Test

Question 1

Compliance Program primary concern

Answer 1

rules and regulations

Question 2

Integrity Program primary concern

Answer 2

values; doing the right thing

Question 3

Who needs a compliance program?

Answer 3

Physicians Practices
Medicare + Choice Organizations 
Ambulance Suppliers
Third Party Billing Companies
Pharmaceutical Manufacturers
Hospitals
Laboratories
Teaching Institutions/Research 
DME Distributors
Home Health/Hospice/SNF
Others

Question 4

Defense Industry Initiative

Answer 4

Voluntary self-regulatory guidelines developed by defense industries suppliers
GOAL: Eliminate waste and bring prices into line

Question 5

Who is responsible for enforcing the rules and regulations under the Medicare and Medicaid laws

Answer 5

HHS OIG in conjunction with the Justice Department

Question 6

An effective compliance program:

Answer 6

safeguards the organization’s legal responsibility to abide by applicable laws ad regulations

Question 7

Three strikes and you’re out

Answer 7

Balanced Budget Act of 1997

Question 8

Qui Tam

Answer 8

whistle blower

Question 9

This act provides financial incentives for private citizens to come forward in qui tam suite

Answer 9

False Claims Act (FCA)

Question 10

He who brings the action for the king as well as for himself

Answer 10

Qui tam pro domino rege quam pro se ipso in hac parte sequitur

Question 11

Qui tam pro domino rege quam pro se ipso in hac parte sequitur

Answer 11

He who brings the action for the king as well as for himself

Question 12

Healthcare whistle blowers can be eligible to receive X of government’s total award if DOJ decides to assume the case

Answer 12

15-25%

Question 13

Healthcare whistle blowers can be eligible to receive X of government’s total award if DOJ declines the case

Answer 13

25-30%

Question 14

Who can impose a CIA (corporate integrity agreement)

Answer 14

The government

Question 15

CIA characteristics

Answer 15

negotiated in order to avoid litigation 
admits no fault or liability 
submits to government for corrective action 
3-5 year duration 
extensive reporting requirements

Question 16

Fine for organizations are calculated using:

Answer 16

Culpability score

Question 17

Possible sanctions include

Answer 17

fines, restitution, forfeiture, and probation

Question 18

Factors that might mitigate an organization’s punishment

Answer 18

effective ethics program and self reporting, cooperation or acceptance of responsibility

Question 19

Four aggravating factors to a culpability score

Answer 19

if upper level employee has “participated in, condoned, or was willfully ignorant of the offence”
if the violation is a repeat offense
if the government was hindered during its investigation
if awareness of and tolerance of the violation were pervasive

Question 20

Four mitigating factors in a culpability score

Answer 20

If the organization had an effective compliance program, even though there was a violation
If the organization reported the violation promptly
If the organization cooperated with the government investigators
If the organization accepted responsibility for the violation

Question 21

Seven Elements of an effective compliance program

Answer 21

1. Written standards of conduct
2. Designating a chief compliance officer and other appropriate bodies
3. effective education and training
4. Audits and evaluation techniques to monitor compliance
5. Reporting processes and procedures for complaints
6. Appropriate disciplinary mechanisms
7. Investigation and remediation of systemic problems

Question 22

Ten Obstacles to Effective compliance Implementation

Answer 22

1. Commitment and buy-in
2. Lack of funding
3. Too many roles for compliance professional
4. Interpreting laws and regulations
5. Lack of resources and staff
6. Lack of education and training
7. Resistance to change
8. Lack of or poor communication
9. Fear of retaliation/retribution
10. No internal enforcement

Question 23

which two documents become tools to build compliance program

Answer 23

the standards or code of conduct and the polices and procedures

Question 24

When a patient requests access to PHI, the covered entity can:

    a. Take up to 120 days to respond 
    b. Charge for retrieving the record 
    c. Require that the request be in writing 
    d. Request the patient accept a summary of the record

