CCE Cheat Sheet 2026
The 30 highest-yield CCE facts, distilled from real exam questions. Print it, save it as a PDF, or study it here β free, no sign-up.
150 questions
240 min time limit
70% to pass
- Which cybersecurity threat is most critical for clinical information systems? β Ransomware attacks targeting patient data.
- According to NFPA 99, what is the maximum allowable chassis leakage current for a patient-careβrelated electrical appliance in a general care area? β 300 microamperes
- In quality management, a 'sentinel event' in a healthcare setting refers to: β An unexpected occurrence involving death or serious physical or psychological injury
- What is the role of a Clinical Engineer in risk management? β Identifying, analyzing, and mitigating risks related to medical technology.
- What does 'interoperability' mean in healthcare technology? β The ability of different systems to exchange and use data effectively.
- Which of the following is a critical patient safety goal related to medical devices? β Preventing healthcare-associated infections (HAIs) from contaminated equipment
- ISO 13485 is a quality management system standard specifically designed for: β Organizations in the medical device industry
- What is the purpose of a risk assessment when implementing new medical equipment? β To identify potential hazards and implement control measures
- What does 'authentication' specifically ensure within a medical device access control system? β That users or systems are verified to be who they claim to be before access is granted
- Why is proper documentation of equipment repairs important? β For tracking service history and demonstrating compliance
- Which organization accredits U.S. healthcare facilities and enforces patient safety standards? β The Joint Commission
- What is the primary purpose of preventive maintenance (PM) for medical equipment? β To identify and address potential issues before they cause failures
- What is the primary purpose of a Clinical Decision Support System (CDSS)? β To enhance clinical decisions with real-time data and guidelines.
- Which methodology is most commonly used in healthcare quality improvement to define, measure, analyze, improve, and control processes? β DMAIC
- An isolated power system (IPS) used in operating rooms primarily protects against: β Electrical shock from a single fault to ground while maintaining power continuity
- Which of the following is a critical factor in healthcare technology procurement? β Evaluating clinical need, total cost of ownership, and vendor support.
- Which IEC standard specifically addresses risk management for IT networks that incorporate medical devices? β IEC 80001-1 (Risk management of IT networks incorporating medical devices)
- Which of the following is a requirement of the FDA's Unique Device Identification (UDI) system? β Labeling devices with standardized tracking identifiers
- When evaluating the reliability of a medical device, what does Mean Time Between Failures (MTBF) represent? β The average operating time between consecutive failures of a repairable device
- What is the function of a PACS (Picture Archiving and Communication System)? β To store, distribute, and display medical imaging data.
- Which indicator is most useful for benchmarking the effectiveness of a hospital's biomedical equipment management program? β PM completion rate as a percentage of scheduled preventive maintenance work orders
- Which of the following is a critical safety check during equipment maintenance? β Verifying proper grounding and leakage currents
- What does HL7 (Health Level Seven) standardize in healthcare IT? β The format and structure of clinical data exchange.
- Which standard is essential for ensuring medical device cybersecurity? β IEC 62304 (Medical Device Software Lifecycle Processes)
- What is the purpose of a root cause analysis (RCA) following a medical device incident? β To determine underlying causes and implement corrective actions
- Which cybersecurity framework published by NIST is most commonly referenced for healthcare cybersecurity risk management? β NIST Cybersecurity Framework (CSF)
- What type of cyberattack involves intercepting and potentially altering communications between a medical device and its connected network? β Man-in-the-Middle (MitM) attack on device communications
- Which U.S. regulatory body has authority over medical device cybersecurity in both premarket and post-market phases? β Food and Drug Administration (FDA)
- What is the purpose of a Failure Mode and Effects Analysis (FMEA) in healthcare technology? β To systematically evaluate and mitigate risks in medical equipment design/use
- The '5 Whys' technique is primarily used during which phase of a quality improvement process? β Root cause analysis to determine the underlying cause of a problem
Turn these facts into recall: