CBCS CERTIFICATION SCRIPT 2026
QUESTIONS WITH SOLUTIONS GRADED A+
◍ A medical office hires a third-party billing company to handle claims
processing. Under HIPAA, what agreement must be in place before sharing
patient information with this company?.
Answer: HIPAA requires a Business Associate Agreement (BAA) between a
covered entity and any business associate that will create, receive, maintain,
or transmit PHI on behalf of the covered entity. A third-party billing
company is a business associate. The BAA must specify the permitted uses
of PHI, require safeguards, and outline breach notification responsibilities.
◍ Under Medicare, what is the correct sequence for the five levels of the
appeals process?.
Answer: Medicare has a five-level appeals process that must be followed in
order: (1) Redetermination by the Medicare Administrative Contractor
(MAC), (2) Reconsideration by a Qualified Independent Contractor (QIC),
(3) Hearing before an Administrative Law Judge (ALJ), (4) Review by the
Medicare Appeals Council, and (5) Judicial review in Federal District Court.
Each level must be exhausted before proceeding to the next, and each has
specific filing deadlines.
◍ A billing specialist is coding for a patient who received home oxygen
equipment. Which HCPCS Level II code category would cover the oxygen
concentrator and related supplies?.
Answer: HCPCS Level II E codes cover durable medical equipment (DME),
including oxygen concentrators, wheelchairs, hospital beds, and related
supplies. J codes are for drugs administered other than orally, G codes are
for temporary procedures/services, and Q codes are for temporary supplies.
◍ A billing specialist accidentally sends a patient's billing statement
, containing PHI to the wrong address. Under HIPAA, this is considered:.
Answer: Under HIPAA, sending PHI to the wrong address constitutes a
breach (an impermissible use or disclosure of PHI). The organization must
follow its breach notification procedures, which may include notifying the
affected individual, HHS, and potentially the media depending on the scope.
The breach must be documented regardless of whether the information is
retrieved.
◍ A patient receives a remittance advice showing 'PR' as the group code for an
adjustment. What does the PR group code indicate?.
Answer: On a remittance advice, the group code PR (Patient Responsibility)
indicates that the patient is financially responsible for the adjusted amount.
This typically includes deductibles, coinsurance, and copayments. Other
group codes include CO (Contractual Obligation), OA (Other Adjustment),
and PI (Payer Initiated Reduction).
◍ Which claim form is used by hospitals and institutional providers to bill for
facility services, including inpatient and outpatient hospital services?.
Answer: The UB-04 (also known as CMS-1450) is the standard claim form
used by institutional providers such as hospitals, skilled nursing facilities,
hospice organizations, and home health agencies to bill for facility services.
Revenue codes and type of bill codes are unique to the UB-04. The
CMS-1500 is for professional/non-institutional claims.
◍ Under the HIPAA Security Rule, which of the following is an example of a
physical safeguard?.
Answer: Physical safeguards under the HIPAA Security Rule address
physical access to facilities and equipment where ePHI is stored.
Badge-controlled entry to restricted areas is a physical safeguard.
Encryption is a technical safeguard, unique user IDs are a technical
safeguard (access control), and risk assessments are administrative
safeguards.
◍ A billing specialist discovers that the practice has been submitting claims for
a diagnostic test that was ordered but never actually performed due to
, equipment malfunction. The claims have been paid for the past three
months. What is the FIRST step the specialist should take?.
Answer: The first step is to immediately report the issue to the practice's
compliance officer. Billing for services not rendered is a form of healthcare
fraud, even if unintentional. The compliance officer will then coordinate the
appropriate response, which typically includes conducting an investigation,
filing voluntary refunds to the affected payers, and implementing corrective
actions to prevent recurrence. The 60-day rule under the Affordable Care
Act requires overpayments to be reported and returned within 60 days of
identification.
◍ A billing specialist receives an EOB showing that a claim was paid based on
a fee schedule amount that is lower than the Medicare Physician Fee
Schedule (MPFS) rate. The provider participates with this commercial
payer. What should the specialist do FIRST?.
Answer: Before taking any action on a potential underpayment, the billing
specialist should first review the provider's contract with the payer to verify
the agreed-upon fee schedule rates. Commercial payers negotiate individual
fee schedules with providers that may differ from Medicare rates. Only after
confirming the contracted rate can the specialist determine whether an
underpayment occurred.
