Digital badging and proper use of post-nominals to represent the credential professionally.

Conclusion

CHPS validates your ability to design, operate, and mature privacy and security programs that keep PHI safe and compliant. Map your background to eligibility, schedule the exam, study the blueprint with real-world scenarios, and maintain your edge with focused CEUs. With a clear plan, you can earn and sustain this credential and amplify your impact.

FAQs

What are the eligibility requirements for CHPS certification?

You qualify by meeting AHIMA certification policies that combine education, experience, or recognized credentials. Most candidates present a relevant degree and documented responsibilities in privacy, security, compliance, or HIM—or equivalent experience demonstrating program leadership and impact.

How is the CHPS exam structured?

The computer-based exam features multiple-choice and scenario-driven items delivered at test centers or through a remote proctored examination. It covers privacy and security program management, regulatory compliance, information governance, incident response, and third-party risk, with timing designed for a single sitting.

What is the recertification process for CHPS?

You maintain CHPS by earning continuing education units CEUs each cycle, aligning learning to CHPS domains, retaining documentation for potential audits, and submitting recertification and fees by your deadline. If you lapse, reinstatement or retesting rules apply under AHIMA certification policies.

How much does the CHPS exam cost?

Fees vary by membership and location; members typically pay less than nonmembers. Plan for the base exam fee plus potential costs for rescheduling, retakes, or international testing. Many employers offer tuition or certification reimbursement—check your organization’s benefits.