CPCO Exam Prep Free practice test →

Free CPCO Practice Questions

10 free, exam-style Certified Professional Compliance Officer (CPCO) practice questions with answers and explanations. No signup required. Work through them below, then take the full free CPCO practice test to study every exam domain.

Question 1

A compliance officer reviews two arrangements. First, a physician refers her Medicare patients for outpatient physical therapy to a therapy center she co-owns; the arrangement satisfies no Stark exception, but there was no bad intent. Second, a device vendor pays a surgeon a cash "consulting fee" that is in reality tied to the volume of implants he orders. Which statement correctly identifies the laws most directly implicated and their intent standards?

  1. Both arrangements fall under the Anti-Kickback Statute, which requires proof of knowing and willful intent.
  2. The self-referral implicates the Anti-Kickback Statute (knowing and willful); the cash-for-referrals implicates the Stark Law (strict liability).
  3. The self-referral implicates the Stark Law (strict liability); the cash-for-referrals implicates the Anti-Kickback Statute (knowing and willful).
  4. Both arrangements require proof of specific intent to defraud a federal health care program.
Show answer & explanation

Correct answer: C - The self-referral implicates the Stark Law (strict liability); the cash-for-referrals implicates the Anti-Kickback Statute (knowing and willful).

Question 2

A practice hires a billing clerk without checking any exclusion database. Six months later, the compliance officer discovers the clerk is listed on the OIG List of Excluded Individuals/Entities (LEIE). What is the MOST significant compliance consequence for the practice?

  1. No compliance consequence arises here, because the practice had no actual knowledge that the clerk was excluded at the time of the hire.
  2. The clerk must be reported to the state medical board, which will begin license-revocation proceedings.
  3. The practice must self-report the hire to the FBI within twenty-four hours of discovery.
  4. The practice may incur civil monetary penalties for claims tied to items or services the excluded individual helped furnish.
Show answer & explanation

Correct answer: D - The practice may incur civil monetary penalties for claims tied to items or services the excluded individual helped furnish.

Question 3

During a government inquiry, an organization points to its comprehensive written compliance policies as proof of an effective program. Investigators find that no audits were ever conducted, training was never delivered, and reported concerns were never investigated. Under the OIG's framework, the program is BEST described as:

  1. Effective, because maintaining comprehensive written policies satisfies the central requirement of a compliance program.
  2. Effective, provided the written policies were formally approved by the governing board.
  3. Ineffective, because an effective program requires actual implementation and operation, not documentation alone.
  4. Ineffective, but only because the organization failed to appoint a designated compliance officer.
Show answer & explanation

Correct answer: C - Ineffective, because an effective program requires actual implementation and operation, not documentation alone.

Question 4

A newly designated compliance officer is told she will report directly to, and take direction from, the organization's Chief Financial Officer. From a compliance-program-design standpoint, this reporting structure is problematic because it:

  1. Compromises the compliance function's independence from the operations it is meant to oversee.
  2. Violates an explicit reporting-structure requirement that is set out in the HIPAA Security Rule.
  3. Is expressly prohibited under the federal Emergency Medical Treatment and Labor Act (EMTALA).
  4. Automatically subjects the organization to a Corporate Integrity Agreement with the OIG.
Show answer & explanation

Correct answer: A - Compromises the compliance function's independence from the operations it is meant to oversee.

Question 5

A patient presents to a Medicare-participating hospital's emergency department with chest pain. Before any clinical evaluation, a registration clerk asks for insurance information and, learning the patient is uninsured, suggests they seek care elsewhere. Which EMTALA requirement has MOST clearly been compromised?

  1. The duty to obtain prior authorization from the payer before any treatment is rendered.
  2. The duty to report the emergency-department encounter to the OIG within sixty days.
  3. The duty to transfer every uninsured patient to the nearest public hospital that has available capacity.
  4. The duty to provide a medical screening examination without first inquiring about ability to pay.
Show answer & explanation

Correct answer: D - The duty to provide a medical screening examination without first inquiring about ability to pay.

Question 6

A hospital's internal audit identifies a clear $85,000 Medicare overpayment caused by a billing-system error. Leadership decides to keep the funds while they "study the issue," and 90 days pass with no action taken. Beyond simply owing the money back, what additional exposure has the hospital created?

  1. It has converted a billing error into potential False Claims Act liability by retaining an identified overpayment.
  2. It has triggered a mandatory OIG exclusion of all of the hospital's senior executives.
  3. It has violated the HIPAA Breach Notification Rule by failing to notify affected individuals.
  4. None; retaining an identified overpayment has no legal consequence as long as the funds are eventually repaid in full.
Show answer & explanation

Correct answer: A - It has converted a billing error into potential False Claims Act liability by retaining an identified overpayment.

Question 7

A nurse accesses a patient's complete medical record in order to provide direct treatment. A new staff member argues this violates HIPAA's "minimum necessary" standard because the nurse did not limit the information she reviewed. Which statement is correct?

  1. The nurse violated HIPAA and should have limited the review to only the most recent progress note.
  2. The minimum necessary standard does not apply to uses or disclosures made for treatment.
  3. Minimum necessary applies to all record access without exception, including access for treatment.
  4. The access is permissible only if the patient first signed a separate written authorization.
Show answer & explanation

Correct answer: B - The minimum necessary standard does not apply to uses or disclosures made for treatment.

Question 8

A health system's counsel determines the organization has a potential violation that is PURELY a Stark Law (physician self-referral) matter, with no kickback or false-claims component. Which self-disclosure pathway is the appropriate avenue?

  1. A qui tam complaint filed under seal in federal court by the organization itself.
  2. The OIG Self-Disclosure Protocol (SDP).
  3. The HHS Office for Civil Rights (OCR) breach-reporting portal.
  4. The CMS Voluntary Self-Referral Disclosure Protocol (SRDP).
Show answer & explanation

Correct answer: D - The CMS Voluntary Self-Referral Disclosure Protocol (SRDP).

Question 9

A hospital receives a records request from a contractor whose mission is to identify and correct improper Medicare payments - both overpayments and underpayments - and which is compensated on a contingency-fee basis. This contractor is MOST likely a:

  1. Qualified Independent Contractor (QIC).
  2. Medicaid Fraud Control Unit (MFCU).
  3. Recovery Audit Contractor (RAC).
  4. Unified Program Integrity Contractor (UPIC).
Show answer & explanation

Correct answer: C - Recovery Audit Contractor (RAC).

Question 10

A Medicare patient requests a screening test that the physician believes Medicare will likely deny as not medically necessary at this frequency. To be able to bill the patient if Medicare denies the claim, what must the practice do BEFORE providing the service?

  1. Submit the claim to Medicare first and bill the patient only after a final denial notice is received.
  2. Issue an Advance Beneficiary Notice (ABN) so the patient can accept financial responsibility.
  3. Obtain a Corporate Integrity Agreement (CIA) from the OIG before scheduling the test.
  4. Append modifier -59 to the claim to override the medical-necessity edit.
Show answer & explanation

Correct answer: B - Issue an Advance Beneficiary Notice (ABN) so the patient can accept financial responsibility.

Ready for the real thing?

Practice hundreds more CPCO questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing