CPCO CERTIFICATION EXAM AND PRACTICE EXAM NEWEST 2024 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS
Question 1
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), what is the
specific name of the national program designed to coordinate Federal, State, and local law
enforcement activities to combat health care fraud and abuse?
A) Health Care Fraud Prevention and Enforcement Action Team (HEAT)
B) Health Care Recovery and Affordable Care Act (HCRAC)
C) Health Care Fraud and Abuse Control Program (HCFAC)
D) Health Care Civil Penalties Law
E) Medicare Integrity Program (MIP)
Correct Answer: C) Health Care Fraud and Abuse Control Program (HCFAC)
Rationale: HCFAC was established by HIPAA to coordinate federal, state, and local law
enforcement efforts. It is under the joint direction of the Attorney General and the
Secretary of the Department of Health and Human Services (HHS), acting through the
Inspector General.
Question 2
According to the Federal Sentencing Guidelines (FSGs), which of the following is required for
an organization to demonstrate an "effective" compliance and ethics program?
A) Immediately reporting any minor error to the Department of Justice.
B) Promoting an organizational culture that encourages ethical conduct and a commitment to
compliance.
C) Ensuring that only the CEO is responsible for compliance activities.
D) Hiring external consultants to write all internal policies without staff input.
E) Performing audits only when a violation is suspected.
Correct Answer: A) Promote an organizational culture that encourages ethical conduct and
a commitment to compliance with the law.
Rationale: The FSGs stipulate that an effective program requires due diligence to prevent
and detect criminal conduct and a culture that promotes ethics. This moves compliance
from a "paper" program to a functional part of the organizational identity.
Question 3
If a physician practice decides to adopt the standards of conduct from a larger hospital system,
what action must the practice take to remain compliant?
A) Implement them exactly as received to ensure they remain "pre-approved."
B) Tailor those materials to the specific physician practice where they will be applied.
C) Use them only for high-risk clinical departments.
D) Sign an affidavit stating the materials are identical to the source.
E) Nothing; standard materials are universally applicable.
Correct Answer: B) Tailor those materials to the physician practice where they will be
applied.
, 2
Rationale: The OIG emphasizes that compliance programs are not "one size fits all."
Adopting another entity's standards without tailoring them to the specific risks, size, and
specialty of the practice renders the program ineffective and potentially irrelevant.
Question 4
When developing policies related to coding and billing, which of the following mandatory
statements should a compliance officer include?
A) New physicians should use the Medical Director’s NPI until their own is issued.
B) For any services billed, documentation must be present in the patient's medical record to
support the services.
C) Coding should always maximize the level of service regardless of the patient's condition.
D) Billing staff should alter diagnoses to ensure claim payment for denied services.
E) Only services over $500 require a documented medical record entry.
Correct Answer: B) For any services billed, documentation must be present in the patient's
medical record to support the services.
Rationale: "If it isn't documented, it wasn't done." This is a fundamental rule of healthcare
compliance. Billed services must have matching, accurate, and supportive documentation
in the medical record to comply with False Claims Act requirements.
Question 5
A large orthopedic group has questions about "incident-to" billing. The compliance officer calls
the Medicare Administrative Contractor (MAC) for guidance. According to the OIG, what is the
final step the officer should take?
A) Call a different agent at the MAC to verify the first person was correct.
B) Send a certified letter to the President of the United States.
C) Cross-reference the advice with a competitor's billing department.
D) Document the conversation and retain the records.
E) Implement the advice immediately without written proof.
Correct Answer: D) Document the conversation and retain the records.
Rationale: When a practice relies on information from a MAC, it is vital to document the
date, the person spoken to, and the specific advice given. This documentation serves as
evidence of "good faith" in the event of a future audit or investigation.
Question 6
To mitigate risk, compliance policies and procedures should be written in a way that ensures:
A) They are exactly ten pages long to appear thorough.
B) Any timeframes or requirements listed can be accomplished given the practice's resources.
