CHC PRACTICE QUESTIONS
(SCENARIOS) , LAWS, AND CASE
SCENARIOS
b. Monitoring - correct answers ✔✔A compliance professional has been working with a
department director to implement a new policy regarding timely completion of medical
records. Which of the following should be completed by the department manager to
promote compliance with the new policy?
a. Statistically valid sampling audit
b. Monitoring
c. Discovery Audit
d. Retrospective Audit
b. Size of organization, frequency of the activity being monitored, past incidences of
misconduct, and current/future investigations.
Ref. Healthcare Compliance Professional's Manual - correct answers ✔✔For monitoring
activities, OIG uses the term regularly to describe the frequency of review. Which
,factors should an organization consider when establishing a frequency schedule for
monitoring:
a. Timing of staff job performance evaluations, how often compliance training is
provided, whenever computer upgrades occur, and how many new employees were
hired in the target department.
b. Size of organization, frequency of the activity being monitored, past incidences of
misconduct, and current/future investigations.
c. Whether organization used internal or external counsel, timing of the annual financial
audit, and number of hotline calls received.
c) Place the organization's CCO on the senior management team.
Explanation: This comes straight form Chapter 1 of the Auditing and Monitoring book
2nd ed. Without being placed on the senior management team, the CCO is unable to
effectively carry out the duties and responsibilities of the office. - correct answers
✔✔What is an important first step in creating a compliance team or improving the
effectiveness of an existing one?
a) Making sure senior management has the time and other resources necessary to
promote and carry out compliance improvements
b) Give the CCO the authority to reconcile, standardize, and modify policies where
appropriate.
c) Place the organization's CCO on the senior management team
d) None of the above
c. Recommend disciplinary actions against the violator of the non-retaliation policy -
correct answers ✔✔An employee has violated the non-retaliation policy, he has spread
rumors about employee who reported him. The compliance professional's first action is
to:
a. Create formal hearing for the violator
b. Pursue legal consequence against violator before pursuing work consequences
c. Recommend disciplinary actions against the violator of the non-retaliation policy
d. Dismiss both employees from work
d. Training the leadership of compliance regulation program
Ref. ABA CRCM (certified regulatory compliance manager) - correct answers ✔✔There
is no established template for documenting compliance risks. Each organization should
develop a Risk Assessment that fits its risk profile. The components that are commonly
used throughout the industry are as follows EXCEPT:
a. Risk Assessment
b. Measuring key risk indicators
c. Identifying key performance indicators
d. Training the leadership of compliance regulation program
b. calculate the organization's consolidated risk profile (determine risk tolerance)
,Ref. ABA CRCM (certified regulatory compliance manager) - correct answers ✔✔After a
compliance officer develops a base of knowledge, he/she must begin the art of applying
regulations in a risk management environment. Which of the following is NOT out of a
few things to be kept in mind when determining what to do FIRST?
a. think practically about your role as an advisor, involve all department units in the
decision process rather than making decisions from them
b. calculate the organization's consolidated risk profile
c. make sure you understand the level of risk that the organization will tolerate, so
decisions do not exceed this limit
d. add value by analyzing regulatory requirements for the department units before you
present proposed/final rules or solutions
c. both a and b
Ref. ABA CRCM (certified regulatory compliance manager) - correct answers ✔✔To be
effective, compliance risk management professionals must design a framework to
ensure that management understands the risks and steps to take to mitigate them. The
many roles compliance professionals fill incorporate risk management aspects
including:
a. overseeing compliance training targeting higher risk areas
b. tracking regulatory proposals or final rules to understand new risks
c. both a and b
B. Contact legal counsel - correct answers ✔✔After an investigation, it was discovered
that the organization's reputation is at stake. What should a Compliance Professional do
next?
A. Report the findings to the board
B. Contact legal counsel
C. Advise the CEO and recommend next steps
D. Self-disclose to the OIG
c. Make the information available to hospital employees - correct answers ✔✔The
compliance officer has completed the non-retaliation policy and it's been officially
implemented. The next steps should be:
a. Investigate all reports of violations
b. Post the information publicly in the internet
c. Make the information available to hospital employees
d. Revise it annually
d. Re-assign employees to other responsibilities until the investigation is completed.
Explanation: he/she should recommend that such individuals be temporarily removed
from their current responsibilities until the investigation is completed.
