- What Are CHC and CHPC?
- CHC Deep Dive: Domains, Format, and Focus
- CHPC Deep Dive: Privacy-First Scope
- Side-by-Side Comparison
- Who Hires CHC-Credentialed Professionals?
- What CHC Candidates Must Actually Master
- Building a Domain-Driven Study Plan
- Making the Call: CHC, CHPC, or Both?
- Frequently Asked Questions
- CHC covers seven specific domains-from Standards and Policies to Investigations and Remediation-making it the broadest healthcare compliance credential...
- CHPC focuses narrowly on healthcare privacy; CHC encompasses the full compliance program lifecycle including auditing, discipline, and enforcement.
- Employers seeking a Chief Compliance Officer or Compliance Program Director almost universally prefer or require the CHC credential.
- CHC exam questions test applied judgment across real compliance scenarios, not just regulatory recall-scenario-based prep is essential.
What Are CHC and CHPC?
If you work in healthcare compliance and you're weighing credentials, two designations come up constantly: the Certified in Healthcare Compliance (CHC) and the Certified in Healthcare Privacy Compliance (CHPC). Both are issued by the Health Care Compliance Association (HCCA) and recognized across the industry. But they are not interchangeable, and choosing the wrong one for your career stage or job function is a costly mistake-both in time and exam fees.
The core distinction is scope. CHC is a comprehensive credential that validates your ability to design, administer, and oversee an entire compliance program. CHPC is a specialized credential aimed at professionals whose day-to-day work centers on healthcare privacy-primarily HIPAA Privacy Rule obligations, data governance, and patient information protections. One is a wide lens; the other is a zoom lens.
This article breaks down exactly what each exam tests, who hires for each credential, and how to decide which one-or which order-makes the most sense for where you are right now.
CHC Deep Dive: Domains, Format, and Focus
The Certified in Healthcare Compliance exam is built around seven domains that together describe the complete architecture of a functioning healthcare compliance program. Understanding these domains isn't just about passing the exam-it's a map of everything a compliance professional is responsible for in practice.
Domain 1: Standards, Policies, and Procedures
This domain tests your understanding of how organizations translate regulatory requirements into internal standards. Candidates must know how to develop, maintain, and communicate written policies that satisfy OIG guidance, CMS conditions of participation, and other governing frameworks.
- Code of conduct development and distribution
- Policy hierarchy and approval workflows
- Aligning internal standards with federal and state law
Domain 2: Compliance Program Administration and Oversight
This domain focuses on the structural and governance aspects of compliance programs-reporting relationships, board oversight, compliance committee function, and the role of the compliance officer. It's the domain most directly tied to leadership responsibilities.
- Compliance officer independence and authority
- Board and executive engagement with compliance
- Resource allocation and program infrastructure
Domain 3: Screening and Evaluation
Candidates must understand exclusion screening obligations under the OIG and GSA databases, background check requirements, and ongoing monitoring of workforce members and vendors.
- OIG and SAM.gov exclusion list screening
- Frequency and documentation of screening activities
- Vendor and contractor screening programs
Domain 4: Communication, Education, and Training
Effective compliance programs require more than written policies-they demand ongoing education. This domain covers how to design training curricula, measure comprehension, and create communication strategies that reach all levels of the organization.
- Risk-based training prioritization
- General versus role-specific compliance education
- Tracking training completion and attestation
Domain 5: Monitoring, Auditing, and Internal Reporting Systems
This is among the most technically demanding domains. It tests your ability to design audit work plans, conduct compliance monitoring, and establish anonymous reporting mechanisms such as hotlines.
- Difference between monitoring and auditing
- Risk assessment methodologies for audit planning
- Hotline design, intake, and tracking
Domain 6: Discipline, Incentives, and Enforcement
This domain examines how organizations hold employees accountable for compliance violations while also using positive reinforcement to build a culture of integrity. Consistency in discipline is a recurring exam theme.
- Progressive discipline frameworks
- Non-retaliation policies and protections
- Incentive programs that reinforce compliance behavior
Domain 7: Investigations and Remediation
When something goes wrong, compliance professionals must respond decisively. This domain covers how to conduct internal investigations, document findings, self-disclose to the government when required, and implement corrective action plans.
- Investigation planning and evidence preservation
- OIG and CMS self-disclosure protocols
- Corrective action plan (CAP) development and tracking
The CHC exam uses scenario-based multiple-choice questions. Rather than asking you to recall a statute, questions present a situation-a compliance officer discovers a billing irregularity, a hotline report comes in about a physician-and ask what the appropriate next step is. This format rewards candidates who understand the why behind compliance requirements, not just the what. Practicing with realistic scenarios is the single most important thing you can do in preparation. The CHC Exam Prep practice test platform is built specifically around this scenario-driven format.
