HCCA CHC CERTIFIED IN HEALTHCARE
COMPLIANCE EXAM QUESTIONS AND
VERIFIED ANSWERS | REAL 2025/2026
SCENARIOS, MULTIPLE CHOICE
QUESTIONS & ANSWER KEY INCLUDED
When should Code of Conduct be distributed to new employees?
Must be distributed within 90 days of hire
RAT-STATS is: (select all that apply)
a. statistical software to select randomized samples
b. government statistical rule software developed in the 1970s
c. free hospital statistical software
d. recommended by OIG, CMS and other agencies to select random samples
a. b. d.
The software can be used by other entities other than hospitals, so option "c." is not precisely
accurate, but it is free to use and can be downloaded here: https://oig.hhs.gov/compliance/rat-
stats/index.asp
What is the term called for an organization's commitment to compliance by management,
employees, and contractors. Statement should summarize ethical behavior and legal principles
under which the healthcare organization operates?
Code of Conduct
In the course of an audit, you find that disciplinary actions against certain physicians and high
level executives for non-compliance in the organization have been unfair and inconsistent with
current policies & procedures. What is your first course of action
.a. Work with legal counsel to enforce proper disciplinary actions
b. Get HR involved and recommend the use of progressive discipline policies
c. Immediately terminate these individuals
d. Get local and federal labor department involved for unfair discipline.
b. Get HR involved and recommend the use of progressive discipline policies
OIG recommends setting forth the degrees of disciplinary actions. Progressive discipline
,provides a structure and a set of discipline standards for managers/supervisors to follow to ensure
discipline is fair, equitable and consistent.
Documentation
• A&M should be documented
• Findings should be shared with dept managers
• If activity is part of risk priority then compliance committee, senior leadership and board when
necessary
• OIG calls for written evaluation to be presented to CEO, governing body, committee annually
Non-retaliation in compliance - what is important to state in this policy:
For any reporting method to be effective, employees must accept that there will be no retaliation
or retribution for coming forward.
The concept of non-retaliation is fundamental to the compliance program, and a clearly stated
policy regarding non-retribution is the first step.
• anonymous reporting and,
• no retaliation or retribution for bringing forth problems/concerns
Place to start with Enforcement is:
Standards of conduct and P&Ps
For Enforcement and Disciplinary Actions, Policies should include:
1. non-compliant consequences
2. employees duty to report non-compliance
3. list parties responsible for appropriate action
4. outline of disciplinary actions or procedures
5. promise that discipline will be fair and consistent
New Employee Policy - three checks OIG recommends to do/perform:
OIG recommends: perform background checks, reference checks, and exclusion list checks
Which two main documents become tools to build compliance program?
Code of Conduct and P&Ps
You are the new Compliance Officer, hired after ABC Hospital reorganized and decided that the
General Counsel should no longer also serve in that role. Upon review of the Code of Conduct
(CoC), you find that it is written using lots of legal jargon. What action do you take:
a. Keep CoC as it is.
b. Pull a sample off the internet and insert hospital name to save time as it was most likely
written by experts.
c. Rewrite the CoC in plain and concise language tailored to the hospital so employees can use a
,general guidance.
d. Rewrite the CoC with detailed restating hospital's P&Ps, and all laws and regulations possible
so that employees can't say they were not aware of requirements.
c. Rewrite the CoC in plain and concise language tailored to the hospital so employees can use a
general guidance.
Explanation:
• CoC should be clear and concise language easy to understand, and should be tailored to specific
issues of the organization
What is the term called for an organization's commitment to compliance by the board,
management, and employees? It summarizes ethical behavior and legal principles the healthcare
organization operates.
A) Code of Conduct
B) Federal Sentencing Guidelines
C) Internal Controls
A) Code of Conduct
The U.S. Federal Sentencing Commission was organized in , published its initial set of
guidelines manual in (known today as the US Sentencing Guidelines), and included
chapter eight of the Federal Sentencing Guidelines for Organizations in .
a. 1980, 1987, 1999
b. 1985, 1987, 1991
c. 1980, 1985, 1987
d. 1985, 1990, 2001
b. 1985, 1987, 1991
The US Sentencing Guidelines (USSG) can be found here: https://www.ussc.gov/guidelines.
