CPCO Exam Prep EXAM NEWEST 2025-2026
ACTUAL EXAM QUESTIONS AND CORRECT
DETAILED ANSWERS (VERIFIED ANSWERS)
The Federal Sentencing Guidelines (FSGs) are rules that set out a uniform sentencing policy for those
convicted of felonies and serious (Class A) misdemeanors in the United States' federal courts system. In
healthcare, the FSGs are used as the core elements for which of the following?
I. The OIG's Five-Principle Strategy to combat healthcare fraud, waste, and abuse.
II. The seven core elements of an effective compliance program.
III. The core elements of corporate integrity agreements.
IV. The final rule for the Medicare Access and CHIP Reauthorization Act (MACRA).
V. The False Claims Act (FCA). - CORRECT ANSWERS II and III
The compliance program guidance is recognized by the United States Sentencing Commission (USSC).
These seven core elements are used by the USSC as the basis for FSGs for healthcare offenses. The core
elements of CIAs were created in the 1995 Federal Sentencing Guidelines.
Which office is responsible for enforcing the HIPAA Privacy Rule and Security Rule provisions?
Office of Civil Rights (OCR)
Department of Justice (DOJ)
Department of Labor (DOL)
Office of Inspector General (OIG) - CORRECT ANSWERS Office of Civil Rights (OCR)
Which office performs independent audits of HHS programs and/or HHS grantees and contractors to
examine their performance?
,Immediate Office of Inspector General
Office of Audit Services
Office of Evaluations and Inspections
Office of Management and Policy - CORRECT ANSWERS Office of Audit Services
According to Inspector General Daniel Levinson, what can help reduce enforcement on a provider from a
corporate integrity agreement (CIA) to a certification of compliance agreement (CCA)?
The provider demonstrates a compliance plan has been distributed to all employees.
The provider has a robust and effective compliance program.
The provider has a compliance officer on staff.
The provider keeps a copy of all coding rules which support their coding. - CORRECT ANSWERS
The provider has a robust and effective compliance program.
Compliance certification agreements (CCAs) require providers to certify they will continue to operate
their existing compliance program for a fixed term. During this term, is an independent review
organization (IRO) required?
No, an IRO is not required for a CCA.
,Yes, an IRO is required for all CCA agreements.
It depends; an IRO is only required for certain entities that have signed a CCA.
Yes, IROs are required for both CIA and CCA arrangements. - CORRECT ANSWERS No, an IRO is
not required for a CCA.
The OIG has stated that an effective compliance plan can help create which of the following?
Customer loyalty, a need for refunds, and overpayments from insurance carriers.
Community support, financial success, wealthy physicians.
Financial success, flawless billing, and lessen staff required to support the practice.
Customer loyalty, community support, and financial success. - CORRECT ANSWERS Customer
loyalty, community support, and financial success.
Jill is the compliance officer for Dr. X. Jill wants to send all lab referrals to the lab that her physician
owns. Is this considered fraud?
No, it is considered waste.
Yes, it is considered fraud.
No, it is considered abuse.
, Yes, only because lab services owned by providers is a special category so therefore it is fraud. -
CORRECT ANSWERS Yes, it is considered fraud.
What is a high-level statement or plan that embraces an organization's general beliefs, goals, objectives
and acceptable procedure for a specified subject area?
a. policy
b. standard for all organizations
c. risk for the organization
d. compliance program - CORRECT ANSWERS policy
After an employee receives their initial training regarding the practice/organization Compliance
Program, what is the next step the compliance officer should take to protect the practice against
potential non-compliance activity?
a. Retain the training record for employee evaluation reviews.
b. Perform a baseline assessment of the employee's competency scores to determine if additional
training is required.
c. repeat the training in 1 year.
d. No additional steps are necessary; the requirement to train new employees has been met. - CORRECT
ANSWERS Perform a baseline assessment of the employee's competency scores to determine
if additional training is required.
ACTUAL EXAM QUESTIONS AND CORRECT
DETAILED ANSWERS (VERIFIED ANSWERS)
The Federal Sentencing Guidelines (FSGs) are rules that set out a uniform sentencing policy for those
convicted of felonies and serious (Class A) misdemeanors in the United States' federal courts system. In
healthcare, the FSGs are used as the core elements for which of the following?
I. The OIG's Five-Principle Strategy to combat healthcare fraud, waste, and abuse.
II. The seven core elements of an effective compliance program.
III. The core elements of corporate integrity agreements.
IV. The final rule for the Medicare Access and CHIP Reauthorization Act (MACRA).
V. The False Claims Act (FCA). - CORRECT ANSWERS II and III
The compliance program guidance is recognized by the United States Sentencing Commission (USSC).
These seven core elements are used by the USSC as the basis for FSGs for healthcare offenses. The core
elements of CIAs were created in the 1995 Federal Sentencing Guidelines.
Which office is responsible for enforcing the HIPAA Privacy Rule and Security Rule provisions?
Office of Civil Rights (OCR)
Department of Justice (DOJ)
Department of Labor (DOL)
Office of Inspector General (OIG) - CORRECT ANSWERS Office of Civil Rights (OCR)
Which office performs independent audits of HHS programs and/or HHS grantees and contractors to
examine their performance?
,Immediate Office of Inspector General
Office of Audit Services
Office of Evaluations and Inspections
Office of Management and Policy - CORRECT ANSWERS Office of Audit Services
According to Inspector General Daniel Levinson, what can help reduce enforcement on a provider from a
corporate integrity agreement (CIA) to a certification of compliance agreement (CCA)?
The provider demonstrates a compliance plan has been distributed to all employees.
The provider has a robust and effective compliance program.
The provider has a compliance officer on staff.
The provider keeps a copy of all coding rules which support their coding. - CORRECT ANSWERS
The provider has a robust and effective compliance program.
Compliance certification agreements (CCAs) require providers to certify they will continue to operate
their existing compliance program for a fixed term. During this term, is an independent review
organization (IRO) required?
No, an IRO is not required for a CCA.
,Yes, an IRO is required for all CCA agreements.
It depends; an IRO is only required for certain entities that have signed a CCA.
Yes, IROs are required for both CIA and CCA arrangements. - CORRECT ANSWERS No, an IRO is
not required for a CCA.
The OIG has stated that an effective compliance plan can help create which of the following?
Customer loyalty, a need for refunds, and overpayments from insurance carriers.
Community support, financial success, wealthy physicians.
Financial success, flawless billing, and lessen staff required to support the practice.
Customer loyalty, community support, and financial success. - CORRECT ANSWERS Customer
loyalty, community support, and financial success.
Jill is the compliance officer for Dr. X. Jill wants to send all lab referrals to the lab that her physician
owns. Is this considered fraud?
No, it is considered waste.
Yes, it is considered fraud.
No, it is considered abuse.
, Yes, only because lab services owned by providers is a special category so therefore it is fraud. -
CORRECT ANSWERS Yes, it is considered fraud.
What is a high-level statement or plan that embraces an organization's general beliefs, goals, objectives
and acceptable procedure for a specified subject area?
a. policy
b. standard for all organizations
c. risk for the organization
d. compliance program - CORRECT ANSWERS policy
After an employee receives their initial training regarding the practice/organization Compliance
Program, what is the next step the compliance officer should take to protect the practice against
potential non-compliance activity?
a. Retain the training record for employee evaluation reviews.
b. Perform a baseline assessment of the employee's competency scores to determine if additional
training is required.
c. repeat the training in 1 year.
d. No additional steps are necessary; the requirement to train new employees has been met. - CORRECT
ANSWERS Perform a baseline assessment of the employee's competency scores to determine
if additional training is required.
