CHC RANDOM STUDY QUESTIONS AND VERIFIED ANSWERS

CHC RANDOM STUDY QUESTIONS AND VERIFIED ANSWERS "An Organization identifies a potential issue when reviewing personal services and management contracts. Which of the following should the compliance professional consider in analyzing the issue? a. Deficit Reduction Act (DRA) b. Conditions of Participation (CoP) c. IRS tax-exempt guidelines d. Anti-Kickback (AKS) Safe Harbors - CORRECT ANSWER d. Anti-Kickback (AKS) Safe Harbors" "A hotline caller states the coding department was instructed to code based on LCD requirements regardless of medical record information. Which of the following should be the compliance professional's FIRST action? a. direct the coding supervisor to follow the applicable policy b. incorporate the coding issue into next year's risk assessment c. design a review to find facts and circumstances related to the compliant d. engage outside counsel to protect the underlying facts from discovery - CORRECT ANSWER c. design a review to find facts and circumstances related to the compliant" "A compliance professional identified an issue with medical necessity. The compliance professional should collaborate with the: a. case manager b. billing clerk c. documentation specialist d. patient account representative - CORRECT ANSWER a. case manager" "When non-compliance is substantiated, disciplinary action should be administered a. within 30 days b. if intent is proven c. in a consistent manner d. after completion of corrective action - CORRECT ANSWER c. in a consistent manner" "Incentive programs based on employee performance may be tied to increases in a. the case mix index b. CPT/DRG codes c. patient referrals d. patient satisfaction - CORRECT ANSWER d. patient satisfaction" "A preliminary investigation identified payments to physicians for medical directorship without written contracts. Which of the following should be the compliance professional's NEXT step? a. determine if Medicare payments were received b. initiate a voluntary disclosure c. provide education to contracting office d. refund payments to the contractors - CORRECT ANSWER a. determine if Medicare payments were received" "In an investigation, the MOST important responsibility of the compliance professional is to a. personally conduct all investigations b. assure independence in investigations c. set the scope and sample size related to investigations d. remain within the budget for investigations - CORRECT ANSWER c. set the scope and sample size related to investigations" "Training is scheduled for employees to learn about cost reporting risks. This type of training is an example of a. online training b. general training c. focused training d. orientation training - CORRECT ANSWER c. focused training" "Which of the following are MOST relevant in evaluating the effectiveness of a compliance training program? 1. percent of target audience that has attended 2. whether the training is computer-based or classroom-based 3. whether training adequately addresses areas of concern 4. improvement shown in pre- and post-training quizzes A. 1, 2, 3 only B. 1, 2, 4 only C. 1, 3, 4 only D. 2, 3, 4 only - CORRECT ANSWER C. 1, 3, 4 only" "Quitam actions enable any person to bring forth an action to the a. employer, based upon original knowledge b. employer, based upon public information c. government, based upon public knowledge d. government, based upon original information - CORRECT ANSWER d. government, based upon original information" "An individual's understanding of the compliance aspects of their job can be BEST enhanced by including compliance in a. annual evaluations b. exit interviews c. HR benefit material d. audit committee meetings - CORRECT ANSWER a. annual evaluations" "Which of the following agencies indicate a self-evaluation after discovery of potentially fraudulent acts? a. CMS b. OIG c. OCR d. OSHA - CORRECT ANSWER b. OIG" "Reporting systems should be: a. marketed to contractors b. outsourced to a vendor c. operated by management d. publicized to all employees - CORRECT ANSWER d. publicized to all employees" "An employee reports a potential problem with the attending physician's presence for surgery. Which of the following is the compliance professional's BEST action? a. investigate the issue b. approach the surgeon c. notify the OIG d. request copies of the records - CORRECT ANSWER a. investigate the issue" "Coinsurance and deductibles can be waived a. for any federal payors b. during the admission process c. following payment to the third party d. if there is proven financial hardship - CORRECT ANSWER d. if there is proven financial hardship" "Corporate Integrity Agreements (CIA) are negotiated primarily between the: a. US attorneys and the hospital b. DOJ and the provider c. Federal Sentencing Commission and the organization d. OIG and the healthcare entity - CORRECT ANSWER d. OIG and the healthcare entity" “Compliance means (Compliance Program) - CORRECT ANSWER Adherence to laws and regulations, as well as principles of ethical conduct" "OIG urges the ____________ to assist in the implementation of the compliance program and serves as advisors. A. Board B. CEO