CHPC Deep Dive: Privacy-First Scope
The Certified in Healthcare Privacy Compliance credential is designed for professionals who live inside the HIPAA ecosystem daily. If you manage a privacy program, respond to patient rights requests, conduct privacy risk analyses, or serve as a facility's designated Privacy Officer, CHPC validates that specialized skill set.
The CHPC exam covers areas including HIPAA Privacy Rule and Security Rule fundamentals, state privacy law interactions, breach notification obligations, business associate agreement management, and patient rights administration. It goes deep into these topics in a way the CHC does not-but it does not address coding compliance, Stark Law, Anti-Kickback Statute, fraud and abuse, or the broader programmatic infrastructure that CHC covers.
Side-by-Side Comparison
| Feature | CHC | CHPC |
|---|---|---|
| Issuing Body | HCCA | HCCA |
| Primary Focus | Full compliance program administration | Healthcare privacy and HIPAA |
| Exam Domains | 7 domains (Standards through Investigations) | Privacy-specific domains (HIPAA, state law, breach) |
| Question Style | Scenario-based multiple choice | Scenario-based multiple choice |
| Best For | Compliance Officers, Program Directors, CCOs | Privacy Officers, HIPAA Specialists |
| Career Breadth | High-applicable across all healthcare settings | Moderate-most valuable in privacy-focused roles |
| Complements | CHPC, CPC, CHRC | CHC (often pursued second) |
Who Hires CHC-Credentialed Professionals?
The CHC credential is recognized and actively requested across virtually every segment of the healthcare industry. That breadth is one of its most valuable characteristics.
Hospital systems and health systems are the most common employers. Large integrated delivery networks often require CHC for compliance officer roles and may offer credentialing support or exam fee reimbursement for employees pursuing it. The seven-domain structure maps almost perfectly onto what a hospital compliance department does every day-from policy governance (Domain 1) to investigating physician concerns (Domain 7).
Health plans and managed care organizations hire CHC holders for roles overseeing Medicare Advantage compliance, Medicaid managed care, and first-tier, downstream, and related entity (FDR) oversight requirements. Domain 2's focus on program administration and oversight directly applies to the CMS compliance program requirements these organizations must meet.
Physician groups and ambulatory care settings increasingly look for CHC credentials as compliance complexity has grown. Stark Law, the Anti-Kickback Statute, and split/shared billing rules require the kind of applied expertise the CHC validates.
Consulting firms and advisory practices that serve healthcare clients value CHC because it signals competency across the full compliance spectrum-useful when consulting across multiple client types simultaneously.
For a detailed look at what employers are actually posting and what compensation looks like across these settings, the Healthcare Compliance Officer Job Requirements and Salary article provides useful context without invented figures.
What CHC Candidates Must Actually Master
Passing the CHC is not a matter of memorizing regulations. The exam is specifically designed to test whether you can apply compliance principles in realistic situations. Here is what that means for each of the seven domains in practice.
For Domain 1, expect questions that ask you to identify what's missing from a policy, or what step a compliance officer should take when an existing policy conflicts with new regulatory guidance. You must understand the policy development lifecycle, not just that policies exist.
For Domain 2, questions frequently test governance structures. Can the compliance officer be supervised by the General Counsel and still function independently? What does meaningful board oversight look like versus rubber-stamp approval? These are judgment questions.
Domain 3 questions will present scenarios where an employee, contractor, or vendor wasn't screened properly-and ask what the organization's obligation is. Know the difference between what's required versus what's best practice, and understand the timing requirements for screening.
Domain 4 questions often involve identifying gaps in training programs. An organization trains only new hires, not existing employees. A training was delivered to clinical staff but not to billing staff who have equal exposure to a risk area. You need to recognize these gaps and know how to address them.
For Domain 5, candidates must be comfortable distinguishing monitoring (ongoing, routine) from auditing (periodic, structured). Questions may ask you to interpret a work plan or respond to an audit finding. This domain rewards candidates who have real-world exposure to audit mechanics.
Domain 6 questions often involve edge cases: What happens when a manager who violated policy is also the one who reported the violation? How do you apply discipline consistently when two employees committed similar violations under different supervisors? Consistency and non-retaliation are the anchoring concepts.
Domain 7 is where many candidates feel least prepared. Investigation protocol, privilege considerations, self-disclosure decisions, and remediation planning all appear here. Practicing with the CHC Exam Prep practice tests on investigation scenarios is especially valuable for this domain.