◍ An orthopedic surgeon performs a knee arthroscopy on a patient in an
ambulatory surgery center. The patient has Medicare as primary and a
Medigap policy as secondary. Which claim form should be submitted to
Medicare?.
Answer: The surgeon submits a CMS-1500 form for professional
(physician) services regardless of where the procedure is performed. The
ambulatory surgery center would submit a separate UB-04 for the facility
charges. Professional fees and facility fees are billed on different forms.
◍ What does "downcoding" mean in the context of claim adjudication?.
Answer: Downcoding occurs when the payer changes the procedure code
submitted by the provider to a lower-level (less expensive) code during
, adjudication. This typically happens when the documentation does not
support the level of service billed, or when the payer's edits determine a
different code is more appropriate. The result is reduced reimbursement.
Upcoding (assigning a higher code) is a compliance concern. Downcoding
by providers is a form of lost revenue.
◍ What is the primary difference between HCPCS Level I and HCPCS Level
II codes?.
Answer: HCPCS Level I consists of CPT (Current Procedural Terminology)
codes maintained by the American Medical Association (AMA). HCPCS
Level II consists of alphanumeric codes (beginning with a letter followed by
four digits) maintained by the Centers for Medicare & Medicaid Services
(CMS) and are used to report supplies, drugs, DME, and services not
covered by CPT codes.
◍ A medical practice must provide patients with a document describing how
their health information may be used and disclosed. What is this document
called?.
Answer: The Notice of Privacy Practices (NPP) is required by the HIPAA
Privacy Rule and describes how a covered entity may use and disclose a
patient's PHI, the patient's rights regarding their PHI, and the entity's legal
duties. It must be provided to patients at their first encounter, and a good
faith effort to obtain written acknowledgment of receipt must be made.
◍ Which federal law prohibits Medicare from being billed as the primary
payer when the patient has group health plan coverage through an employer
with 20 or more employees?.
Answer: The Medicare Secondary Payer (MSP) rules establish when
Medicare is the secondary rather than primary payer. One key provision is
that for patients who are actively employed (or whose spouse is employed)
by an employer with 20 or more employees and have group health plan
coverage, the employer group health plan is primary and Medicare is
secondary. Billing Medicare as primary in this situation is a violation of
federal law. HIPAA deals with privacy/portability, the ACA with coverage
QUESTIONS WITH SOLUTIONS GRADED A+
◍ A medical office hires a third-party billing company to handle claims
processing. Under HIPAA, what agreement must be in place before sharing
patient information with this company?.
Answer: HIPAA requires a Business Associate Agreement (BAA) between a
covered entity and any business associate that will create, receive, maintain,
or transmit PHI on behalf of the covered entity. A third-party billing
company is a business associate. The BAA must specify the permitted uses
of PHI, require safeguards, and outline breach notification responsibilities.
◍ Under Medicare, what is the correct sequence for the five levels of the
appeals process?.
Answer: Medicare has a five-level appeals process that must be followed in
order: (1) Redetermination by the Medicare Administrative Contractor
(MAC), (2) Reconsideration by a Qualified Independent Contractor (QIC),
(3) Hearing before an Administrative Law Judge (ALJ), (4) Review by the
Medicare Appeals Council, and (5) Judicial review in Federal District Court.
Each level must be exhausted before proceeding to the next, and each has
specific filing deadlines.
◍ A billing specialist is coding for a patient who received home oxygen
equipment. Which HCPCS Level II code category would cover the oxygen
concentrator and related supplies?.
Answer: HCPCS Level II E codes cover durable medical equipment (DME),
including oxygen concentrators, wheelchairs, hospital beds, and related
supplies. J codes are for drugs administered other than orally, G codes are
for temporary procedures/services, and Q codes are for temporary supplies.
◍ A billing specialist accidentally sends a patient's billing statement
, containing PHI to the wrong address. Under HIPAA, this is considered:.
Answer: Under HIPAA, sending PHI to the wrong address constitutes a
breach (an impermissible use or disclosure of PHI). The organization must
follow its breach notification procedures, which may include notifying the
affected individual, HHS, and potentially the media depending on the scope.
The breach must be documented regardless of whether the information is
retrieved.
◍ A patient receives a remittance advice showing 'PR' as the group code for an
adjustment. What does the PR group code indicate?.
Answer: On a remittance advice, the group code PR (Patient Responsibility)
indicates that the patient is financially responsible for the adjusted amount.