C. Compliance Committee D. Quality Committee - CORRECT ANSWER C. Compliance Committee" "A compliance professional is reviewing the policies and procedures for exclusion verifications. The policy does not state frequency of exclusion verifications. How frequent should exclusion verifications be performed? a. Annually b. Bi-annually c. Monthly d. Semi-annually - CORRECT ANSWER c. monthly (as recommended by OIG to avoid risk)" "OIG can impose mandatory exclusion for a minimum of..? - CORRECT ANSWER 5 years" "True or False: An excluded individual is automatically reinstated at the end of an exclusion term - CORRECT ANSWER FALSE - An excluded individual must apply for reinstatement at the end of their exclusion term" "A privacy professional is reviewing a program for an academic medical center that include a faculty group practice, hospital, student health center, and self-funded group health plan. The privacy professional should evaluate if the program has notices for: a. GINA b. FMLA c. HIPAA d. FISMA - CORRECT ANSWER c. HIPAA" "A health system implemented an EHR in 55 clinics. The privacy professional is told employees are inconsistently interpreting the policy addressing employee access to EHR. Which of the following is the privacy professional's BEST strategy? a. Collaborate with HR to ensure appropriate discipline b. Perform an audit under Attorney-Client Privilege c. Conduct surveys of clinic employees concerns d. Audit a random sampling of clinics across the organization - CORRECT ANSWER c. Conduct surveys of clinic employees concerns" "What are the 2 types of OIG exclusions? - CORRECT ANSWER Mandatory and Permissive. See definitions: "Concurrent Audit - CORRECT ANSWER Real time - Ongoing review/inspection of records, policies and procedures. More difficult to execute but best way to change behavior. Identify and address problems as they arise - Example: Auditing claims before claims are billed" "What is DRG Creep - CORRECT ANSWER Using a Diagnosis Related Group (DRG) code that provides a higher payment rate than the DRG code that accurately reflects the service furnished to the patient." "In Compliance Auditing & Monitoring, Contemporaneous Reviews: a. Involves matter that either have not yet been billed by provider or have not yet been paid by the third party payor b. Appropriate to determine an initial baseline view of a particular billing practice or activity c. Can uncover existence of past problems e. All of the above f. A and B only - CORRECT ANSWER e. All of the above" "Retrospective Audit - CORRECT ANSWER Baseline assessment of where you are at a period of time in the past Snapshot or Laundry list of things needed to be fixed Need to know a milestone to go back to in time (e.g.; published financial statements, historical audit)" "Retrospective vs Concurrent Audit can be characterized by... - CORRECT ANSWER Retrospective milestone to go back to in system, you know the sample unit from system. Concurrent any time up to the final, real time" "The type of audit used to identify potential errors prior to completing the process or transaction under review is: a. Operational audit b. Concurrent audit c. Retrospective audit d. Baseline audit - CORRECT ANSWER b. Concurrent audit" "Upcoding - CORRECT ANSWER Using a billing code that provides a higher reimbursement rate than the billing code that actually reflects the service furnished. Major focus of OIG enforcement efforts and HIPAA added additional civil monetary penalty to OIG sanctions." "True or False: Encryption is required under HIPAA - CORRECT ANSWER FALSE - It is an addressable implementation specification." "Which of the following is one objective of a baseline audit? a. Evaluate compliance program operations b. Investigate an alleged violation c. Offer recommendations regarding necessary remediation d. Create a mission statement for the compliance department that is consistent with the mission statement - CORRECT ANSWER c. Offer recommendations regarding necessary remediation" "FSG - Culpability Score, when calculated, this is used to determine: - CORRECT ANSWER Calculation of the degree of blame or guilt used to determine: fines, restitution, forfeiture, and probation" "FSG - Culpability Score - CORRECT ANSWER Part of the US Sentencing Commission Guidelines. It's a system that adds or substracts points for aggravating or mitigating factors accordingly to determine the fines imposed for fraud and abuse." "True or False: The attorney-client privilege applies to communications made by a client, the underlying facts of the communication and the legal conclusions involving the facts. - CORRECT ANSWER FALSE Confidential communication between a client and his or her lawyer for the purpose of obtaining legal advice or securing legal services. This privilege protects communications of facts, and not the facts that underlie these communications. For instance, a client provides an attorney with a host of facts when communicating, but the privilege does not protect these facts from disclosure - only the communications themselves." "EEOC - CORRECT ANSWER Equal Employment Opportunity Commission of 1964. Definition: Agency created in 1964 