C) They use complex legal terminology to deter staff from questioning them.
D) They are updated only once every ten years.
E) They are written by pharmaceutical representatives.
Correct Answer: B) Be sure any timeframes or requirements listed can be accomplished
, 3
given the practice's resources.
Rationale: The OIG warns against "paper compliance." If a policy sets a standard (e.g.,
"audits will be performed weekly") that the practice cannot actually meet due to lack of
staff or funds, the failure to follow the internal policy can be used as evidence of non-
compliance.
Question 7
What is the primary goal of performing annual claims audits in a physician practice?
A) To maximize the dollar amount of every single claim.
B) To ensure the practice never has a denied claim.
C) To verify accuracy of coding and reimbursement for the services performed.
D) To find a reason to fire underperforming physicians.
E) To collect data for a marketing brochure.
Correct Answer: C) Verify accuracy of coding and reimbursement for the services
performed.
Rationale: Audits are a monitoring tool used to identify both overcoding (which leads to
fraud risk) and undercoding (which leads to lost revenue). The goal is "accuracy," ensuring
that the claim perfectly reflects the documentation.
Question 8
Which of the following is a specific duty of a Compliance Officer as suggested by OIG
Guidance?
A) Reviewing reports to see that new employees and vendors have been checked against the OIG
Exclusions list (LEIE).
B) Ensuring that the compliance program is never changed or updated.
C) Personally auditing every single claim before it is sent to a payer.
D) Submitting daily reports to the local police department.
E) Negotiating the physician's salary based on billing volume.
Correct Answer: A) Reviewing reports to see that new employees and vendors have been
checked against the OIG's list of excluded individuals and entities.
Rationale: The OIG List of Excluded Individuals and Entities (LEIE) is a critical
compliance checkpoint. Hiring or contracting with an excluded party can result in
significant civil monetary penalties (CMPs) and the denial of all claims associated with that
person.
Question 9
For larger physician practices, how frequently does the OIG recommend reporting compliance
activities to the Board of Directors and the CEO?
A) Only when a major fraud is discovered.
B) Every five years.
C) Once a week.
, 4
D) Regularly.
E) Never; the Board should not be involved in compliance.
Correct Answer: D) Regularly.
Rationale: Regular reporting ensures that the governing body has oversight of the
program's effectiveness, as required by the Federal Sentencing Guidelines. While the exact
frequency may vary by the size of the entity, "regularly" implies a consistent schedule (e.g.,
quarterly or monthly).
Question 10
In a physician practice, what is the goal for compliance training?
A) Only doctors should be trained, as they are the ones who sign the charts.
B) Only new employees should be trained to save on administrative costs.
C) All employees will receive training on how to perform their jobs in compliance with standards
and regulations.
D) Training should only occur after a fine has been issued by the government.
E) Training should focus exclusively on how to use the coffee machine.
Correct Answer: C) All employees will receive training on how to perform their jobs in
compliance with the standards of the practice and any applicable regulations.
Rationale: Effective compliance requires that every person in the organization—from the
front desk to the surgical suite—understands their role in maintaining compliance. This
reduces the risk of accidental violations.
Question 11
What is the purpose of "ongoing auditing and monitoring" within the 7 elements of a compliance
program?
A) To replace the need for a Compliance Officer.
B) To catch every single mistake made by every employee daily.
C) To evaluate whether standards are current and if the compliance program is actually working.
D) To justify an increase in patient fees.
E) To ensure that physicians are seeing 50 patients per day.
Correct Answer: C) Ongoing auditing and monitoring will evaluate whether the physician
practice's standards and procedures are current and accurate and whether the compliance
program is working.
Rationale: Monitoring is an internal, proactive process to ensure the program is functioning
as intended. It identifies "gaps" in the program before they are discovered by external
investigators.
Question 12
Which of the following helps ensure that an employee feels free to report potential fraud without
fear of retribution?
A) A public list of all employees who have called the hotline.
