1|P a g e
UHC ETHICS AND COMPLIANCE EXAM
ALL QUESTIONS AND CORRECT
DETAILED ANSWERS WITH
RATIONALES TOP RATED VERSION
FOR 2026-2027 ALREADY A GRADED
WITH EXPERT FEEDBACK | NEW AND
REVISED
1. A UHC employee discovers a coworker accessing patient records
without a work-related reason. What is the most appropriate
action?
A. Ignore it if no harm occurred
B. Confront the coworker privately
C. Report the incident through the compliance or privacy
reporting channel
D. Document it only if the coworker repeats the behavior
Rationale: Unauthorized access to PHI is a privacy violation and
must be reported promptly through established compliance
channels.
2. Which principle best guides ethical decision-making in UHC’s
Code of Conduct?
A. Profit maximization
B. Personal discretion
,2|P a g e
C. Integrity and accountability
D. Managerial preference
Rationale: UHC emphasizes integrity and accountability as core
ethical principles guiding all decisions.
3. A provider submits claims for services not documented in the
medical record. This practice is best described as:
A. Waste
B. Abuse
C. Fraud
D. Coding variance
Rationale: Billing for undocumented services constitutes
intentional misrepresentation, meeting the definition of fraud.
4. Under HIPAA, which information is considered Protected Health
Information (PHI)?
A. De-identified aggregate data
B. Employee ID numbers
C. Individually identifiable health information
D. Public health statistics
Rationale: PHI includes individually identifiable health
information related to care or payment.
5. What is the primary purpose of UHC’s compliance program?
A. Reduce operational costs
B. Enforce managerial authority
C. Prevent, detect, and correct violations of law and policy
D. Replace legal counsel
Rationale: Compliance programs are designed to prevent, detect,
and correct noncompliance.
6. A gift from a vendor valued above policy limits should be:
A. Accepted discreetly
B. Shared with the team
C. Declined or reported according to policy
D. Donated without disclosure
Rationale: Gifts above limits create conflicts of interest and must
be declined or disclosed.
, 3|P a g e
7. Which law primarily addresses false or fraudulent claims to the
government?
A. HIPAA
B. Stark Law
C. False Claims Act
D. EMTALA
Rationale: The False Claims Act imposes liability for submitting
false claims for government funds.
8. Retaliation against an employee who reports a compliance concern
is:
A. Permitted with HR approval
B. Acceptable if unproven
C. Strictly prohibited
D. Discouraged but allowed
Rationale: Non-retaliation is a cornerstone of effective
compliance programs.
9. A clinician posts patient details on social media without identifiers.
This is:
A. Acceptable education
B. Allowed with consent
C. Potentially a privacy violation
D. Encouraged transparency
Rationale: Even without identifiers, context may reveal identity,
risking privacy violations.
10. Which entity enforces HIPAA Privacy Rule compliance?
A. CMS
B. DOJ
C. Office for Civil Rights (OCR)
D. FTC
Rationale: OCR within HHS enforces HIPAA privacy and
security rules.
11. Upcoding refers to:
A. Correcting coding errors
B. Billing for a higher-level service than provided
C. Using outdated codes
UHC ETHICS AND COMPLIANCE EXAM
ALL QUESTIONS AND CORRECT
DETAILED ANSWERS WITH
RATIONALES TOP RATED VERSION
FOR 2026-2027 ALREADY A GRADED
WITH EXPERT FEEDBACK | NEW AND
REVISED
1. A UHC employee discovers a coworker accessing patient records
without a work-related reason. What is the most appropriate
action?
A. Ignore it if no harm occurred
B. Confront the coworker privately
C. Report the incident through the compliance or privacy
reporting channel
D. Document it only if the coworker repeats the behavior
Rationale: Unauthorized access to PHI is a privacy violation and
must be reported promptly through established compliance
channels.
2. Which principle best guides ethical decision-making in UHC’s
Code of Conduct?
A. Profit maximization
B. Personal discretion
,2|P a g e
C. Integrity and accountability
D. Managerial preference
Rationale: UHC emphasizes integrity and accountability as core
ethical principles guiding all decisions.
3. A provider submits claims for services not documented in the
medical record. This practice is best described as:
A. Waste
B. Abuse
C. Fraud
D. Coding variance
Rationale: Billing for undocumented services constitutes
intentional misrepresentation, meeting the definition of fraud.
4. Under HIPAA, which information is considered Protected Health
Information (PHI)?
A. De-identified aggregate data
B. Employee ID numbers
C. Individually identifiable health information
D. Public health statistics
Rationale: PHI includes individually identifiable health
information related to care or payment.
5. What is the primary purpose of UHC’s compliance program?
A. Reduce operational costs
B. Enforce managerial authority
C. Prevent, detect, and correct violations of law and policy
D. Replace legal counsel
Rationale: Compliance programs are designed to prevent, detect,
and correct noncompliance.
6. A gift from a vendor valued above policy limits should be:
A. Accepted discreetly
B. Shared with the team
C. Declined or reported according to policy
D. Donated without disclosure
Rationale: Gifts above limits create conflicts of interest and must
be declined or disclosed.
, 3|P a g e
7. Which law primarily addresses false or fraudulent claims to the
government?
A. HIPAA
B. Stark Law
C. False Claims Act
D. EMTALA
Rationale: The False Claims Act imposes liability for submitting
false claims for government funds.
8. Retaliation against an employee who reports a compliance concern
is:
A. Permitted with HR approval
B. Acceptable if unproven
C. Strictly prohibited
D. Discouraged but allowed
Rationale: Non-retaliation is a cornerstone of effective
compliance programs.
9. A clinician posts patient details on social media without identifiers.
This is:
A. Acceptable education
B. Allowed with consent
C. Potentially a privacy violation
D. Encouraged transparency
Rationale: Even without identifiers, context may reveal identity,
risking privacy violations.
10. Which entity enforces HIPAA Privacy Rule compliance?
A. CMS
B. DOJ
C. Office for Civil Rights (OCR)
D. FTC
Rationale: OCR within HHS enforces HIPAA privacy and
security rules.
11. Upcoding refers to:
A. Correcting coding errors
B. Billing for a higher-level service than provided
C. Using outdated codes