Answer 24

c. Require that the request be in writing

Question 25

Changes to the Privacy and Security provisions of the HIPAA and its regulations were enacted in which of the 
    following acts? 
        a. GINA 
        b. FERA 
        c. FACTA 
        d. HITECH

Answer 25

D. HITECH

Question 26

Appropriate progressive discipline policies associated with a compliance program should be:

    a. Defined by role 
    b. Enforced consistently 
    c. Applied to physicians 
    d. Reported to the government

Answer 26

b. Enforced consistently

Question 27

At which level of the Medicare Part A or Part B appeals process is the appeal reconsidered by a qualified independent contractor?
A. first level of appeal 
b. second level of appeal
c. third level of appeal 
d. fourth level of appeal

Answer 27

b. second level of appeal

Question 28

True or False:

An oral request by law enforcement may delay notifications related to a breach for up to 60 days.

Answer 28

False

Question 29

True or False:

An individual has the right of access all information maintained in that individual’s Designated Record Set.

Answer 29

False
An individual has the right of access to the PHI maintained within a Designated Record Set (DRS), not all of the information maintained in the DRS.

Question 30

True or False:

Minimum necessary requirements under HIPAA does not apply to uses or disclosures required by law.

Answer 30

Answer: True

Disclosures required by law are subject to the minimum necessary requirement.

Question 31

True or False:

A CE must accommodate reasonable requests by an individual to receive communications of PHI by alternative means.

Answer 31

Answer: True

This is directly from the regs…if reasonable, then the CE must accommodate.

Question 32

True or False:
Privacy means the property that data or information is not made available or disclosed to unauthorized persons or processes.

Answer 32

Answer: False

The definition listed is verbatim that which applies to security.

Question 33

OIG urges the \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ to assist in the implementation of the compliance program and serves as advisers.
A. Board
B. CEO
C. Compliance Committee
D. Quality Committee

Answer 33

C. Compliance Committee

Question 34

The compliance committee should develop objective and goals on
A. monthly basis
B. continuous basis
C. quarterly basis
D. annual basis

Answer 34

D. annual basis

Question 35

Who should participate in developing goals and objectives for the compliance program?
A. Compliance Committee
B. Risk Managers
C. The Governing Board
D. Physicians

Answer 35

A. Compliance Committee

Question 36

HIPAA Regs: What subpart in Part 164 deals with Privacy

Answer 36

Subpart E:

Hint: Privacy….Privac-E

Question 37

HIPAA Regs: What subpart in Part 164 deals with Breach Notifications

Answer 37

Subpart D:

“D”arn it! We have a breach!

Question 38

HIPAA Regs: What subpart in Part 164 deals with Security

Answer 38

Subpart C:

Hint: “C”-curity

Question 39

What are the 3 components that make up security?

Answer 39

Confidentiality
Integrity
Availability

Question 40

What’s wrong with this statement, “We need to identify if this breach is reportable?”

Answer 40

All breaches are reportable.

Question 41

When is the deadline for reporting breaches to the Secretary

Answer 41

• For breaches affecting 500 or more: 60 days from discovery.
• For breaches affecting less than 500: By the 60th day of the year following when the breach was discovered.

Question 42

Covered Entities and their Business Associates must comply with the all of the Security and Privacy Rules – True or False

Answer 42

False as Business Associates are not required to comply with all of the Privacy Rules.

Question 43

The designated privacy official and the designated security official under HIPAA must be different individuals.

Answer 43

False as the same official may be designated both roles.

Question 44

A health care provider has how long to redistribute its Notice of Privacy Practice to established patients after making a material change to the notice.

Answer 44

There is no such requirement for a health care provider as making such a change does not include a requirement to redistribute the Notice of Privacy Practices

Question 45

Encryption is required under HIPAA – True or False

Answer 45

False. It is an addressable implementation specification.

Question 46

The difference between an addressable and a required implementation specification

Answer 46

• Required – the specification must be implemented

* Addressable – Either implement the specification or an equivalent alternative measure

Question 47

What are the four impermissibles

Answer 47

• Access
• Acquisition
• Use
• Disclosure

Question 48

When does the 60 day “clock” begin for breach notifications?