to end discrimination based on race, religion, sex, or national origin in employment" "ERISA - CORRECT ANSWER Employee Retirement Income Security Act of 1974 Definition: Federal act that exempts self-insured health plans from state laws governing health insurance and requires health plans to provide certain information to enrollees" "HITECH stands for: - CORRECT ANSWER Health Information Technology for Economic and Clinical Health. Act was signed into law in February 2009 under ARRA" "Coding for a higher level than the documentation warrants. This is known as: - CORRECT ANSWER Upcoding" "The illegal practice of submitting claims individually in order to maximize reimbursement for various tests or procedures which are required to be billed together. The government initiative investigating this issue is Project Bad Bundle. This is known as: - CORRECT ANSWER Unbundling" "A covered entity may use or disclose PHI for TPO...what does TPO stand for - CORRECT ANSWER Treatment, Payment, Health Care Operations" "Few other examples for use or disclosure of PHI other that TPO: - CORRECT ANSWER Public health interest, research, serious threat, organ/tissue donation decedents (deceased person) information, worker's compensation insurers." "True or False A vendor that stores encrypted copies of files from a CE is not a Business Associate of that CE because the ePHI is unreadable, unusable, and indecipherable. - CORRECT ANSWER FALSE -The vendor is a Business Associate as it is maintaining (through its storage functions) the encrypted ePHI." "True or False Covered Entities and their Business Associates must comply with all of the Security and Privacy Rules - CORRECT ANSWER FALSE - Business Associates are not required to comply with all of the Privacy Rules." "What is a Business Associate (BA)? What do they do in healthcare? - CORRECT ANSWER BA is an entity that performs/assist Covered Entities in activities involving the use/disclosure of individually identifiable health information (IHI) on behalf of a Covered Entity or provides services such as legal, actuarial, accounting, data aggregation, or financial services for a covered entity" "Designated Record Set (DRS) - includes: - CORRECT ANSWER Group of records maintained by or for a Covered Entity that comprises the following: 1. medical/billings records 2. enrollment/payment/claims adjudication/case management by health plan 3. other records used by or for covered entity to make decisions about individuals" "Designated Record Set (DRS) - records excluded from DRS: - CORRECT ANSWER Administrative data (audit trails, appointment schedules, that don't imbed PHI). Incident reports. Quality Assurance Data. Statistical reports." "1984 Sentencing Reform Act - CORRECT ANSWER Designed to correct inequities in deferral sentences. Includes the Federal Sentencing Guidelines that include guidance for assessing fines and detailed method for calculation of a "culpability score."" "5 most important federal fraud and abuse laws - CORRECT ANSWER FCA, AKS, Stark Law, CMPL, and Exclusion Authorities" "Why is Caremark International Derivative Litigation important in Corporate Compliance? - CORRECT ANSWER The 1996 U.S. Civil settlement of Caremark International, Inc. Decision established Corporate directors breached their oversight duty by failing to adequately supervise their employees when they knew/should've known a violation of law was occurring. Ref: 698 A.2d 959 (Del. Ch. 1996). Org entered into a 5-year imposed CIA. It increased significance of Compliance Programs and the duty of oversight to Board and Directors." "Civil Monetary Penalties Law: Since 1981, ____ has had the authority to levy administrative penalties and assessments against providers as punishment for filing false or improper claims or as a collateral consequence of prior bad acts. A. DHS B. OIG C. HHS D. SSA E. USC - CORRECT ANSWER C. HHS" "Inspector General (IG) function - CORRECT ANSWER Officer or agency that inspects or conducts audits and investigations relating to operations and procedures over which the agency has jurisdiction" "HHS (Department of Health and Human Services) function - CORRECT ANSWER Responsible for PUBLIC HEALTH SERVICE, and Social Security Administration" "CMS (Centers for Medicare and Medicaid Services) function - CORRECT ANSWER Administers Medicare, Medicaid and State's Children Health Insurance Programs (CHIP)" "Name a few key differences between Anti-Kick Back statute and Stark Law? - CORRECT ANSWER Stark: prohibits referrals from physicians; applies to Medicare DHS only; strict liability/no proof of intent to violate the law; mandatory "exceptions" (legal arrangements); civil penalty only. AKS: prohibits referrals from anyone; applies to all federal services; proof of intent knowingly/willfully violated the law; voluntary "safe harbors" (legal arrangements); both criminal and civil penalties. Ref: "OIG is legally required to exclude individuals from Federal health care programs who are convicted of the following criminal offenses: - CORRECT ANSWER • Medicare or Medicaid fraud • Patient abuse or neglect • Felony convictions for other health-care related fraud, theft, or