AAPC CPB FINAL EXAM SCRIPT 2026
COMPLETE QUESTIONS AND ANSWERS
GRADED A+
◉ A practice agrees to pay $250,000 to settle a lawsuit alleging that
the practice used X-rays of one patient to justify services on multiple
other patients' claims. The manager of the office brought the civil
suit. What type of case is this?
A. HIPAA
B. Qui Tam
C. Anti-Kickback
D. Stark case. Answer: B. Qui Tam
A Qui Tam case is also known as a whistleblower case. If an
individual knows of a violation of the FCA, he or she may bring a civil
action on behalf of him or herself and on behalf of the U.S.
government (such an individual is called a relator)
◉ A patient is seen in your clinic. Her husband calls later in the day
to ask for information about the visit. The practice pulls the patient's
privacy authorization to see if they can speak to the husband. What
act does this action fall under?
A. Health Information Act
,B. Social Security Act
C. HIPAA
D. ADA. Answer: C. HIPAA
The Privacy Act is under HIPAA and protects the health information
of the patient. According to HIPAA, for the practice to release
information to the husband, the patient would have to have signed
an authorization.
◉ Which of the following situations allows the release of PHI
without authorization from the patient?
A. Request for life insurance
B. Request from family member
C. Physician's office to release to a family member
D. Workers' compensation. Answer: D. Workers' compensation
Workers' compensation is listed as one of the exceptions permitted
by the Privacy rule for use and disclosure of information.
◉ Billing for a lower level of care than is supported in
documentation, making false statements to obtain undeserved
benefits or payment from a federal healthcare program, or billing for
services that were not performed is defined as what by CMS?
A. an Anti-kickback
,B. abuse
C. a Stark violation
D. fraud. Answer: D. fraud
All of these actions are considered Fraud by CMS. CMS defines fraud
as making false statements or misrepresenting facts to obtain an
undeserved benefit or payment from a federal healthcare program.
CMS defines abuse as an action that results in unnecessary costs to a
federal healthcare program, either directly or indirectly
◉ Medicare overpayments should be returned within what time
frame after the overpayment has been identified?
A. 60 days
B. 1 year
C. 120 days
D. 30 days. Answer: A. 60 days
A provider must report and return an overpayment to the Secretary
of HHS, the state, an intermediary, a carrier, or a contractor, as
appropriate, by the later of 60 days from the date when the
overpayment was "identified" or the date "any corresponding cost
report is due."
, ◉ What do the government agencies OIG, CMS, and Department of
Justice enforce?
A. Qui tam violations
B. Medical malpractice
C. HIPAA violations
D. Federal fraud and abuse laws. Answer: D. Federal fraud and abuse
laws
The Department of Justice (DOJ), the Department of Health &
Human Services Office of Inspector General (OIG), and the Centers
for Medicare and Medicaid are the government agencies that enforce
the federal fraud and abuse laws.
◉ What standard transactions is NOT included in EDI and adopted
under HIPAA?
A. Healthcare claim status
B. Waiver of liability
C. Referrals and Authorizations
D. Eligibility in the health plan. Answer: B. Waiver of liability
There are 8 standard transactions for EDI - waiver of liability is not
included. The eight standard transactions for Electronic Data
Interchange (EDI) adopted under HIPAA are: - Claims and encounter
information; - Healthcare payment and remittance advice; -
COMPLETE QUESTIONS AND ANSWERS
GRADED A+
◉ A practice agrees to pay $250,000 to settle a lawsuit alleging that
the practice used X-rays of one patient to justify services on multiple
other patients' claims. The manager of the office brought the civil
suit. What type of case is this?
A. HIPAA
B. Qui Tam
C. Anti-Kickback
D. Stark case. Answer: B. Qui Tam
A Qui Tam case is also known as a whistleblower case. If an
individual knows of a violation of the FCA, he or she may bring a civil
action on behalf of him or herself and on behalf of the U.S.
government (such an individual is called a relator)
◉ A patient is seen in your clinic. Her husband calls later in the day
to ask for information about the visit. The practice pulls the patient's
privacy authorization to see if they can speak to the husband. What
act does this action fall under?
A. Health Information Act
,B. Social Security Act
C. HIPAA
D. ADA. Answer: C. HIPAA
The Privacy Act is under HIPAA and protects the health information
of the patient. According to HIPAA, for the practice to release
information to the husband, the patient would have to have signed
an authorization.
◉ Which of the following situations allows the release of PHI
without authorization from the patient?
A. Request for life insurance
B. Request from family member
C. Physician's office to release to a family member
D. Workers' compensation. Answer: D. Workers' compensation
Workers' compensation is listed as one of the exceptions permitted
by the Privacy rule for use and disclosure of information.
◉ Billing for a lower level of care than is supported in
documentation, making false statements to obtain undeserved
benefits or payment from a federal healthcare program, or billing for
services that were not performed is defined as what by CMS?
A. an Anti-kickback
,B. abuse
C. a Stark violation
D. fraud. Answer: D. fraud
All of these actions are considered Fraud by CMS. CMS defines fraud
as making false statements or misrepresenting facts to obtain an
undeserved benefit or payment from a federal healthcare program.
CMS defines abuse as an action that results in unnecessary costs to a
federal healthcare program, either directly or indirectly
◉ Medicare overpayments should be returned within what time
frame after the overpayment has been identified?
A. 60 days
B. 1 year
C. 120 days
D. 30 days. Answer: A. 60 days
A provider must report and return an overpayment to the Secretary
of HHS, the state, an intermediary, a carrier, or a contractor, as
appropriate, by the later of 60 days from the date when the
overpayment was "identified" or the date "any corresponding cost
report is due."
, ◉ What do the government agencies OIG, CMS, and Department of
Justice enforce?
A. Qui tam violations
B. Medical malpractice
C. HIPAA violations
D. Federal fraud and abuse laws. Answer: D. Federal fraud and abuse
laws
The Department of Justice (DOJ), the Department of Health &
Human Services Office of Inspector General (OIG), and the Centers
for Medicare and Medicaid are the government agencies that enforce
the federal fraud and abuse laws.
◉ What standard transactions is NOT included in EDI and adopted
under HIPAA?
A. Healthcare claim status
B. Waiver of liability
C. Referrals and Authorizations
D. Eligibility in the health plan. Answer: B. Waiver of liability
There are 8 standard transactions for EDI - waiver of liability is not
included. The eight standard transactions for Electronic Data
Interchange (EDI) adopted under HIPAA are: - Claims and encounter
information; - Healthcare payment and remittance advice; -