QUESTIONS AND CORRECT DETAILED ANSWERS
Question 1
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), what is the
specific name of the national program designed to coordinate Federal, State, and local law
enforcement activities to combat health care fraud and abuse?
A) Health Care Fraud Prevention and Enforcement Action Team (HEAT)
B) Health Care Recovery and Affordable Care Act (HCRAC)
C) Health Care Fraud and Abuse Control Program (HCFAC)
D) Health Care Civil Penalties Law
E) Medicare Integrity Program (MIP)
Correct Answer: C) Health Care Fraud and Abuse Control Program (HCFAC)
Rationale: HCFAC was established by HIPAA to coordinate federal, state, and local law
enforcement efforts. It is under the joint direction of the Attorney General and the
Secretary of the Department of Health and Human Services (HHS), acting through the
Inspector General.
Question 2
According to the Federal Sentencing Guidelines (FSGs), which of the following is required for
an organization to demonstrate an "effective" compliance and ethics program?
A) Immediately reporting any minor error to the Department of Justice.
B) Promoting an organizational culture that encourages ethical conduct and a commitment to
compliance.
C) Ensuring that only the CEO is responsible for compliance activities.
D) Hiring external consultants to write all internal policies without staff input.
E) Performing audits only when a violation is suspected.
Correct Answer: A) Promote an organizational culture that encourages ethical conduct and
a commitment to compliance with the law.
Rationale: The FSGs stipulate that an effective program requires due diligence to prevent
and detect criminal conduct and a culture that promotes ethics. This moves compliance
from a "paper" program to a functional part of the organizational identity.
Question 3
If a physician practice decides to adopt the standards of conduct from a larger hospital system,
what action must the practice take to remain compliant?
A) Implement them exactly as received to ensure they remain "pre-approved."
B) Tailor those materials to the specific physician practice where they will be applied.
C) Use them only for high-risk clinical departments.
D) Sign an affidavit stating the materials are identical to the source.
E) Nothing; standard materials are universally applicable.
Correct Answer: B) Tailor those materials to the physician practice where they will be
applied.
, 2
Rationale: The OIG emphasizes that compliance programs are not "one size fits all."
Adopting another entity's standards without tailoring them to the specific risks, size, and
specialty of the practice renders the program ineffective and potentially irrelevant.
Question 4
When developing policies related to coding and billing, which of the following mandatory
statements should a compliance officer include?
A) New physicians should use the Medical Director’s NPI until their own is issued.
B) For any services billed, documentation must be present in the patient's medical record to
support the services.
C) Coding should always maximize the level of service regardless of the patient's condition.
D) Billing staff should alter diagnoses to ensure claim payment for denied services.
E) Only services over $500 require a documented medical record entry.
Correct Answer: B) For any services billed, documentation must be present in the patient's
medical record to support the services.
Rationale: "If it isn't documented, it wasn't done." This is a fundamental rule of healthcare
compliance. Billed services must have matching, accurate, and supportive documentation
in the medical record to comply with False Claims Act requirements.
Question 5
A large orthopedic group has questions about "incident-to" billing. The compliance officer calls
the Medicare Administrative Contractor (MAC) for guidance. According to the OIG, what is the
final step the officer should take?
A) Call a different agent at the MAC to verify the first person was correct.
B) Send a certified letter to the President of the United States.
C) Cross-reference the advice with a competitor's billing department.
D) Document the conversation and retain the records.
E) Implement the advice immediately without written proof.
Correct Answer: D) Document the conversation and retain the records.
Rationale: When a practice relies on information from a MAC, it is vital to document the
date, the person spoken to, and the specific advice given. This documentation serves as
evidence of "good faith" in the event of a future audit or investigation.
Question 6
To mitigate risk, compliance policies and procedures should be written in a way that ensures:
A) They are exactly ten pages long to appear thorough.
B) Any timeframes or requirements listed can be accomplished given the practice's resources.