Ref. Healthcare Compliance Professional's Manual - correct answers ✔✔If during the
course of an internal investigation, the compliance officer believes the integrity of the
investigation might be compromised by the continued presence of work force members
, who are the subject of the investigation. In the best interest of the attorney-client
privilege, which action would you take?
a. Conduct employee background checks
b. Counsel obtains employee's depositions
c. Destroy documents and other evidence
d. Re-assign employees to other responsibilities until the investigation is completed
e. All of the above
B. Make arrangements to have the new NPP distributed to new patients that come to
the hospital
The NPP must describe the following individual rights:
https://www.law.cornell.edu/cfr/text/45/164.520
• The right to request restrictions on uses or disclosures of PHI for treatment, payment
or healthcare operations; for use in a facility directory (if applicable); or to family
members and others involved in the patient's care; however, the provider is not required
to agree to the restriction except in the case of a disclosure to a health insurer if the
individual has paid for the care as required by
§164.522(a)(1)(vi). This is a change necessitated by the Omnibus Rule.
• The right to receive confidential communications by alternative means or at alternative
locations per §164.522(b).
• The right to inspect and copy PHI per § 164.524. The provider may want to include a
statement that the provider may charge a reasonable c - correct answers ✔✔The
privacy officer for a hospital has updated the Notice of Privacy Practices/NPP to reflect
a material change because the previous notice did not have a description that
individuals have the right to amend their PHI. The 3rd party review team identified that
the NPP did not have the required information to let individuals know of their right to
amend PHI. What's the BEST course of action to correct deficiency?
A. Make arrangements to mail the new NPP mailed to all patients seen within the last
year at the hospital
B. Make arrangements to have the new NPP distributed to new patients that come to
the hospital
C. Post a copy of the new NPP on the hospital's internal intranet so that all employees
can see the updated version of the notice
D. Meet with legal to discuss how to best self-disclose to OCR that the hospital was in
violation of the NPP requirements and has since corrected the deficiency
c. A contemporaneous review that was done by the billing manager would be covered
under the attorney-client privilege.
Explanation: A significant limitation of the definition of protected communications relates
to documents that are prepared by the client prior to the time when the attorney began
preparations to give advice.
Ref. Healthcare Compliance Professional's Manual - correct answers ✔✔The billing
manager was conducting a contemporaneous review and found what could be a
(SCENARIOS) , LAWS, AND CASE
SCENARIOS
b. Monitoring - correct answers ✔✔A compliance professional has been working with a
department director to implement a new policy regarding timely completion of medical
records. Which of the following should be completed by the department manager to
promote compliance with the new policy?
a. Statistically valid sampling audit
b. Monitoring
c. Discovery Audit
d. Retrospective Audit
b. Size of organization, frequency of the activity being monitored, past incidences of
misconduct, and current/future investigations.
Ref. Healthcare Compliance Professional's Manual - correct answers ✔✔For monitoring
activities, OIG uses the term regularly to describe the frequency of review. Which
,factors should an organization consider when establishing a frequency schedule for
monitoring:
a. Timing of staff job performance evaluations, how often compliance training is
provided, whenever computer upgrades occur, and how many new employees were
hired in the target department.
b. Size of organization, frequency of the activity being monitored, past incidences of
misconduct, and current/future investigations.
c. Whether organization used internal or external counsel, timing of the annual financial
audit, and number of hotline calls received.
c) Place the organization's CCO on the senior management team.
Explanation: This comes straight form Chapter 1 of the Auditing and Monitoring book
2nd ed. Without being placed on the senior management team, the CCO is unable to
effectively carry out the duties and responsibilities of the office. - correct answers
✔✔What is an important first step in creating a compliance team or improving the
effectiveness of an existing one?
a) Making sure senior management has the time and other resources necessary to
promote and carry out compliance improvements
b) Give the CCO the authority to reconcile, standardize, and modify policies where
appropriate.
