CERTIFIED HEALTHCARE CONSTRUCTOR (CHC) 2024 PRACTICE
EXAM QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED
ANSWERS) |ALREADY GRADED A+
You are the new compliance officer at an institution with an already established compliance
committee. Which committee members' professional background would beMOST valuable in
performing audit activities?
a. Legal Counsel
b. Business Management
c. Chief Financial Officer
d. Bio-Medical Engineer - ANSWER-b. Business Management
Explanation: It may be appropriate to designate a vendor oversight function for third party
relationships to monitor elements of the supply chain, provide a central point forenterprise
vendor issues, and set standards for training, tools, and monitoring.
Ref: HCPG Auditing and Monitoring 3460.30.40.60
A covered entity must obtain the patient's written authorization for any use or disclosureof
protected health information (PHI) in which circumstances?
a. Marketing activities
b. Research
c. PHI sales and licensing
d. Information sharing needed for treatmente.
A and C only
f. All of the above - ANSWER-e. A and C only
Ref. Permitted Uses and Disclosures section - https://www.hhs.gov/hipaa/for-
professionals/privacy/laws-regulations/index.html
Protected health information (PHI) is considered de-identified by HIPAA Privacy Rule
,standards by:
a. absence of actual knowledge by the covered entity that the remaining information
could be used alone or in combination with other information to identify the individual b.
removal of only patient name and date of birth
c. a formal determination by a qualified expert
d. the removal of 18 specified individual identifierse.
A, C and D
f. All of the answers - ANSWER-e. A, C and D
The Privacy Rule provides two de-identification methods: 1) a formal determination by a
qualified expert; or 2) the removal of specified individual identifiers as well as absence of
actual knowledge by the covered entity that the remaining information could be used alone
or in combination with other information to identify the individual.
Ref. https://www.hhs.gov/hipaa/for-professionals/privacy/special-
topics/de-identification/index.html#preparation
A health care provider wants to disclose protected health information (PHI) about astudent
to a school nurse or physician. Does the HIPAA Privacy Rule allow this?
Yes. The HIPAA Privacy Rule allows covered health care providers to disclose PHI about
students to school nurses, physicians, or other health care providers for treatment
purposes, without the authorization of the student or student's parent.
OR
No. The HIPAA Privacy Rule mandates parental consent in this case. - ANSWER-Yes!
A compliance professional has been working with a department director to implement anew
policy regarding timely completion of medical records. Which of the following should be
completed by the department manager to promote compliance with the new policy?
a. Statistically valid sampling auditb.
Monitoring
c. Discovery Audit
d. Retrospective Audit - ANSWER-b. Monitoring
For monitoring activities, OIG uses the term regularly to describe the frequency of
review. Which factors should an organization consider when establishing a frequency
,schedule for monitoring:
a. Timing of staff job performance evaluations, how often compliance training is
provided, whenever computer upgrades occur, and how many new employees werehired
in the target department.
b. Size of organization, frequency of the activity being monitored, past incidences of
misconduct, and current/future - ANSWER-b. Size of organization, frequency of the
activity being monitored, past incidences of misconduct, and current/future
investigations.
Ref. Healthcare Compliance Professional's Manual
What is an important first step in creating a compliance team or improving the
effectiveness of an existing one?
a) Making sure senior management has the time and other resources necessary to
promote and carry out compliance improvements
b) Give the CCO the authority to reconcile, standardize, and modify policies where
appropriate.
c) Place the organization's CCO on the senior management team
d) None of the above - ANSWER-c) Place the organization's CCO on the senior
management team.
Explanation: This comes straight form Chapter 1 of the Auditing and Monitoring book 2nd
ed. Without being placed on the senior management team, the CCO is unable to effectively
carry out the duties and responsibilities of the office.
An employee has violated the non-retaliation policy, he has spread rumors aboutemployee
who reported him. The compliance professional's first action is to:
a. Create formal hearing for the violator
, b. Pursue legal consequence against violator before pursuing work consequences c.
Recommend disciplinary actions against the violator of the non-retaliation policy
d. Dismiss both employees from work - ANSWER-c. Recommend disciplinary actions
against the violator of the non-retaliation policy
There is no established template for documenting compliance risks. Each organization
should develop a Risk Assessment that fits its risk profile. The components that are
commonly used throughout the industry are as follows EXCEPT:
a. Risk Assessment
b. Measuring key risk indicators
c. Identifying key performance indicators
d. Training the leadership of compliance regulation program - ANSWER-d. Training the
leadership of compliance regulation program
Ref. ABA CRCM (certified regulatory compliance manager)
After a compliance officer develops a base of knowledge, he/she must begin the art of
applying regulations in a risk management environment. Which of the following is NOT out of
a few things to be kept in mind when determining what to do FIRST?
a. think practically about your role as an advisor, involve all department units in the
decision process rather than making decisions from them
b. calculate the organization's consolidated risk profile
c. make sure you understand the level of risk that th - ANSWER-b. calculate the
organization's consolidated risk profile (determine risk tolerance)
Ref. ABA CRCM (certified regulatory compliance manager)
To be effective, compliance risk management professionals must design a framework to
ensure that management understands the risks and steps to take to mitigate them. The
many roles compliance professionals fill incorporate risk management aspects including:
a. overseeing compliance training targeting higher risk areas
b. tracking regulatory proposals or final rules to understand new risksc.
both a and b - ANSWER-c. both a and b
Ref. ABA CRCM (certified regulatory compliance manager)
EXAM QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED
ANSWERS) |ALREADY GRADED A+
You are the new compliance officer at an institution with an already established compliance
committee. Which committee members' professional background would beMOST valuable in
performing audit activities?
a. Legal Counsel
b. Business Management
c. Chief Financial Officer
d. Bio-Medical Engineer - ANSWER-b. Business Management
Explanation: It may be appropriate to designate a vendor oversight function for third party
relationships to monitor elements of the supply chain, provide a central point forenterprise
vendor issues, and set standards for training, tools, and monitoring.