Chapter 8 - Sentencing of organizations, includes Parts A-F (Part B 2.b.1 outlines the
Compliance and Ethics Program)
Expectations have evolved since 1991 when the US Sentencing Guidelines (USSG) were first
drafted highlighting the importance of an effective compliance program (and as a condition of
probation) to help detect criminal conduct (USSG chapter 8B2.1). DOJ has now set higher
expectations for organizations to not only have a designated compliance officer but a well
designed compliance program that is adequately resourced with independent authority function
to work in practice. Which of the following guidelines outlines those expectations:
a. HHS OIG - CPG (Compliance Program Guidance)
b. DOJ ECCP (Evaluation of Corporate Compliancea1Programs)
, c. Monacoa1Memo
d. HHSa1OIGa1-a1CIAa1(Corporatea1Integritya1Agreement)
b.a1DOJa1ECCPa1(Evaluationa1ofa1Corporatea1Compliancea1Programs)
Thea1ECCPa1anda1othera1relateda1guidancea1cana1bea1downloade
da1here:a1https://www.justice.gov/criminal/criminal-fraud/policy-
materials
Thea1mosta1updateda1DOJa1ECCPa1(Evaluationa1ofa1Corporatea1Compliancea1Programs)a1provide
sa1additionala1guidancea1toa1prosecutors.a1Whicha1ofa1thea1followinga1area1includeda1ina1thea1ECC
Pa1revisionsa1(Sepa12024)?
a. expectsa1company'sa1compliancea1programa1toa1includea1safeguardsa1toa1bettera1monitora1an
da1managea1potentiala1compliancea1riska1regardinga1newa1technologiesa1(e.g.,a1A.I.)
b. expectsa1company'sa1toa1integratea1thesea1newa1technologya1relateda1risksa1intoa1broadera1ente
rprisea1riska1managementa1(ERM)a1strategies
c. expandsa1ona1post-
acquisitiona1compliancea1integrationa1anda1usea1ofa1dataa1fora1compliancea1purposes
d. alla1ofa1thea1above
d.a1alla1ofa1thea1above
Thea1privacya1officera1fora1aa1hospitala1hasa1updateda1thea1Noticea1ofa1Privacya1Practices/NPPa1t
oa1reflecta1aa1materiala1changea1becausea1thea1previousa1noticea1dida1nota1havea1aa1descriptiona1t
hata1individualsa1havea1thea1righta1toa1amenda1theira1Protecteda1Healtha1Information.a1Thea13rda1
partya1reviewa1teama1identifieda1thata1thea1noticea1dida1nota1havea1thea1requireda1informationa1toa
1leta1individualsa1knowa1ofa1theira1righta1toa1amenda1PHI.a1What'sa1thea1BESTa1coursea1ofa1actio
na1toa1correcta1deficiency?
A.a1Makea1arrangementsa1toa1maila1thea1newa1NPPa1toa1alla1patientsa1seena1withina1thea1lasta1
yeara1ata1thea1hospital
B.a1Makea1arrangementsa1toa1havea1thea1newa1NPPa1distributeda1toa1newa1patientsa1thata1comea1to
a1thea1hospital
C.a1Posta1aa1copya1ofa1thea1newa1NPPa1ona1thea1hospital'sa1internala1intraneta1soa1thata1alla1employ
eesa1cana1seea1thea1updateda1versiona1ofa1thea1notice
D.a1Meeta1witha1legala1toa1discussa1howa1toa1besta1self-
disclosea1toa1OCRa1thata1thea1hospitala1wasa1ina1violationa1ofa1thea1NPPa1requirementsa1anda1hasa
1sincea1correcteda1thea1deficiency
B.a1Makea1arrangementsa1toa1havea1thea1newa1NPPa1distributeda1toa1newa1patientsa1thata1comea1to
a1thea1hospital
Remember:a1Thea1NPPa1musta1describea1thea1followinga1individuala1
rights:a1https://www.law.cornell.edu/cfr/text/45/164.520
• Thea1righta1toa1requesta1restrictionsa1ona1usesa1ora1disclosuresa1ofa1PHIa1fora1treatment,a1pay
menta1ora1healthcarea1operations;a1fora1usea1ina1aa1facilitya1directorya1(ifa1applicable);a1ora1toa1f
amilya1membersa1anda1othersa1involveda1ina1thea1patient'sa1care;a1however,a1thea1providera1isa1
nota1requireda1toa1agreea1toa1thea1restrictiona1excepta1ina1thea1casea1ofa1aa1disclosurea1toa1aa1hea
COMPLIANCE EXAM QUESTIONS AND
VERIFIED ANSWERS | REAL 2025/2026
SCENARIOS, MULTIPLE CHOICE
QUESTIONS & ANSWER KEY INCLUDED
When should Code of Conduct be distributed to new employees?