This typically includes deductibles, coinsurance, and copayments. Other
group codes include CO (Contractual Obligation), OA (Other Adjustment),
and PI (Payer Initiated Reduction).
◍ Which claim form is used by hospitals and institutional providers to bill for
facility services, including inpatient and outpatient hospital services?.
Answer: The UB-04 (also known as CMS-1450) is the standard claim form
used by institutional providers such as hospitals, skilled nursing facilities,
hospice organizations, and home health agencies to bill for facility services.
Revenue codes and type of bill codes are unique to the UB-04. The
CMS-1500 is for professional/non-institutional claims.
◍ Under the HIPAA Security Rule, which of the following is an example of a
physical safeguard?.
Answer: Physical safeguards under the HIPAA Security Rule address
physical access to facilities and equipment where ePHI is stored.
Badge-controlled entry to restricted areas is a physical safeguard.
Encryption is a technical safeguard, unique user IDs are a technical
safeguard (access control), and risk assessments are administrative
safeguards.
◍ A billing specialist discovers that the practice has been submitting claims for
a diagnostic test that was ordered but never actually performed due to
, equipment malfunction. The claims have been paid for the past three
months. What is the FIRST step the specialist should take?.
Answer: The first step is to immediately report the issue to the practice's
compliance officer. Billing for services not rendered is a form of healthcare
fraud, even if unintentional. The compliance officer will then coordinate the
appropriate response, which typically includes conducting an investigation,
filing voluntary refunds to the affected payers, and implementing corrective
actions to prevent recurrence. The 60-day rule under the Affordable Care
Act requires overpayments to be reported and returned within 60 days of
identification.
◍ A billing specialist receives an EOB showing that a claim was paid based on
a fee schedule amount that is lower than the Medicare Physician Fee
Schedule (MPFS) rate. The provider participates with this commercial
payer. What should the specialist do FIRST?.
Answer: Before taking any action on a potential underpayment, the billing
specialist should first review the provider's contract with the payer to verify
the agreed-upon fee schedule rates. Commercial payers negotiate individual
fee schedules with providers that may differ from Medicare rates. Only after
confirming the contracted rate can the specialist determine whether an
underpayment occurred.
◍ An orthopedic surgeon performs a knee arthroscopy on a patient in an
ambulatory surgery center. The patient has Medicare as primary and a
Medigap policy as secondary. Which claim form should be submitted to
Medicare?.
Answer: The surgeon submits a CMS-1500 form for professional
(physician) services regardless of where the procedure is performed. The
ambulatory surgery center would submit a separate UB-04 for the facility
charges. Professional fees and facility fees are billed on different forms.
◍ What does "downcoding" mean in the context of claim adjudication?.
Answer: Downcoding occurs when the payer changes the procedure code
submitted by the provider to a lower-level (less expensive) code during
, adjudication. This typically happens when the documentation does not
support the level of service billed, or when the payer's edits determine a
different code is more appropriate. The result is reduced reimbursement.
Upcoding (assigning a higher code) is a compliance concern. Downcoding
by providers is a form of lost revenue.
◍ What is the primary difference between HCPCS Level I and HCPCS Level
II codes?.
Answer: HCPCS Level I consists of CPT (Current Procedural Terminology)
codes maintained by the American Medical Association (AMA). HCPCS
Level II consists of alphanumeric codes (beginning with a letter followed by
four digits) maintained by the Centers for Medicare & Medicaid Services
(CMS) and are used to report supplies, drugs, DME, and services not
covered by CPT codes.
◍ A medical practice must provide patients with a document describing how
their health information may be used and disclosed. What is this document
called?.
Answer: The Notice of Privacy Practices (NPP) is required by the HIPAA
Privacy Rule and describes how a covered entity may use and disclose a
patient's PHI, the patient's rights regarding their PHI, and the entity's legal
duties. It must be provided to patients at their first encounter, and a good
faith effort to obtain written acknowledgment of receipt must be made.
◍ Which federal law prohibits Medicare from being billed as the primary
payer when the patient has group health plan coverage through an employer
with 20 or more employees?.
Answer: The Medicare Secondary Payer (MSP) rules establish when
Medicare is the secondary rather than primary payer. One key provision is
that for patients who are actively employed (or whose spouse is employed)
by an employer with 20 or more employees and have group health plan
coverage, the employer group health plan is primary and Medicare is
secondary. Billing Medicare as primary in this situation is a violation of
federal law. HIPAA deals with privacy/portability, the ACA with coverage
