CPCO (Certified Professional Compliance Officer)
Exam Questions and Correct Answers| 2026/27
Updated
The Federal Sentencing Guidelines (FSGs) are rules that set out a uniform
sentencing policy for those convicted of felonies and serious (Class A)
misdemeanors in the United States' federal courts system. In healthcare, the FSGs
are used as the core elements for which of the following?
I. The OIG's Five-Principle Strategy to combat healthcare fraud, waste, and abuse.
II. The seven core elements of an effective compliance program.
III. The core elements of corporate integrity agreements.
IV. The final rule for the Medicare Access and CHIP Reauthorization Act (MACRA).
V. The False Claims Act (FCA).
II and III
The compliance program guidance is recognized by the United States Sentencing
Commission (USSC). These seven core elements are used by the USSC as the basis
for FSGs for healthcare offenses. The core elements of CIAs were created in the
1995 Federal Sentencing Guidelines.
Which office is responsible for enforcing the HIPAA Privacy Rule and Security Rule
provisions?
Office of Civil Rights (OCR)
Department of Justice (DOJ)
Department of Labor (DOL)
Office of Inspector General (OIG)
,Office of Civil Rights (OCR)
Which office performs independent audits of HHS programs and/or HHS grantees
and contractors to examine their performance?
Immediate Office of Inspector General
Office of Audit Services
Office of Evaluations and Inspections
Office of Management and Policy
Office of Audit Services
According to Inspector General Daniel Levinson, what can help reduce
enforcement on a provider from a corporate integrity agreement (CIA) to a
certification of compliance agreement (CCA)?
The provider demonstrates a compliance plan has been distributed to all
employees.
The provider has a robust and effective compliance program.
The provider has a compliance officer on staff.
The provider keeps a copy of all coding rules which support their coding.
The provider has a robust and effective compliance program.
Compliance certification agreements (CCAs) require providers to certify they will
continue to operate their existing compliance program for a fixed term. During
this term, is an independent review organization (IRO) required?
No, an IRO is not required for a CCA.
Yes, an IRO is required for all CCA agreements.
,It depends; an IRO is only required for certain entities that have signed a CCA.
Yes, IROs are required for both CIA and CCA arrangements.
No, an IRO is not required for a CCA.
The OIG has stated that an effective compliance plan can help create which of the
following?
Customer loyalty, a need for refunds, and overpayments from insurance carriers.
Community support, financial success, wealthy physicians.
Financial success, flawless billing, and lessen staff required to support the practice.
Customer loyalty, community support, and financial success.
Customer loyalty, community support, and financial success.
Jill is the compliance officer for Dr. X. Jill wants to send all lab referrals to the lab
that her physician owns. Is this considered fraud?
No, it is considered waste.
Yes, it is considered fraud.
No, it is considered abuse.
Yes, only because lab services owned by providers is a special category so
therefore it is fraud.
Yes, it is considered fraud.
, What is a high-level statement or plan that embraces an organization's general
beliefs, goals, objectives and acceptable procedure for a specified subject area?
a. policy
b. standard for all organizations
c. risk for the organization
d. compliance program
policy
After an employee receives their initial training regarding the
practice/organization Compliance Program, what is the next step the compliance
officer should take to protect the practice against potential non-compliance
activity?
a. Retain the training record for employee evaluation reviews.
b. Perform a baseline assessment of the employee's competency scores to
determine if additional training is required.
c. repeat the training in 1 year.
d. No additional steps are necessary; the requirement to train new employees has
been met.
Perform a baseline assessment of the employee's competency scores to
determine if additional training is required.
The first responsibility of the Compliance Officer is the development of the
Compliance Program. What is the first step in the process that needs to be
completed before the formal Compliance Program documents are drafted?
A. Training And Education Should Be Conducted.
Exam Questions and Correct Answers| 2026/27
Updated
The Federal Sentencing Guidelines (FSGs) are rules that set out a uniform
sentencing policy for those convicted of felonies and serious (Class A)
misdemeanors in the United States' federal courts system. In healthcare, the FSGs
are used as the core elements for which of the following?
I. The OIG's Five-Principle Strategy to combat healthcare fraud, waste, and abuse.
II. The seven core elements of an effective compliance program.
III. The core elements of corporate integrity agreements.
IV. The final rule for the Medicare Access and CHIP Reauthorization Act (MACRA).
V. The False Claims Act (FCA).
II and III
The compliance program guidance is recognized by the United States Sentencing
Commission (USSC). These seven core elements are used by the USSC as the basis
for FSGs for healthcare offenses. The core elements of CIAs were created in the
1995 Federal Sentencing Guidelines.
Which office is responsible for enforcing the HIPAA Privacy Rule and Security Rule
provisions?
Office of Civil Rights (OCR)
Department of Justice (DOJ)
Department of Labor (DOL)
Office of Inspector General (OIG)
,Office of Civil Rights (OCR)
Which office performs independent audits of HHS programs and/or HHS grantees
and contractors to examine their performance?
Immediate Office of Inspector General
Office of Audit Services
Office of Evaluations and Inspections
Office of Management and Policy
Office of Audit Services
According to Inspector General Daniel Levinson, what can help reduce
enforcement on a provider from a corporate integrity agreement (CIA) to a
certification of compliance agreement (CCA)?
The provider demonstrates a compliance plan has been distributed to all
employees.
The provider has a robust and effective compliance program.
The provider has a compliance officer on staff.
The provider keeps a copy of all coding rules which support their coding.
The provider has a robust and effective compliance program.
Compliance certification agreements (CCAs) require providers to certify they will
continue to operate their existing compliance program for a fixed term. During
this term, is an independent review organization (IRO) required?
No, an IRO is not required for a CCA.
Yes, an IRO is required for all CCA agreements.
,It depends; an IRO is only required for certain entities that have signed a CCA.
Yes, IROs are required for both CIA and CCA arrangements.
No, an IRO is not required for a CCA.
The OIG has stated that an effective compliance plan can help create which of the
following?
Customer loyalty, a need for refunds, and overpayments from insurance carriers.
Community support, financial success, wealthy physicians.
Financial success, flawless billing, and lessen staff required to support the practice.
Customer loyalty, community support, and financial success.
Customer loyalty, community support, and financial success.
Jill is the compliance officer for Dr. X. Jill wants to send all lab referrals to the lab
that her physician owns. Is this considered fraud?
No, it is considered waste.
Yes, it is considered fraud.
No, it is considered abuse.
Yes, only because lab services owned by providers is a special category so
therefore it is fraud.
Yes, it is considered fraud.
, What is a high-level statement or plan that embraces an organization's general
beliefs, goals, objectives and acceptable procedure for a specified subject area?
a. policy
b. standard for all organizations
c. risk for the organization
d. compliance program
policy
After an employee receives their initial training regarding the
practice/organization Compliance Program, what is the next step the compliance
officer should take to protect the practice against potential non-compliance
activity?
a. Retain the training record for employee evaluation reviews.
b. Perform a baseline assessment of the employee's competency scores to
determine if additional training is required.
c. repeat the training in 1 year.
d. No additional steps are necessary; the requirement to train new employees has
been met.
Perform a baseline assessment of the employee's competency scores to
determine if additional training is required.
The first responsibility of the Compliance Officer is the development of the
Compliance Program. What is the first step in the process that needs to be
completed before the formal Compliance Program documents are drafted?
A. Training And Education Should Be Conducted.
