COE Risk and Regulatory Compliance Questions and Answers

Question 1

An unencrypted company laptop containing the electronic protected health information (ePHI) of 650 patients is stolen.
After conducting a risk assessment, the practice administrator confirms this is a reportable breach.
According to the HIPAA Breach Notification Rule, which of the following actions is required?

Accepted Answer

Notify the affected individuals, the Secretary of HHS, and prominent media outlets.

Answer

Notify only the affected individuals and the local police department.

Answer

Notify the Secretary of HHS on an annual basis and offer all patients credit monitoring.

Answer

Notify only the patients whose data was confirmed to have been opened and viewed.

Question 2

Which of the following arrangements in an ophthalmic practice presents the most significant legal risk under the federal Anti-Kickback Statute (AKS)?

Accepted Answer

A diagnostic imaging company provides an advanced OCT machine to the practice at no cost, based on an understanding that the practice will refer patients to the company's other facilities.

Answer

The practice co-manages post-operative cataract patients with an optometrist and splits the global fee appropriately based on the specific services each provider renders.

Answer

A pharmaceutical company representative provides a catered lunch for the staff while delivering educational information about a new glaucoma medication.

Answer

The practice pays a marketing agency a flat monthly fee for services related to a new dry eye campaign.

Question 3

The Office of Inspector General (OIG) outlines seven fundamental elements for an effective compliance program. Which of the following is one of these core, required components?

Accepted Answer

Conducting internal monitoring and auditing to detect and address compliance issues.

Answer

Purchasing the maximum available level of cybersecurity liability insurance.

Answer

Requiring all clinical staff to be certified by JCAHPO or an equivalent body.

Answer

Benchmarking the practice's revenue per provider against national averages annually.

Question 4

An ophthalmic practice uses various chemical agents for sterilization and high-level disinfection. Under OSHA's Hazard Communication Standard, what is the practice's primary responsibility regarding these chemicals?

Accepted Answer

To maintain a Safety Data Sheet (SDS) for each hazardous chemical and ensure they are readily accessible to all employees.

Answer

To only purchase chemicals that have been endorsed by the American Academy of Ophthalmology.

Answer

To have the lead technician verbally explain the risks of each chemical to new employees.

Answer

To store all chemical agents, regardless of type, in a single locked cabinet in the clinical area.

Question 5

An ophthalmologist in a group practice has a significant ownership interest in a local ambulatory surgery center (ASC). When this ophthalmologist refers Medicare patients to this specific ASC for cataract surgery, this arrangement is primarily scrutinized under which federal regulation?

Accepted Answer

The Physician Self-Referral Law (Stark Law) and the Anti-Kickback Statute.

Answer

The Clinical Laboratory Improvement Amendments (CLIA).

Answer

The Health Information Technology for Economic and Clinical Health (HITECH) Act.

Answer

The Emergency Medical Treatment and Labor Act (EMTALA).

Question 6

A practice wishes to perform tear osmolarity testing in-office to help diagnose and manage dry eye disease. To legally perform this specific test and bill for it, the practice must obtain which of the following?

Accepted Answer

A Certificate of Waiver under the Clinical Laboratory Improvement Amendments (CLIA).

Answer

An institutional review board (IRB) approval.

Answer

A special license from the state's Board of Optometry.

Answer

A written attestation of competency signed by the lead ophthalmologist.