CHC Practice Questions (Scenarios)
A compliance professional has been working with a department director to implement a new policy
regarding timely completion of medical records. Which of the following should be completed by the
department manager to promote compliance with the new policy?
a. Statistically valid sampling audit
b. Monitoring
c. Discovery Audit
d. Retrospective Audit - Answers-b. Monitoring
For monitoring activities, OIG uses the term regularly to describe the frequency of review. Which factors
should an organization consider when establishing a frequency schedule for monitoring:
a. Timing of staff job performance evaluations, how often compliance training is provided, whenever
computer upgrades occur, and how many new employees were hired in the target department.
b. Size of organization, frequency of the activity being monitored, past incidences of misconduct, and
current/future investigations.
c. Whether organization used internal or external counsel, timing of the annual financial audit, and
number of hotline calls received. - Answers-b. Size of organization, frequency of the activity being
monitored, past incidences of misconduct, and current/future investigations.
Ref. Healthcare Compliance Professional's Manual
What is an important first step in creating a compliance team or improving the effectiveness of an
existing one?
a) Making sure senior management has the time and other resources necessary to promote and carry
out compliance improvements
b) Give the CCO the authority to reconcile, standardize, and modify policies where appropriate.
,c) Place the organization's CCO on the senior management team
d) None of the above - Answers-c) Place the organization's CCO on the senior management team.
Explanation: This comes straight form Chapter 1 of the Auditing and Monitoring book 2nd ed. Without
being placed on the senior management team, the CCO is unable to effectively carry out the duties and
responsibilities of the office.
An employee has violated the non-retaliation policy, he has spread rumors about employee who
reported him. The compliance professional's first action is to:
a. Create formal hearing for the violator
b. Pursue legal consequence against violator before pursuing work consequences
c. Recommend disciplinary actions against the violator of the non-retaliation policy
d. Dismiss both employees from work - Answers-c. Recommend disciplinary actions against the violator
of the non-retaliation policy
There is no established template for documenting compliance risks. Each organization should develop a
Risk Assessment that fits its risk profile. The components that are commonly used throughout the
industry are as follows EXCEPT:
a. Risk Assessment
b. Measuring key risk indicators
c. Identifying key performance indicators
d. Training the leadership of compliance regulation program - Answers-d. Training the leadership of
compliance regulation program
Ref. ABA CRCM (certified regulatory compliance manager)
After a compliance officer develops a base of knowledge, he/she must begin the art of applying
regulations in a risk management environment. Which of the following is NOT out of a few things to be
kept in mind when determining what to do FIRST?
,a. think practically about your role as an advisor, involve all department units in the decision process
rather than making decisions from them
b. calculate the organization's consolidated risk profile
c. make sure you understand the level of risk that the organization will tolerate, so decisions do not
exceed this limit
d. add value by analyzing regulatory requirements for the department units before you present
proposed/final rules or solutions - Answers-b. calculate the organization's consolidated risk profile
(determine risk tolerance)
Ref. ABA CRCM (certified regulatory compliance manager)
To be effective, compliance risk management professionals must design a framework to ensure that
management understands the risks and steps to take to mitigate them. The many roles compliance
professionals fill incorporate risk management aspects including:
a. overseeing compliance training targeting higher risk areas
b. tracking regulatory proposals or final rules to understand new risks
c. both a and b - Answers-c. both a and b
Ref. ABA CRCM (certified regulatory compliance manager)
After an investigation, it was discovered that the organization's reputation is at stake. What should a
Compliance Professional do next?
A. Report the findings to the board
B. Contact legal counsel
C. Advise the CEO and recommend next steps
D. Self-disclose to the OIG - Answers-B. Contact legal counsel
The compliance officer has completed the non-retaliation policy and it's been officially implemented.
The next steps should be:
, a. Investigate all reports of violations
b. Post the information publicly in the internet
c. Make the information available to hospital employees
d. Revise it annually - Answers-c. Make the information available to hospital employees
If during the course of an internal investigation, the compliance officer believes the integrity of the
investigation might be compromised by the continued presence of work force members who are the
subject of the investigation. In the best interest of the attorney-client privilege, which action would you
take?
a. Conduct employee background checks
b. Counsel obtains employee's depositions
c. Destroy documents and other evidence
d. Re-assign employees to other responsibilities until the investigation is completed
e. All of the above - Answers-d. Re-assign employees to other responsibilities until the investigation is
completed.
Explanation: he/she should recommend that such individuals be temporarily removed from their current
responsibilities until the investigation is completed.
Ref. Healthcare Compliance Professional's Manual
The privacy officer for a hospital has updated the Notice of Privacy Practices/NPP to reflect a material
change because the previous notice did not have a description that individuals have the right to amend
their PHI. The 3rd party review team identified that the NPP did not have the required information to let
individuals know of their right to amend PHI. What's the BEST course of action to correct deficiency?