Answer 48

When the “impermissible” is discovered by the Covered Entity

Question 49

What is the record retention period for HIPAA related work product?

Answer 49

6 years

Question 50

A Security Risk Analysis must be done annually for a Covered Entity to comply with the Privacy Rules. – True or False

Answer 50

False as the Risk Analysis is not required annually and the risk analysis is part of the Security Rules.

Question 51

PHI stands for

Answer 51

Protected Health Information

Question 52

What is the timeframe requirement to train new employees about HIPAA?

Answer 52

“within a reasonable period of time after the person joins the covered entity’s workforce”

Question 53

A covered entity may use or disclose PHI for TPO…what does TPO stand for

Answer 53

Treatment
Payment
Operations

Question 54

What rights of an individual must be contained in the Notice of Privacy Practices

Answer 54

• The right to request restrictions on certain uses and disclosures of protected health information
• The right to receive confidential communications of PHI
• The right to inspect and copy PHI
• The right to amend PHI
• The right to receive an accounting of disclosures of PHI
• The right of an individual to obtain a paper copy of the notice from the covered entity upon request.

Question 55

An individual has the right to access all of the PHI within his or her Designated Record Set – True or False

Answer 55

False as the HIPAA rules do identify instances when a covered entity may deny access.

Question 56

After an investigation, it was discovered that the organization’s reputation is a stake. What should a Compliance Professional do next?

a. Report the findings to the board
b. Contact legal counsel
c. Advise the CEO and recommend next steps
d. Self-disclose to the OIG​

Answer 56

b. Contact legal counsel

Question 57

What are the effective elements for monitoring and auditing?

A. You have an auditing plan and methodology
B. Your program has gone beyond process audits, proactive and reactive audits
C. You have included an auditing strategy and results reporting
D. Corrective Action and verification
E. All of the above

Answer 57

E. All of the above

Question 58

CMS released areas of high-risk fraud, some of those include:

A. Sudden changes in billing and billing inappropriate specialties
B. Billing of inappropriate diagnoses and increased beneficiary complaints
C. Geographical changes in billing and Identity theft (provider and beneficiary)
D. A and B
E. All of the above

Answer 58

E. All of the above

Question 59

As a CO, you are tasked with identifying risk. Knowing some document reviews may never apply to your organization, should you review Special Advisory Bulletins?
A. True
B. False

Answer 59

A. True

Question 60

The benefits of conducting a Controlled Self-Assessment are:

A. Increases the scope and targets audit work
B. Increases awareness and targets audit work
C. Frees internal audit resources and increases the scope
D. Motivates personnel, targets audit work, and increases awareness
E. Both C and D

Answer 60

E. Both C and D

Question 61

You are tasked with creating a risk assessment team. What are the keys to your success?

A. Select team members based on skills and experience and knowledge of risk areas and make sure they know why they were selected
B. Utilize risk assessment tools
C. Develop team ground rules and the risk assessment process
D. Both A and B
E. Both A and C
F. A, B, and C

Answer 61

F. A, B, and C

Question 62

The Physician Payment Sunshine Act must report ______to a covered recipient which is defined as a ______or teaching_____.

Answer 62

payments, physician, hospital

Question 63

The PHRMA CODE is an adopted voluntary code and is considered a law.
A. True
B. False

Answer 63

B. False

Question 64

The OIG requests that you post on your website whether or not the PHRMA CODE is followed.
A. True
B. False

Answer 64

A. True

Question 65

PHS regulations define a significant financial interest as:
Income which when aggregated for the investigator, and investigator’s spouse or dependent children exceeds $10,000 over twelve months
A. True
B. False

Answer 65

B. False

Question 66

STARK indicates no Medicare payments may be made for DHS referred by the physician, and the Entity must refund all money collected for DHS referred by the physician.
A. True
B. False

Answer 66

A. True

Question 67

When we anticipate what the government will measure if our compliance program is under review, we should assume the following:

A. The FSG is the basis of the assessment
B. What determines “effectiveness?”
C. Are there specific resources on what it is we need to demonstrate?
D.Resource: Corporate Integrity Agreements/Settlement Letters
E. All of the above

Answer 67

E. All of the above

Question 68

Since 1981, ____ has had the authority to levy administrative penalties and assessments against providers as punishment for filing false or improper claims or as a collateral consequence of prior bad acts.