Must be distributed within 90 days of hire
RAT-STATS is: (select all that apply)
a. statistical software to select randomized samples
b. government statistical rule software developed in the 1970s
c. free hospital statistical software
d. recommended by OIG, CMS and other agencies to select random samples
a. b. d.
The software can be used by other entities other than hospitals, so option "c." is not precisely
accurate, but it is free to use and can be downloaded here: https://oig.hhs.gov/compliance/rat-
stats/index.asp
What is the term called for an organization's commitment to compliance by management,
employees, and contractors. Statement should summarize ethical behavior and legal principles
under which the healthcare organization operates?
Code of Conduct
In the course of an audit, you find that disciplinary actions against certain physicians and high
level executives for non-compliance in the organization have been unfair and inconsistent with
current policies & procedures. What is your first course of action
.a. Work with legal counsel to enforce proper disciplinary actions
b. Get HR involved and recommend the use of progressive discipline policies
c. Immediately terminate these individuals
d. Get local and federal labor department involved for unfair discipline.
b. Get HR involved and recommend the use of progressive discipline policies
OIG recommends setting forth the degrees of disciplinary actions. Progressive discipline
,provides a structure and a set of discipline standards for managers/supervisors to follow to ensure
discipline is fair, equitable and consistent.
Documentation
• A&M should be documented
• Findings should be shared with dept managers
• If activity is part of risk priority then compliance committee, senior leadership and board when
necessary
• OIG calls for written evaluation to be presented to CEO, governing body, committee annually
Non-retaliation in compliance - what is important to state in this policy:
For any reporting method to be effective, employees must accept that there will be no retaliation
or retribution for coming forward.
The concept of non-retaliation is fundamental to the compliance program, and a clearly stated
policy regarding non-retribution is the first step.
• anonymous reporting and,
• no retaliation or retribution for bringing forth problems/concerns
Place to start with Enforcement is:
Standards of conduct and P&Ps
For Enforcement and Disciplinary Actions, Policies should include:
1. non-compliant consequences
2. employees duty to report non-compliance
3. list parties responsible for appropriate action
4. outline of disciplinary actions or procedures
5. promise that discipline will be fair and consistent
New Employee Policy - three checks OIG recommends to do/perform:
OIG recommends: perform background checks, reference checks, and exclusion list checks
Which two main documents become tools to build compliance program?
Code of Conduct and P&Ps
You are the new Compliance Officer, hired after ABC Hospital reorganized and decided that the
General Counsel should no longer also serve in that role. Upon review of the Code of Conduct
(CoC), you find that it is written using lots of legal jargon. What action do you take:
a. Keep CoC as it is.
b. Pull a sample off the internet and insert hospital name to save time as it was most likely
written by experts.
c. Rewrite the CoC in plain and concise language tailored to the hospital so employees can use a
,general guidance.
d. Rewrite the CoC with detailed restating hospital's P&Ps, and all laws and regulations possible
so that employees can't say they were not aware of requirements.
c. Rewrite the CoC in plain and concise language tailored to the hospital so employees can use a
general guidance.
Explanation:
• CoC should be clear and concise language easy to understand, and should be tailored to specific
issues of the organization
What is the term called for an organization's commitment to compliance by the board,
management, and employees? It summarizes ethical behavior and legal principles the healthcare
organization operates.
A) Code of Conduct
B) Federal Sentencing Guidelines
C) Internal Controls
A) Code of Conduct
The U.S. Federal Sentencing Commission was organized in , published its initial set of
guidelines manual in (known today as the US Sentencing Guidelines), and included
chapter eight of the Federal Sentencing Guidelines for Organizations in .
a. 1980, 1987, 1999
b. 1985, 1987, 1991
c. 1980, 1985, 1987
d. 1985, 1990, 2001
b. 1985, 1987, 1991
The US Sentencing Guidelines (USSG) can be found here: https://www.ussc.gov/guidelines.