other financial misconduct; • Felony convictions for unlawful manufacture, distribution, prescription, or dispensing of controlled substances" "Proof of intent is not required for: a. false claims act b. antikickback statute c. stark law d. affordable care act - CORRECT ANSWER c. Stark Law" "Sarbanes-Oxley Act of 2002 or SOX Act - CORRECT ANSWER Federal law that established sweeping auditing and financial regulations for public companies. Lawmakers created the legislation to help protect shareholders, employees and the public from accounting errors and fraudulent financial practices. It was enacted in response to a series of high-profile financial scandals that occurred in the early 2000s (i.e. Enron). Learn more: "The Stark Law is also commonly referred to as - CORRECT ANSWER Physician Self-Referral Law" "TRUE or FALSE: STARK indicates no Medicare payments may be made for DHS referred by the physician, and the Entity must refund all money collected for DHS referred by the physician - CORRECT ANSWER TRUE In other words, Stark law bans physicians from referring 10 designated health care services to any entity with which physician has a financial relationship." "What is False Claims Act? - CORRECT ANSWER Laws for the government to enforce federal fraud and abuse prohibitions. Prohibits anyone from knowingly submitting false/fraudulent claims" "What is Fiscal Intermediary (FC) - CORRECT ANSWER It refers to an entity or a private company that has a contract with the center for Medicare and Medicaid services (CMS) to determine and to pay part A and some part B bills such as bills from hospitals, on a cost basis and to perform other related functions" "What is Physician Payment Sunshine Act? - CORRECT ANSWER Requires drug/device manufacturers to disclose to government anything of value provided to physicians (report quarterly). Applies to companies with gross revenue over $100 MIL" "What is the anti-kickback statute? - CORRECT ANSWER Prohibits any knowing and willful conduct involving solicitation, receipt, offer, or payment of any kind of remuneration in return for referring an individual or for recommending or arranging the purchase, lease, or ordering of an item or services that may be wholly or partially paid for under a federal health care program." "What is Attestation? - CORRECT ANSWER It's an affirmation signed by signature that the action outlined has been accomplished" "Which of the following does EMTALA require? a. Appropriate signage in all hospital waiting areas b. Acute patient to be stabilized before being transferred to another hospital c. Attestation by the treating physician or other appropriate licensed independent personnel that the patient is stable d. Receiving hospital must have resources available and appropriate licensed personnel to treat the patient e. All of the above f. B and C g. A, C, and D - CORRECT ANSWER e. All of the above "Which of the Fraud and Abuse laws contains the whistleblower provision? - CORRECT ANSWER False Claims Act (FCA)" "Examples of "outliers" that OIG might identify in certain hospital relationships or arrangements with greatest risk of non-compliance: a. audit processes that includes e-visits, interviews, trend analysis, etc. b. medical office building leases consistent with fair market value c. large and inconsistent payments made to physicians without a written contract d. none of the above - CORRECT ANSWER c. large and inconsistent payments made to physicians without a written contract" "The PhRMA Code prohibits which of the following: a. Pharmaceutical companies that bring free lunches to a healthcare organization weekly to promote the use of their product b. Pharmaceutical companies paying for trip expenses and stipend for a physician to come and speak at conference because he prescribes their product often and has had much success treating his patients with it c. Pharmaceutical companies providing lunches to the providers and their wives, while providing an educational session about a particular new drug d. All of the above e. None of the above - CORRECT ANSWER d. All of the above See the most updated PhRMA Code of Interactions: "An employee responsible for quality assurance reviews was terminated for inappropriately accessing sensitive information of a health plan beneficiary. The employee appealed the decision, stating a colleague received a verbal warning for similar conduct just last month. Which of the following is the responsibility of the privacy official? a. Endure disciplinary action is imposed b. Develop corrective action for each disciplined employee c. Monitor disciplinary action consistently d. Document disciplinary action for all substantiated complaints - CORRECT ANSWER c. Monitor disciplinary action consistently" "What are the four impermissible (HIPAA breach)? - CORRECT ANSWER Access Acquisition Use Disclosure" "An agency investigating a complaint of a HIPAA privacy violation contacts the facility for patient information. The facility's policy should be to disclose all information: a. If a search warrant is presented b. That is required by state law c. If the patients have been informed d. Requested except for PHI - CORRECT