A. Make arrangements to mail the new NPP mailed to all patients seen within the last year at the
hospital
B. Make arrangements to have the new NPP distributed to new patients that come to the hospital
C. Post a copy of the new NPP on the hospital's internal intranet so that all employees can see the
updated version of the notice
A compliance professional has been working with a department director to implement a new policy
regarding timely completion of medical records. Which of the following should be completed by the
department manager to promote compliance with the new policy?
a. Statistically valid sampling audit
b. Monitoring
c. Discovery Audit
d. Retrospective Audit - Answers-b. Monitoring
For monitoring activities, OIG uses the term regularly to describe the frequency of review. Which factors
should an organization consider when establishing a frequency schedule for monitoring:
a. Timing of staff job performance evaluations, how often compliance training is provided, whenever
computer upgrades occur, and how many new employees were hired in the target department.
b. Size of organization, frequency of the activity being monitored, past incidences of misconduct, and
current/future investigations.
c. Whether organization used internal or external counsel, timing of the annual financial audit, and
number of hotline calls received. - Answers-b. Size of organization, frequency of the activity being
monitored, past incidences of misconduct, and current/future investigations.
Ref. Healthcare Compliance Professional's Manual
What is an important first step in creating a compliance team or improving the effectiveness of an
existing one?
a) Making sure senior management has the time and other resources necessary to promote and carry
out compliance improvements
b) Give the CCO the authority to reconcile, standardize, and modify policies where appropriate.
,c) Place the organization's CCO on the senior management team
d) None of the above - Answers-c) Place the organization's CCO on the senior management team.
Explanation: This comes straight form Chapter 1 of the Auditing and Monitoring book 2nd ed. Without
being placed on the senior management team, the CCO is unable to effectively carry out the duties and
responsibilities of the office.
An employee has violated the non-retaliation policy, he has spread rumors about employee who
reported him. The compliance professional's first action is to:
a. Create formal hearing for the violator
b. Pursue legal consequence against violator before pursuing work consequences
c. Recommend disciplinary actions against the violator of the non-retaliation policy
d. Dismiss both employees from work - Answers-c. Recommend disciplinary actions against the violator
of the non-retaliation policy
There is no established template for documenting compliance risks. Each organization should develop a
Risk Assessment that fits its risk profile. The components that are commonly used throughout the
industry are as follows EXCEPT:
a. Risk Assessment
b. Measuring key risk indicators
c. Identifying key performance indicators
d. Training the leadership of compliance regulation program - Answers-d. Training the leadership of
compliance regulation program
Ref. ABA CRCM (certified regulatory compliance manager)
After a compliance officer develops a base of knowledge, he/she must begin the art of applying
regulations in a risk management environment. Which of the following is NOT out of a few things to be
kept in mind when determining what to do FIRST?
,a. think practically about your role as an advisor, involve all department units in the decision process
rather than making decisions from them
b. calculate the organization's consolidated risk profile
c. make sure you understand the level of risk that the organization will tolerate, so decisions do not
exceed this limit
d. add value by analyzing regulatory requirements for the department units before you present
proposed/final rules or solutions - Answers-b. calculate the organization's consolidated risk profile
(determine risk tolerance)
Ref. ABA CRCM (certified regulatory compliance manager)
To be effective, compliance risk management professionals must design a framework to ensure that
management understands the risks and steps to take to mitigate them. The many roles compliance
professionals fill incorporate risk management aspects including:
a. overseeing compliance training targeting higher risk areas
b. tracking regulatory proposals or final rules to understand new risks
c. both a and b - Answers-c. both a and b
Ref. ABA CRCM (certified regulatory compliance manager)
After an investigation, it was discovered that the organization's reputation is at stake. What should a
Compliance Professional do next?
A. Report the findings to the board
B. Contact legal counsel
C. Advise the CEO and recommend next steps
D. Self-disclose to the OIG - Answers-B. Contact legal counsel
The compliance officer has completed the non-retaliation policy and it's been officially implemented.
The next steps should be:
, a. Investigate all reports of violations
b. Post the information publicly in the internet
c. Make the information available to hospital employees
d. Revise it annually - Answers-c. Make the information available to hospital employees
If during the course of an internal investigation, the compliance officer believes the integrity of the
investigation might be compromised by the continued presence of work force members who are the
subject of the investigation. In the best interest of the attorney-client privilege, which action would you
take?
a. Conduct employee background checks
b. Counsel obtains employee's depositions
c. Destroy documents and other evidence
d. Re-assign employees to other responsibilities until the investigation is completed
e. All of the above - Answers-d. Re-assign employees to other responsibilities until the investigation is
completed.
Explanation: he/she should recommend that such individuals be temporarily removed from their current
responsibilities until the investigation is completed.
Ref. Healthcare Compliance Professional's Manual
The privacy officer for a hospital has updated the Notice of Privacy Practices/NPP to reflect a material
change because the previous notice did not have a description that individuals have the right to amend
their PHI. The 3rd party review team identified that the NPP did not have the required information to let
individuals know of their right to amend PHI. What's the BEST course of action to correct deficiency?
A. Make arrangements to mail the new NPP mailed to all patients seen within the last year at the
hospital
B. Make arrangements to have the new NPP distributed to new patients that come to the hospital
C. Post a copy of the new NPP on the hospital's internal intranet so that all employees can see the
updated version of the notice