c) Place the organization's CCO on the senior management team
d) None of the above
c. Recommend disciplinary actions against the violator of the non-retaliation policy -
correct answers ✔✔An employee has violated the non-retaliation policy, he has spread
rumors about employee who reported him. The compliance professional's first action is
to:
a. Create formal hearing for the violator
b. Pursue legal consequence against violator before pursuing work consequences
c. Recommend disciplinary actions against the violator of the non-retaliation policy
d. Dismiss both employees from work
d. Training the leadership of compliance regulation program
Ref. ABA CRCM (certified regulatory compliance manager) - correct answers ✔✔There
is no established template for documenting compliance risks. Each organization should
develop a Risk Assessment that fits its risk profile. The components that are commonly
used throughout the industry are as follows EXCEPT:
a. Risk Assessment
b. Measuring key risk indicators
c. Identifying key performance indicators
d. Training the leadership of compliance regulation program
b. calculate the organization's consolidated risk profile (determine risk tolerance)
,Ref. ABA CRCM (certified regulatory compliance manager) - correct answers ✔✔After a
compliance officer develops a base of knowledge, he/she must begin the art of applying
regulations in a risk management environment. Which of the following is NOT out of a
few things to be kept in mind when determining what to do FIRST?
a. think practically about your role as an advisor, involve all department units in the
decision process rather than making decisions from them
b. calculate the organization's consolidated risk profile
c. make sure you understand the level of risk that the organization will tolerate, so
decisions do not exceed this limit
d. add value by analyzing regulatory requirements for the department units before you
present proposed/final rules or solutions
c. both a and b
Ref. ABA CRCM (certified regulatory compliance manager) - correct answers ✔✔To be
effective, compliance risk management professionals must design a framework to
ensure that management understands the risks and steps to take to mitigate them. The
many roles compliance professionals fill incorporate risk management aspects
including:
a. overseeing compliance training targeting higher risk areas
b. tracking regulatory proposals or final rules to understand new risks
c. both a and b
B. Contact legal counsel - correct answers ✔✔After an investigation, it was discovered
that the organization's reputation is at stake. What should a Compliance Professional do
next?
A. Report the findings to the board
B. Contact legal counsel
C. Advise the CEO and recommend next steps
D. Self-disclose to the OIG
c. Make the information available to hospital employees - correct answers ✔✔The
compliance officer has completed the non-retaliation policy and it's been officially
implemented. The next steps should be:
a. Investigate all reports of violations
b. Post the information publicly in the internet
c. Make the information available to hospital employees
d. Revise it annually
d. Re-assign employees to other responsibilities until the investigation is completed.
Explanation: he/she should recommend that such individuals be temporarily removed
from their current responsibilities until the investigation is completed.
Ref. Healthcare Compliance Professional's Manual - correct answers ✔✔If during the
course of an internal investigation, the compliance officer believes the integrity of the
investigation might be compromised by the continued presence of work force members
, who are the subject of the investigation. In the best interest of the attorney-client
privilege, which action would you take?
a. Conduct employee background checks
b. Counsel obtains employee's depositions
c. Destroy documents and other evidence
d. Re-assign employees to other responsibilities until the investigation is completed
e. All of the above
B. Make arrangements to have the new NPP distributed to new patients that come to
the hospital
The NPP must describe the following individual rights:
https://www.law.cornell.edu/cfr/text/45/164.520
• The right to request restrictions on uses or disclosures of PHI for treatment, payment
or healthcare operations; for use in a facility directory (if applicable); or to family
members and others involved in the patient's care; however, the provider is not required
to agree to the restriction except in the case of a disclosure to a health insurer if the
individual has paid for the care as required by
§164.522(a)(1)(vi). This is a change necessitated by the Omnibus Rule.
• The right to receive confidential communications by alternative means or at alternative
locations per §164.522(b).
• The right to inspect and copy PHI per § 164.524. The provider may want to include a
statement that the provider may charge a reasonable c - correct answers ✔✔The
privacy officer for a hospital has updated the Notice of Privacy Practices/NPP to reflect
a material change because the previous notice did not have a description that
individuals have the right to amend their PHI. The 3rd party review team identified that
the NPP did not have the required information to let individuals know of their right to
amend PHI. What's the BEST course of action to correct deficiency?
A. Make arrangements to mail the new NPP mailed to all patients seen within the last
year at the hospital
B. Make arrangements to have the new NPP distributed to new patients that come to
the hospital
C. Post a copy of the new NPP on the hospital's internal intranet so that all employees
can see the updated version of the notice
D. Meet with legal to discuss how to best self-disclose to OCR that the hospital was in
violation of the NPP requirements and has since corrected the deficiency
c. A contemporaneous review that was done by the billing manager would be covered
under the attorney-client privilege.
Explanation: A significant limitation of the definition of protected communications relates
to documents that are prepared by the client prior to the time when the attorney began
preparations to give advice.
Ref. Healthcare Compliance Professional's Manual - correct answers ✔✔The billing
manager was conducting a contemporaneous review and found what could be a