ANSWER b. That is required by state law" “Organizations receiving more than $5 million in Medicaid funds must provide education on the False Claims Act (FCA) in accordance with the: a. Stark Laws b. Deficit Reduction Act (DRA) c. Anti-Kickback (AKS) Law d. Sherman Antitrust Law - CORRECT ANSWER b. Deficit Reduction Act (DRA)" "In development of the annual work plan, physician contract compliance was prioritized as a high-risk area. When the compliance professional followed up with management, it appeared that the monitoring identified for this area was never put into place. Which of the following should be the compliance professional's FIRST step? a. Develop a corrective action plan b. Identify a statistically valid sample c. Conduct a probe sample d. Notify legal counsel - CORRECT ANSWER c. Conduct a probe sample" "Which of the following is the BEST question to include in an employee exit interview? a. Why are you leaving your job? b. Did you ever observe anything that made you feel uncomfortable? c. How many times did you use the compliance hotline? d. Do you think your patients knew about the hotline? - CORRECT ANSWER b. Did you ever observe anything that made you feel uncomfortable?" "A compliance professional is conducting a policy review. Which of the following procedures MUST be included in the policy for statistically valid sampling and extrapolation? a. financial error rate exceeds 5% with a refund to occur within 60 days b. financial error rate exceeds 5% with a refund to occur within 90 days c. coding error rate exceeds 5% with a refund to occur within 60 days d. coding error rate exceeds 5% with a refund to occur within 90 days - CORRECT ANSWER a. financial error rate exceeds 5% with a refund to occur within 60 days" "A compliance professional discovers non-compliance with a regulation. Which of the following the compliance professional do FIRST? a. implement disciplinary actions b. conduct a baseline audit c. include it in the annual work plan d. develop a risk specific education plan - CORRECT ANSWER b. conduct a baseline audit" "A record retention policy must be based on a. AHIMA requirements b. applicable state laws c. state insurance commissioner's requirements d. applicable electronic health record constraints - CORRECT ANSWER b. applicable state laws" "Under HIPAA, a covered entity is required to disclose Protected Health Information (PHI) when: a. the disclosure is requested by the police department b. a subpoena signed by an attorney is received c. the disclosure is required by medical staff bylaws d. the Secretary of DHHS requests the information - CORRECT ANSWER d. the Secretary of DHHS requests the information" "The annual OIG work plan is a document that outlines the OIG's annual: a. staffing needs b. budget plans c. investigation ideas d. education agenda - CORRECT ANSWER c. investigation ideas" "A compliance professional conducts an investigation into allegations of physicians and nurses taking pictures of injuries and posting them on a social network. It is confirmed that the two physicians and a nurse have engaged in this behavior. Which of the following is the compliance professional's and HR director's BEST action? a. review and adhere to the organization's disciplinary policy b. revoke the physician's hospital privileges, and terminate nurse c. report the incident to the Peer Review Committee and the nursing board d. notify the board of directors, and act according to their recommendations - CORRECT ANSWER a. review and adhere to the organization's disciplinary policy" "A hospital medical staff office is conducting its monthly review of the Excluded Parties List System (EPLS). The compliance officer is called by the manager of the medical staff office and informed that Dr. Smith, a surgeon who took call 5 times last month for the Emergency Department, was excluded on a date prior to those dates when the surgeon took call. In other words, the effective date of the exclusion involving the surgeon was 4/1/2019 and the surgeon took call and provided surgical services to patients in the ED on 4/13/19, 4/20/19, and 4/27/2019. What is the NEXT action the compliance officer should do? a. Contact the ED and make sure that the involved surgeon is removed from taking any more on call shifts. b. Have the medical office check if the surgeon is listed on other exclusion lists. c. Contact legal counsel to alert of the need to pay back reimbursement received for services provided by an excluded ind - CORRECT ANSWER b. Have the medical office check if the surgeon is listed on other exclusion lists" "Under the US Federal Sentencing Guidelines, there is an expectation that effective compliance programs include due diligence in discretionary authority and hiring. Which of the following is MOST important process to include? a. Periodic background checks b. Drug Testing c. Monthly exclusion verifications through OIG database d. Monthly exclusion verifications through SAMS GSA Exclusion database - CORRECT ANSWER d. Monthly exclusion verifications through SAMS GSA Exclusion database. Explanation: Starting from the top: GSA administers SAM, which contains debarment actions taken