Key Takeaway
Domains 5 and 7 (Monitoring/Auditing and Investigations/Remediation) consistently challenge candidates without direct audit or investigation experience. Weight your study time toward these domains if your current role doesn't involve them regularly.
Building a Domain-Driven Study Plan
A generic eight-week study schedule won't serve CHC candidates well because the seven domains vary significantly in complexity and weight. A more effective approach assigns domains to weeks based on difficulty and your own experience gaps.
Domain 1 & 2 - Standards, Policies, and Program Administration
- Review OIG Compliance Program Guidance documents for your sector
- Map the Seven Elements of an Effective Compliance Program to Domain 2's concepts
- Practice 20 scenario questions on policy development and governance
Domain 3 & 4 - Screening, Education, and Training
- Study OIG exclusion screening requirements and SAM.gov processes
- Design a sample training program for a billing department
- Practice identifying training program gaps in scenario questions
Domain 5 - Monitoring, Auditing, and Internal Reporting
- Study monitoring versus auditing distinctions in depth
- Review hotline program best practices and intake documentation
- Work through audit work plan scenarios-this domain warrants extra time
Domain 6 & 7 - Discipline, Investigations, and Remediation
- Review non-retaliation frameworks and consistent discipline principles
- Study OIG self-disclosure protocol and CMS Voluntary Self-Referral Disclosure Protocol
- Practice investigation scenario questions heavily-these are high-difficulty items
Full Practice Exams and Weak Domain Remediation
- Take timed full-length practice exams to simulate exam conditions
- Identify domains with the lowest practice scores and revisit them
- Use spaced repetition for regulatory details (statute names, agency roles)
The Pomodoro technique-focused 25-minute blocks with short breaks-works well for Domains 5 and 7 specifically because these domains require deep concentration on complex process questions. Pair it with the Feynman approach (explaining an investigation process out loud as if teaching it) to surface gaps in your understanding before the exam does.
Making the Call: CHC, CHPC, or Both?
If your current or target role is in broad compliance program administration-compliance officer, compliance director, CCO, compliance analyst working across multiple risk areas-CHC is the right first credential. Its seven-domain structure validates the full range of your responsibilities and signals readiness for program leadership.
If your role is specifically and primarily privacy-focused-HIPAA Privacy Officer, Privacy Analyst, Privacy Program Manager-CHPC may be the more immediately relevant credential. It goes deeper into the privacy-specific knowledge that defines your daily work.
Many experienced compliance professionals ultimately pursue both. The most common sequence is CHC first, then CHPC-because CHC's broader foundation makes the privacy-specific content in CHPC easier to contextualize within a compliance program framework. Some privacy specialists do it in the reverse order, adding CHC after establishing their privacy credentials.
If you're still researching the full landscape of what this career path looks like-including experience requirements and compensation patterns-reviewing what's covered in CHC vs CHPC: Which Certification Is Right for You alongside employer job postings will give you the clearest picture of where each credential carries the most weight.
The bottom line: don't let the choice paralyze you. Either credential advances your career over holding none. But if you have genuine uncertainty, the CHC's broader scope and stronger association with program leadership roles makes it the more strategically versatile starting point for most compliance professionals. Start building your exam readiness today with CHC Exam Prep's practice tests-the fastest way to understand where you stand across all seven domains.
Frequently Asked Questions
Yes. Many healthcare compliance professionals hold both credentials. The most common approach is earning CHC first to establish a broad compliance foundation, then adding CHPC to demonstrate specialized privacy expertise. Some professionals pursue CHPC first if their current role is exclusively privacy-focused.
Neither is universally harder; difficulty depends on your background. Candidates with broad compliance program experience often find the CHC more aligned with what they already do daily, making it feel more manageable. Candidates with deep HIPAA and privacy experience may find CHPC more intuitive. Both exams use scenario-based questions that require applied judgment rather than pure recall.
CHC touches on HIPAA concepts-particularly within Domain 1 (Standards and Policies) and Domain 5 (Monitoring and Auditing)-but does not go into the depth that CHPC does. CHC treats HIPAA as one of many regulatory frameworks a compliance program must address, rather than the central focus of examination.
Most hospital system job postings for compliance officers and compliance directors list CHC as the preferred or required credential. CHPC is more commonly listed for privacy officer, privacy analyst, and HIPAA specialist roles. If you're targeting a hospital compliance officer position, CHC is the more directly relevant credential to pursue first.
Start with the domains most relevant to your current work-you'll move through them faster and build confidence. Then prioritize Domains 5 and 7 (Monitoring/Auditing and Investigations/Remediation) regardless of your experience level, as these domains present the most scenario-based complexity and are common sources of difficulty for exam candidates.