A. DHS
B. OIG
C. HHS
D. SSA
E. USC

Answer 68

C. HHS

Question 69

What are the effective elements for monitoring and auditing?
A. You have an auditing plan and methodology
B. Your program has gone beyond process audits, proactive and reactive audits
C. You have included an auditing strategy and results reporting
D. Corrective Action and verification
E. All of the above

Answer 69

E- All of the Above

Question 70

CMS released areas of high-risk fraud, some of those include:
A. Sudden changes in billing and billing inappropriate specialties
B. Billing of inappropriate diagnoses and increased beneficiary complaints
C. Geographical changes in billing and Identity theft (provider and beneficiary)
D. A and B
E. All of the above

Answer 70

E- All of the Above

Question 71

TRUE or FALSE: As a CO, you are tasked with identifying risk. Knowing some document reviews may never apply to your organization, should you review Special Advisory Bulletins?

Answer 71

True

Question 72

The benefits of conducting a Controlled Self-Assessment are:
A. Increases the scope and targets audit work
B. Increases awareness and targets audit work
C. Frees internal audit resources and increases the scope
D. Motivates personnel, targets audit work, and increases awareness
E. Both C and D

Answer 72

E- Both C and D

Question 73

You are tasked with creating a risk assessment team. What are the keys to your success?
A. Select team members based on skills and experience and knowledge of risk areas and make sure they know why they were selected
B. Utilize risk assessment tools
C. Develop team ground rules and the risk assessment process
D. Both A and B
E. Both A and C
F. A, B, and C

Answer 73

F- A,B, and C

Question 74

TRUE or FALSE: PHS regulations define a significant financial interest as:
Income which when aggregated for the investigator, and investigator’s spouse or dependent children exceeds $10,000 over twelve months

Answer 74

False (?)

Question 75

TRUE or FALSE: STARK indicates no Medicare payments may be made for DHS referred by the physician, and the Entity must refund all money collected for DHS referred by the physician.

Answer 75

True

Question 76

When we anticipate what the government will measure if our compliance program is under review, we should assume the following:
A. The FSG is the basis of the assessment
B. What determines “effectiveness?”
C. Are there specific resources on what it is we need to demonstrate?
D. Resource: Corporate Integrity Agreements/Settlement Letters
E. All of the above

Answer 76

E- All of the Above

Question 77

OIG urges the \_\_\_\_\_\_\_\_\_\_\_\_ to assist in the implementation of the compliance program and serves as advisors.
A.	Board
B.	CEO
C.	Compliance Committee
D.	Quality Committee

Answer 77

C. Compliance Committee

Question 78

When a medical record is not consistent with the selected diagnosis code, the coder should contact the
A.	attending nurse.
B.	attending physician.
C.	billing supervisor.
D.	compliance auditor

Answer 78

B- Attending Physician.

Question 79

Covered entities participating in an Organized Health Care Arrangement are permitted to
A. act as a single covered entity.
B. utilize a single notice of privacy practices.
C. share psychotherapy notes.
D. operate as a hybrid entity

Answer 79

B- Utilize a single notice of privacy practices.

Question 80

When creating and implementing a compliance plan, the compliance officer should have
A.	no approval
B.	board approval and resolution.
C.	patient approval.
D.	legal approval

Answer 80

B- Board approval and resolution.

Question 81

Which of the following elements is included in the Anti-Kickback Statute?
A.	whistleblower provisions
B.	exclusions
C.	safe harbors
D.	compliance guidance

Answer 81

C. safe harbors