by various Federal agencies, including OIG's exclusions. The LEIE contains only the exclusion actions taken by OIG." "The claims department needs to determine the initial baseline view of a particular billing practice to represent the beginning of a review process. What type of audit should be conducted? a. A probe audit b. Retrospective Audit c. A contemporaneous review d. Retroactive audit - CORRECT ANSWER c. A contemporaneous review" "The Compliance Officer is working with the Compliance Committee to develop goals of a review from a compliance perspective. What is the first thing that should be done? a. Conduct a probe audit on claims b. Take a "snapshot" to develop a baseline to assess the current state of compliance c. Conduct a contemporaneous review d. Conduct a concurrent audit - CORRECT ANSWER b. Take a "snapshot" to develop a baseline to assess the current state of compliance" "What is a Corporate integrity agreement; also consent decrees? - CORRECT ANSWER A negotiated settlement between the ORG and GOV, which providers present no liability while implementing a strict compliance program plan imposed by the GOV." "Corporate Integrity Agreement (CIA) characteristics: - CORRECT ANSWER • 3-5 year duration • extensive reporting requirements • negotiated in order to avoid litigation • admits no fault or liability • submits to government for corrective action" "Covered Entity can use or disclose PHI by these 4 areas: - CORRECT ANSWER 1. for treatment, payment, healthcare operations (TPO) 2. for public interest in disaster relief or public emergency 3. with an opportunity to object (i.e. spouse picking up Rx) 4. with authorization granted" "Covered entity includes: - CORRECT ANSWER • Health plan • Health care clearinghouse • Health care provider who transmits any health info in electronic form" "What is a Health Care Clearinghouse? - CORRECT ANSWER Entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements." "What is HIPAA? - CORRECT ANSWER Comprehensive legislation that protects health information, ensure access to health coverage for those who change jobs or temporarily out of work, and provides funding to DOJ and FBI for Medicare fraud investigations" "What is the difference between HIPAA Privacy and Security? - CORRECT ANSWER Privacy - covers all forms of PHI (ePHI, written, oral). Security - covers ePHI only" "An HHS/OIG nationwide review of compliance with rules governing physicians at teaching hospitals. Records were reviewed to determine adequate physician involvement in patient care according to IL373, the Medicare rule that dictates that an attending physician must be present when supervising an intern or resident in order to bill for the care provided by the intern or the resident. - CORRECT ANSWER Physicians at a Teaching Hospital (PATH)" "Balance Budget Act of 1997 (the 3-strike rule) - CORRECT ANSWER Legislation containing major reform of the Medicare and Medicaid programs especially in the areas of home health and patient transfers. It also mandated permanent exclusion from participation in federally funded health care programs of those convicted of three health care-related crimes" "Caremark International Derivative Litigation - CORRECT ANSWER A civil action concerning a director's duty of care. Caremark directors breached their duty of care by failing to adequately supervise their employees when they knew/should've known a violation of law was occurring. Ref: 698 A.2d 959 (Del. Ch. 1996) Also known as the "Caremark Duty" - makes the board responsible for implementation of a system to gather information on the company's efforts to prevent and detect fraud and abuse." "False Claim Act (FCA) - CORRECT ANSWER • Empowers government to investigate and bring civil action in fraud case. Implemented during Civil War to curb war time price gouging. • Also allow private citizen to bring civil actions against an organization in the name of United States. This action provided significant incentive for the private citizen to come forward. This action is better known as Qui Tam, whistle blower. Sometimes called Lincoln's Law as it was implemented during the Civil War to protect against price gouging to the military." "General Services Administration (GSA) - CORRECT ANSWER Government agency that was established in 1949. GSA is the purchasing department of the U.S. government and lists contracts or schedules that potential vendors can bid on to get government business. In other words, GSA manages the gov's property and records." "Organizations have the opportunity to reduce their culpability in accordance with the Federal Sentencing Guidelines by A. establishing mandatory audits. B. effectively dealing with any offense after it has occurred. C. developing a code of conduct and educating senior management. D. voluntarily disclosing overpayments. - CORRECT ANSWER B. effectively dealing with any offense after it has occurred. (review FSG capability factor "The primary purpose of a privacy exit interview is to: a. Meet HITECH requirements b. Prevent whistleblower lawsuits c. Evaluate for rehire d. Determine the appropriate discipline - CORRECT ANSWER b. Prevent whistleblower lawsuits"