Chapter 8 - Sentencing of organizations, includes Parts A-F (Part B 2.b.1 outlines the
Compliance and Ethics Program)
Expectations have evolved since 1991 when the US Sentencing Guidelines (USSG) were first
drafted highlighting the importance of an effective compliance program (and as a condition of
probation) to help detect criminal conduct (USSG chapter 8B2.1). DOJ has now set higher
expectations for organizations to not only have a designated compliance officer but a well
designed compliance program that is adequately resourced with independent authority function
to work in practice. Which of the following guidelines outlines those expectations:
a. HHS OIG - CPG (Compliance Program Guidance)
b. DOJ ECCP (Evaluation of Corporate Compliancea1Programs)
, c. Monacoa1Memo
d. HHSa1OIGa1-a1CIAa1(Corporatea1Integritya1Agreement)
b.a1DOJa1ECCPa1(Evaluationa1ofa1Corporatea1Compliancea1Programs)
Thea1ECCPa1anda1othera1relateda1guidancea1cana1bea1downloade
da1here:a1https://www.justice.gov/criminal/criminal-fraud/policy-
materials
Thea1mosta1updateda1DOJa1ECCPa1(Evaluationa1ofa1Corporatea1Compliancea1Programs)a1provide
sa1additionala1guidancea1toa1prosecutors.a1Whicha1ofa1thea1followinga1area1includeda1ina1thea1ECC
Pa1revisionsa1(Sepa12024)?
a. expectsa1company'sa1compliancea1programa1toa1includea1safeguardsa1toa1bettera1monitora1an
da1managea1potentiala1compliancea1riska1regardinga1newa1technologiesa1(e.g.,a1A.I.)
b. expectsa1company'sa1toa1integratea1thesea1newa1technologya1relateda1risksa1intoa1broadera1ente
rprisea1riska1managementa1(ERM)a1strategies
c. expandsa1ona1post-
acquisitiona1compliancea1integrationa1anda1usea1ofa1dataa1fora1compliancea1purposes
d. alla1ofa1thea1above
d.a1alla1ofa1thea1above
Thea1privacya1officera1fora1aa1hospitala1hasa1updateda1thea1Noticea1ofa1Privacya1Practices/NPPa1t
oa1reflecta1aa1materiala1changea1becausea1thea1previousa1noticea1dida1nota1havea1aa1descriptiona1t
hata1individualsa1havea1thea1righta1toa1amenda1theira1Protecteda1Healtha1Information.a1Thea13rda1
partya1reviewa1teama1identifieda1thata1thea1noticea1dida1nota1havea1thea1requireda1informationa1toa
1leta1individualsa1knowa1ofa1theira1righta1toa1amenda1PHI.a1What'sa1thea1BESTa1coursea1ofa1actio
na1toa1correcta1deficiency?
A.a1Makea1arrangementsa1toa1maila1thea1newa1NPPa1toa1alla1patientsa1seena1withina1thea1lasta1
yeara1ata1thea1hospital
B.a1Makea1arrangementsa1toa1havea1thea1newa1NPPa1distributeda1toa1newa1patientsa1thata1comea1to
a1thea1hospital
C.a1Posta1aa1copya1ofa1thea1newa1NPPa1ona1thea1hospital'sa1internala1intraneta1soa1thata1alla1employ
eesa1cana1seea1thea1updateda1versiona1ofa1thea1notice
D.a1Meeta1witha1legala1toa1discussa1howa1toa1besta1self-
disclosea1toa1OCRa1thata1thea1hospitala1wasa1ina1violationa1ofa1thea1NPPa1requirementsa1anda1hasa
1sincea1correcteda1thea1deficiency
B.a1Makea1arrangementsa1toa1havea1thea1newa1NPPa1distributeda1toa1newa1patientsa1thata1comea1to
a1thea1hospital
Remember:a1Thea1NPPa1musta1describea1thea1followinga1individuala1
rights:a1https://www.law.cornell.edu/cfr/text/45/164.520
• Thea1righta1toa1requesta1restrictionsa1ona1usesa1ora1disclosuresa1ofa1PHIa1fora1treatment,a1pay
menta1ora1healthcarea1operations;a1fora1usea1ina1aa1facilitya1directorya1(ifa1applicable);a1ora1toa1f
amilya1membersa1anda1othersa1involveda1ina1thea1patient'sa1care;a1however,a1thea1providera1isa1
nota1requireda1toa1agreea1toa1thea1restrictiona1excepta1ina1thea1casea1ofa1aa1disclosurea1toa1aa1hea
