1|Page
HCCA CERTIFIED IN HEALTHCARE COMPLIANCE
(CHC) EXAM: UPDATED 2024 PRACTICE QUESTIONS
WITH DETAILED ANSWER EXPLANATIONS.
Your organization recently completed a contemporaneous audit of laboratory billing
practices and found that copays have been written off. Which of the following should be
your next step?
a. Talk to the billing department to see why this is happening
b. Conduct a retrospective audit to see if this occurred in the past
c. Self-disclose this issue to limit the chance of a qui-tam suit
d. Fire the employee so the problem goes away - ANSWER-a. Talk to the billing
department to see why this is happening
Which of the following should be reflected in a billing company's written policies and
procedures?
a. Current federal statutes only
b. Current federal and state statutes
c. Current regional and federal statutes
d. Current state statutes only - ANSWER-b. Current federal and state statutes
Note: practice question from AAPC CPCO Ch3
True or False:
Upcoding has been a major focus of OIG's enforcement efforts, that for that matter,
HIPAA added another civil monetary penalty (CMP) to the OIG's sanction authorities for
upcoding violations - ANSWER-TRUE
Ref: 42 USC 1320a-7a
What is Deposition in medico-legal terms:
a. disposing/removing someone
b. process that follows erosion
c. testifying before court
d. solidification of particles, also called desublimation - ANSWER-c. testifying in court
Deposition - is a witness's sworn out-of-court testimony as part of the discovery process
(pre-trial). The witness is called: deponent
You are the new compliance officer at an institution with an already established
compliance committee. Which committee members' professional background would be
MOST valuable in performing audit activities?
a. Legal Counsel
b. Business Management
c. Chief Financial Officer
d. Bio-Medical Engineer - ANSWER-b. Business Management
,2|Page
Explanation: It may be appropriate to designate a vendor oversight function for third
party relationships to monitor elements of the supply chain, provide a central point for
enterprise vendor issues, and set standards for training, tools, and monitoring.
Ref: HCPG Auditing and Monitoring 3460.30.40.60
What was Chapter 8 of Federal Sentencing Guidelines designed for? - ANSWER-FSG
Chapter 8 was designed so that the sanctions imposed upon organizations and their
agents, taken together, will provide just punishment, adequate deterrence, and
incentives for organizations to maintain internal mechanisms for preventing, detecting,
and reporting criminal conduct.
Ref: https://www.ussc.gov/guidelines/2018-guidelines-manual/2018-chapter-8
When an organization is under an imposed-CIA, it can be costly, especially when hiring
an Independent Review Organization (IRO) to carry out the annual reviews to ensure
conformance to a CIA. Which of the following is not true about IROs:
a. CIAs require IROs to follow the standards set forth in the GAO "Yellow Book"
b. IROs must meet qualifications necessary to perform the reviews
c. If OIG determines the IRO is not independent and presents biased judgements, it can
require the organization to retain a new IRO
d. The organization's IRO agreement is a public document that is displayed and
published in the OIG website - ANSWER-d. The organization's IRO agreement is a
public document that is displayed and published in the OIG website
Ref: https://www.oig.hhs.gov/fraud/cia/docs/iro-guidance-2016.pdf
Which of the following words best describe to approach to punishment of FSG:
a. case-specific
b. draconian
c. consistent
d. remedial - ANSWER-a. case-specific.
Explanation: FSG takes numerous factors into account when determining punishment.
Organizations may affect the severity of their punishment with their actions subsequent
to the violation
The Act that safeguards/protects student educational records from uses/disclosures -
ANSWER-Family Educational Rights and Privacy Act (FERPA)
Fill in the blanks:
The OIG CPG states: Standards of _______ should articulate hospital's commitment to
comply with Federal and state standards..... they should state the organization's
mission, goals, and ethical requirements of compliance and reflect a carefully crafted,
clear expression of expectations for all hospital governing body members, officers,
managers, employees, physicians, and, where appropriate, _______ and other agents.
- ANSWER-conduct;
contractors
,3|Page
OIG has identified areas of special concern that have been identified through its
investigative and audit functions. The 18 special areas of OIG concern include: -
ANSWER-1. Billing for items or services not actually rendered;
2. Providing medically unnecessary services;
3. Upcoding;
4. ''DRG creep;''
5. Outpatient services rendered in connection with inpatient stays;
6. Teaching physician and resident requirements for teaching hospitals;
7. Duplicate billing;
8. False cost reports;
9. Unbundling;
10. Billing for discharge in lieu of transfer;
11. Patients' freedom of choice;
12. Credit balances—failure to refund;
13. Hospital incentives that violate the anti-kickback statute or other similar Federal or
State statute or regulation;
