COE Risk and Regulatory Compliance Questions and Answers

Question 1

An unencrypted company laptop containing the electronic protected health information (ePHI) of 650 patients is stolen. After conducting a risk assessment, the practice administrator confirms this is a reportable breach. According to the HIPAA Breach Notification Rule, which of the following actions is required?

Accepted Answer

Notify the affected individuals, the Secretary of HHS, and prominent media outlets.

Answer

For breaches affecting 500 or more individuals, HIPAA's Breach Notification Rule requires the covered entity to notify the affected individuals without unreasonable delay (within 60 days), notify the Secretary of Health and Human Services (HHS) without unreasonable delay, and provide notice to prominent media outlets serving the state or jurisdiction.

Question 2

Which of the following arrangements in an ophthalmic practice presents the most significant legal risk under the federal Anti-Kickback Statute (AKS)?

Accepted Answer

A diagnostic imaging company provides an advanced OCT machine to the practice at no cost, based on an understanding that the practice will refer patients to the company's other facilities.

Answer

The Anti-Kickback Statute prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals for items or services payable by federal healthcare programs. Providing free or below-market equipment in exchange for referrals is a classic example of a potential violation. The other options represent legitimate business practices (co-management, marketing) or common, low-risk activities (informational lunch) when structured appropriately.

Question 3

The Office of Inspector General (OIG) outlines seven fundamental elements for an effective compliance program. Which of the following is one of these core, required components?

Accepted Answer

Conducting internal monitoring and auditing to detect and address compliance issues.

Answer

The OIG's seven elements of an effective compliance program include: 1) Implementing written policies and procedures; 2) Designating a compliance officer/committee; 3) Conducting effective training; 4) Developing effective communication; 5) Enforcing standards; 6) Conducting internal monitoring and auditing; and 7) Responding promptly to detected offenses. The other choices are good business practices but are not listed as one of the OIG's seven core elements.

Question 4

An ophthalmic practice uses various chemical agents for sterilization and high-level disinfection. Under OSHA's Hazard Communication Standard, what is the practice's primary responsibility regarding these chemicals?

Accepted Answer

To maintain a Safety Data Sheet (SDS) for each hazardous chemical and ensure they are readily accessible to all employees.

Answer

OSHA's Hazard Communication Standard (29 CFR 1910.1200), also known as the "Right to Know" law, requires employers to have a written program that includes maintaining a list of hazardous chemicals, ensuring proper labeling, and making Safety Data Sheets (SDSs) for each chemical readily accessible to employees. While training is required, it must be comprehensive and documented, not just a verbal explanation. Storage requirements vary by chemical, and professional endorsements are not a substitute for regulatory compliance.

Question 5

An ophthalmologist in a group practice has a significant ownership interest in a local ambulatory surgery center (ASC). When this ophthalmologist refers Medicare patients to this specific ASC for cataract surgery, this arrangement is primarily scrutinized under which federal regulation?

Accepted Answer

The Physician Self-Referral Law (Stark Law) and the Anti-Kickback Statute.

Answer

The Stark Law prohibits physicians from referring Medicare patients for designated health services to an entity with which the physician has a financial relationship, unless an exception applies. While ASC services themselves are not considered 'designated health services' under Stark, the arrangement can still be scrutinized. More directly, the Anti-Kickback Statute (AKS) applies, as the physician's return on investment could be seen as an inducement for referrals. Such relationships must be structured to fit within a specific 'safe harbor' to avoid liability under the AKS.

COE - Certified Ophthalmic Executive Practice Test

COE - Certified Ophthalmic Executive Practice Test

COE Risk and Regulatory Compliance Questions and Answers