C) They use complex legal terminology to deter staff from questioning them.
D) They are updated only once every ten years.
E) They are written by pharmaceutical representatives.
Correct Answer: B) Be sure any timeframes or requirements listed can be accomplished
, 3
given the practice's resources.
Rationale: The OIG warns against "paper compliance." If a policy sets a standard (e.g.,
"audits will be performed weekly") that the practice cannot actually meet due to lack of
staff or funds, the failure to follow the internal policy can be used as evidence of non-
compliance.
Question 7
What is the primary goal of performing annual claims audits in a physician practice?
A) To maximize the dollar amount of every single claim.
B) To ensure the practice never has a denied claim.
C) To verify accuracy of coding and reimbursement for the services performed.
D) To find a reason to fire underperforming physicians.
E) To collect data for a marketing brochure.
Correct Answer: C) Verify accuracy of coding and reimbursement for the services
performed.
Rationale: Audits are a monitoring tool used to identify both overcoding (which leads to
fraud risk) and undercoding (which leads to lost revenue). The goal is "accuracy," ensuring
that the claim perfectly reflects the documentation.
Question 8
Which of the following is a specific duty of a Compliance Officer as suggested by OIG
Guidance?
A) Reviewing reports to see that new employees and vendors have been checked against the OIG
Exclusions list (LEIE).
B) Ensuring that the compliance program is never changed or updated.
C) Personally auditing every single claim before it is sent to a payer.
D) Submitting daily reports to the local police department.
E) Negotiating the physician's salary based on billing volume.
Correct Answer: A) Reviewing reports to see that new employees and vendors have been
checked against the OIG's list of excluded individuals and entities.
Rationale: The OIG List of Excluded Individuals and Entities (LEIE) is a critical
compliance checkpoint. Hiring or contracting with an excluded party can result in
significant civil monetary penalties (CMPs) and the denial of all claims associated with that
person.
Question 9
For larger physician practices, how frequently does the OIG recommend reporting compliance
activities to the Board of Directors and the CEO?
A) Only when a major fraud is discovered.
B) Every five years.
C) Once a week.
, 4
D) Regularly.
E) Never; the Board should not be involved in compliance.
Correct Answer: D) Regularly.
Rationale: Regular reporting ensures that the governing body has oversight of the
program's effectiveness, as required by the Federal Sentencing Guidelines. While the exact
frequency may vary by the size of the entity, "regularly" implies a consistent schedule (e.g.,
quarterly or monthly).
Question 10
In a physician practice, what is the goal for compliance training?
A) Only doctors should be trained, as they are the ones who sign the charts.
B) Only new employees should be trained to save on administrative costs.
C) All employees will receive training on how to perform their jobs in compliance with standards
and regulations.
D) Training should only occur after a fine has been issued by the government.
E) Training should focus exclusively on how to use the coffee machine.
Correct Answer: C) All employees will receive training on how to perform their jobs in
compliance with the standards of the practice and any applicable regulations.
Rationale: Effective compliance requires that every person in the organization—from the
front desk to the surgical suite—understands their role in maintaining compliance. This
reduces the risk of accidental violations.
Question 11
What is the purpose of "ongoing auditing and monitoring" within the 7 elements of a compliance
program?
A) To replace the need for a Compliance Officer.
B) To catch every single mistake made by every employee daily.
C) To evaluate whether standards are current and if the compliance program is actually working.
D) To justify an increase in patient fees.
E) To ensure that physicians are seeing 50 patients per day.
Correct Answer: C) Ongoing auditing and monitoring will evaluate whether the physician
practice's standards and procedures are current and accurate and whether the compliance
program is working.
Rationale: Monitoring is an internal, proactive process to ensure the program is functioning
as intended. It identifies "gaps" in the program before they are discovered by external
investigators.
Question 12
Which of the following helps ensure that an employee feels free to report potential fraud without
fear of retribution?
A) A public list of all employees who have called the hotline.