Ref: HCPG Auditing and Monitoring 3460.30.40.60
A covered entity must obtain the patient's written authorization for any use or disclosureof
protected health information (PHI) in which circumstances?
a. Marketing activities
b. Research
c. PHI sales and licensing
d. Information sharing needed for treatmente.
A and C only
f. All of the above - ANSWER-e. A and C only
Ref. Permitted Uses and Disclosures section - https://www.hhs.gov/hipaa/for-
professionals/privacy/laws-regulations/index.html
Protected health information (PHI) is considered de-identified by HIPAA Privacy Rule
,standards by:
a. absence of actual knowledge by the covered entity that the remaining information
could be used alone or in combination with other information to identify the individual b.
removal of only patient name and date of birth
c. a formal determination by a qualified expert
d. the removal of 18 specified individual identifierse.
A, C and D
f. All of the answers - ANSWER-e. A, C and D
The Privacy Rule provides two de-identification methods: 1) a formal determination by a
qualified expert; or 2) the removal of specified individual identifiers as well as absence of
actual knowledge by the covered entity that the remaining information could be used alone
or in combination with other information to identify the individual.
Ref. https://www.hhs.gov/hipaa/for-professionals/privacy/special-
topics/de-identification/index.html#preparation
A health care provider wants to disclose protected health information (PHI) about astudent
to a school nurse or physician. Does the HIPAA Privacy Rule allow this?
Yes. The HIPAA Privacy Rule allows covered health care providers to disclose PHI about
students to school nurses, physicians, or other health care providers for treatment
purposes, without the authorization of the student or student's parent.
OR
No. The HIPAA Privacy Rule mandates parental consent in this case. - ANSWER-Yes!
A compliance professional has been working with a department director to implement anew
policy regarding timely completion of medical records. Which of the following should be
completed by the department manager to promote compliance with the new policy?
a. Statistically valid sampling auditb.
Monitoring
c. Discovery Audit
d. Retrospective Audit - ANSWER-b. Monitoring
For monitoring activities, OIG uses the term regularly to describe the frequency of
review. Which factors should an organization consider when establishing a frequency
,schedule for monitoring:
a. Timing of staff job performance evaluations, how often compliance training is
provided, whenever computer upgrades occur, and how many new employees werehired
in the target department.
b. Size of organization, frequency of the activity being monitored, past incidences of
misconduct, and current/future - ANSWER-b. Size of organization, frequency of the
activity being monitored, past incidences of misconduct, and current/future
investigations.
Ref. Healthcare Compliance Professional's Manual
What is an important first step in creating a compliance team or improving the
effectiveness of an existing one?
a) Making sure senior management has the time and other resources necessary to
promote and carry out compliance improvements
b) Give the CCO the authority to reconcile, standardize, and modify policies where
appropriate.
c) Place the organization's CCO on the senior management team
d) None of the above - ANSWER-c) Place the organization's CCO on the senior
management team.
Explanation: This comes straight form Chapter 1 of the Auditing and Monitoring book 2nd
ed. Without being placed on the senior management team, the CCO is unable to effectively
carry out the duties and responsibilities of the office.
An employee has violated the non-retaliation policy, he has spread rumors aboutemployee
who reported him. The compliance professional's first action is to:
a. Create formal hearing for the violator
, b. Pursue legal consequence against violator before pursuing work consequences c.
Recommend disciplinary actions against the violator of the non-retaliation policy
d. Dismiss both employees from work - ANSWER-c. Recommend disciplinary actions
against the violator of the non-retaliation policy
There is no established template for documenting compliance risks. Each organization
should develop a Risk Assessment that fits its risk profile. The components that are
commonly used throughout the industry are as follows EXCEPT:
a. Risk Assessment
b. Measuring key risk indicators
c. Identifying key performance indicators
d. Training the leadership of compliance regulation program - ANSWER-d. Training the
leadership of compliance regulation program
Ref. ABA CRCM (certified regulatory compliance manager)
After a compliance officer develops a base of knowledge, he/she must begin the art of
applying regulations in a risk management environment. Which of the following is NOT out of
a few things to be kept in mind when determining what to do FIRST?
a. think practically about your role as an advisor, involve all department units in the
decision process rather than making decisions from them
b. calculate the organization's consolidated risk profile
c. make sure you understand the level of risk that th - ANSWER-b. calculate the
organization's consolidated risk profile (determine risk tolerance)
Ref. ABA CRCM (certified regulatory compliance manager)
To be effective, compliance risk management professionals must design a framework to
ensure that management understands the risks and steps to take to mitigate them. The
many roles compliance professionals fill incorporate risk management aspects including:
a. overseeing compliance training targeting higher risk areas
b. tracking regulatory proposals or final rules to understand new risksc.
both a and b - ANSWER-c. both a and b
Ref. ABA CRCM (certified regulatory compliance manager)