14. Joint ventures;
15. Financial arrangements between hospitals and hospital-based physicians;
16. Stark physician self-referral law;
17. Knowing failure to provide covered services or necessary care to members of a
health maintenance organization; and
18. Patient dumping.
Ref: https://oig.hhs.gov/authorities/docs/cpghosp.pdf
Ref: https://oig.hhs.gov/authorities/docs/cpghosp.pdf
The 7 elements of a Compliance Program:
S/P
CO/AB
T/E
C/A/W/N
R/E
A/M
I/M/NESI - ANSWER-S/P (Standards/Policies & Procedures)
CO/AB (Compliance Officer/Appropriate Bodies)
T/E (Training & Educations)
C/A/W/N (Communication/Anonymity/Whistleblower/Non-Retaliation)
R/E (Response/Enforcement)
A/M (Auditing & Monitoring)
I/M/NESI (Investigation/Mitigation/Non-Employment of Sanctioned Individuals)
The Privacy Officer has learned that an employee has lost an encrypted USB drive that
contained PHI for 821 patients. The PHI included information that may be categorized
as "sensitive". This includes information such as mental health information,
, 4|Page
communicable disease information, substance use disorders info, etc. The employee
also informed the Privacy Officer that the he/she told his/her supervisor about the lost
USB exactly 90 days ago but neither he/she nor the supervisor followed up and
informed the Privacy Officer. What is the NEXT step the Privacy Officer should do:
a. Immediately begin processing the required notifications given that the 60 day
timeframe has passed
b. Alert legal of the incident on what are the next steps given that it is likely some of the
affected patients may complain to OCR which may trigger an investigation once they
receive their breach notification letters
c. Establish an 800 number an - ANSWER-d. Review the policy with the employee and
supervisor on what to do when situations such as lost PHI occur
Fill in the blank:
The OIG describes itself as a: "Rather, it is a set of _______________ for a hospital
interested in implementing a compliance program to consider" - ANSWER-guidelines
What is required by senior management and the hospital's governing body to adopt and
implement an effective compliance program? - ANSWER-commitment to compliance
A breach is considered discovered when
a. The moment a workforce member commits a breach
b. When another person on the workforce is aware of the breach
c. When the workforce member who committed the breach reports it to the Privacy
Officer
d. When the breach is reported to the Office for Civil Rights - ANSWER-b. When
another person on the workforce is aware of the breach
(When another person on the workforce is aware of the breach, that is when the breach
is considered discovered)
Code of conduct supersedes which of the following:
a. Department's policy and procedure
b. State Law and Regulation
c. Federal Laws and Regulation
d. None of the ANSWERs - ANSWER-d. None of the ANSWERs
True or False: In order to function at our company, you may be required to give up your
personal sense of right and wrong - ANSWER-False
True or False:
A company Code of Conduct acts as one of the guidelines as to
how the company operates day-to-day and conducts business - ANSWER-True
What types of gifts or favors are acceptable under the Code of
Conduct?
a. A $100 gift card from a vendor to influence you to form an
HCCA CERTIFIED IN HEALTHCARE COMPLIANCE
(CHC) EXAM: UPDATED 2024 PRACTICE QUESTIONS
WITH DETAILED ANSWER EXPLANATIONS.
Your organization recently completed a contemporaneous audit of laboratory billing
practices and found that copays have been written off. Which of the following should be
your next step?
a. Talk to the billing department to see why this is happening
b. Conduct a retrospective audit to see if this occurred in the past
c. Self-disclose this issue to limit the chance of a qui-tam suit
d. Fire the employee so the problem goes away - ANSWER-a. Talk to the billing
department to see why this is happening
Which of the following should be reflected in a billing company's written policies and
procedures?
a. Current federal statutes only
b. Current federal and state statutes
c. Current regional and federal statutes
d. Current state statutes only - ANSWER-b. Current federal and state statutes
Note: practice question from AAPC CPCO Ch3
True or False:
Upcoding has been a major focus of OIG's enforcement efforts, that for that matter,
HIPAA added another civil monetary penalty (CMP) to the OIG's sanction authorities for
upcoding violations - ANSWER-TRUE
Ref: 42 USC 1320a-7a
What is Deposition in medico-legal terms:
a. disposing/removing someone
b. process that follows erosion
c. testifying before court
d. solidification of particles, also called desublimation - ANSWER-c. testifying in court
Deposition - is a witness's sworn out-of-court testimony as part of the discovery process
(pre-trial). The witness is called: deponent
You are the new compliance officer at an institution with an already established
compliance committee. Which committee members' professional background would be
MOST valuable in performing audit activities?
a. Legal Counsel
b. Business Management
c. Chief Financial Officer
d. Bio-Medical Engineer - ANSWER-b. Business Management
,2|Page
Explanation: It may be appropriate to designate a vendor oversight function for third
party relationships to monitor elements of the supply chain, provide a central point for
enterprise vendor issues, and set standards for training, tools, and monitoring.
Ref: HCPG Auditing and Monitoring 3460.30.40.60
What was Chapter 8 of Federal Sentencing Guidelines designed for? - ANSWER-FSG
Chapter 8 was designed so that the sanctions imposed upon organizations and their
agents, taken together, will provide just punishment, adequate deterrence, and
incentives for organizations to maintain internal mechanisms for preventing, detecting,
and reporting criminal conduct.
Ref: https://www.ussc.gov/guidelines/2018-guidelines-manual/2018-chapter-8
When an organization is under an imposed-CIA, it can be costly, especially when hiring
an Independent Review Organization (IRO) to carry out the annual reviews to ensure
conformance to a CIA. Which of the following is not true about IROs:
a. CIAs require IROs to follow the standards set forth in the GAO "Yellow Book"
b. IROs must meet qualifications necessary to perform the reviews
c. If OIG determines the IRO is not independent and presents biased judgements, it can
require the organization to retain a new IRO
d. The organization's IRO agreement is a public document that is displayed and
published in the OIG website - ANSWER-d. The organization's IRO agreement is a
public document that is displayed and published in the OIG website
Ref: https://www.oig.hhs.gov/fraud/cia/docs/iro-guidance-2016.pdf
Which of the following words best describe to approach to punishment of FSG:
a. case-specific
b. draconian
c. consistent
d. remedial - ANSWER-a. case-specific.
Explanation: FSG takes numerous factors into account when determining punishment.
Organizations may affect the severity of their punishment with their actions subsequent
to the violation
The Act that safeguards/protects student educational records from uses/disclosures -
ANSWER-Family Educational Rights and Privacy Act (FERPA)
Fill in the blanks:
The OIG CPG states: Standards of _______ should articulate hospital's commitment to
comply with Federal and state standards..... they should state the organization's
mission, goals, and ethical requirements of compliance and reflect a carefully crafted,
clear expression of expectations for all hospital governing body members, officers,
managers, employees, physicians, and, where appropriate, _______ and other agents.
- ANSWER-conduct;
contractors
,3|Page
OIG has identified areas of special concern that have been identified through its
investigative and audit functions. The 18 special areas of OIG concern include: -
ANSWER-1. Billing for items or services not actually rendered;
2. Providing medically unnecessary services;
3. Upcoding;
4. ''DRG creep;''
5. Outpatient services rendered in connection with inpatient stays;
6. Teaching physician and resident requirements for teaching hospitals;
7. Duplicate billing;
8. False cost reports;
9. Unbundling;
10. Billing for discharge in lieu of transfer;
11. Patients' freedom of choice;
12. Credit balances—failure to refund;
13. Hospital incentives that violate the anti-kickback statute or other similar Federal or
State statute or regulation;
14. Joint ventures;
15. Financial arrangements between hospitals and hospital-based physicians;
16. Stark physician self-referral law;
17. Knowing failure to provide covered services or necessary care to members of a
health maintenance organization; and
18. Patient dumping.
Ref: https://oig.hhs.gov/authorities/docs/cpghosp.pdf
Ref: https://oig.hhs.gov/authorities/docs/cpghosp.pdf
The 7 elements of a Compliance Program:
S/P
CO/AB
T/E
C/A/W/N
R/E
A/M
I/M/NESI - ANSWER-S/P (Standards/Policies & Procedures)
CO/AB (Compliance Officer/Appropriate Bodies)
T/E (Training & Educations)
C/A/W/N (Communication/Anonymity/Whistleblower/Non-Retaliation)
R/E (Response/Enforcement)
A/M (Auditing & Monitoring)
I/M/NESI (Investigation/Mitigation/Non-Employment of Sanctioned Individuals)
The Privacy Officer has learned that an employee has lost an encrypted USB drive that
contained PHI for 821 patients. The PHI included information that may be categorized
as "sensitive". This includes information such as mental health information,
, 4|Page
communicable disease information, substance use disorders info, etc. The employee
also informed the Privacy Officer that the he/she told his/her supervisor about the lost
USB exactly 90 days ago but neither he/she nor the supervisor followed up and
informed the Privacy Officer. What is the NEXT step the Privacy Officer should do:
a. Immediately begin processing the required notifications given that the 60 day
timeframe has passed
b. Alert legal of the incident on what are the next steps given that it is likely some of the
affected patients may complain to OCR which may trigger an investigation once they
receive their breach notification letters
c. Establish an 800 number an - ANSWER-d. Review the policy with the employee and
supervisor on what to do when situations such as lost PHI occur
Fill in the blank:
The OIG describes itself as a: "Rather, it is a set of _______________ for a hospital
interested in implementing a compliance program to consider" - ANSWER-guidelines
What is required by senior management and the hospital's governing body to adopt and
implement an effective compliance program? - ANSWER-commitment to compliance
A breach is considered discovered when
a. The moment a workforce member commits a breach
b. When another person on the workforce is aware of the breach
c. When the workforce member who committed the breach reports it to the Privacy
Officer
d. When the breach is reported to the Office for Civil Rights - ANSWER-b. When
another person on the workforce is aware of the breach
(When another person on the workforce is aware of the breach, that is when the breach
is considered discovered)
Code of conduct supersedes which of the following:
a. Department's policy and procedure
b. State Law and Regulation
c. Federal Laws and Regulation
d. None of the ANSWERs - ANSWER-d. None of the ANSWERs
True or False: In order to function at our company, you may be required to give up your
personal sense of right and wrong - ANSWER-False
True or False:
A company Code of Conduct acts as one of the guidelines as to
how the company operates day-to-day and conducts business - ANSWER-True
What types of gifts or favors are acceptable under the Code of
Conduct?
a. A $100 gift card from a vendor to influence you to form an
