100+ Free CPCO Compliance Officer Practice Questions

Pass your AAPC Certified Professional Compliance Officer exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

100+ Questions

100% Free

1 / 10

Question 1

Score: 0/0

How many fundamental elements does the OIG identify as necessary for an effective healthcare compliance program?

Seven

Six

Five

Eight

to track

2026 Statistics

Key Facts: CPCO Compliance Officer Exam

100

Exam Questions

AAPC

Exam Duration

AAPC

70%

Passing Score

AAPC

Open-book

Testing Format

AAPC

$425/$499

Exam Fee (1/2 attempts)

AAPC

2026

Content Refresh

Current regulatory prep

AAPC's CPCO exam is a 100-question, 4-hour open-book certification requiring 70% to pass. It tests compliance program development, OIG guidance interpretation, HIPAA privacy and security rules, fraud and abuse enforcement, and healthcare regulatory requirements. Candidates may bring approved OIG compliance program guidance documents into the exam.

Sample CPCO Compliance Officer Practice Questions

Try these sample questions to test your CPCO Compliance Officer exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1How many fundamental elements does the OIG identify as necessary for an effective healthcare compliance program?

A.Seven

B.Six

C.Five

D.Eight

Explanation: The OIG identifies seven fundamental elements of an effective compliance program: (1) written policies and procedures, (2) compliance officer and committee, (3) training and education, (4) effective lines of communication, (5) internal monitoring and auditing, (6) enforcement through disciplinary guidelines, and (7) responding to detected offenses with corrective action. These elements were originally outlined in the Federal Sentencing Guidelines and adopted by OIG in its Compliance Program Guidance documents.

2Which element of an effective compliance program requires the designation of a specific individual to oversee the day-to-day operations of the program?

A.Compliance officer and compliance committee

B.Written policies and procedures

C.Internal monitoring and auditing

D.Effective lines of communication

Explanation: Element 2 of the OIG's seven elements calls for the designation of a compliance officer and compliance committee. The compliance officer is responsible for the day-to-day operations of the compliance program, while the compliance committee provides oversight and strategic direction. The compliance officer should have direct access to the organization's governing body and senior leadership.

3The False Claims Act (FCA) imposes liability on persons who knowingly submit false claims to the government. What is the standard of knowledge required under the FCA?

A.Only intentional fraud qualifies

B.Simple negligence is sufficient

C.Actual knowledge, deliberate ignorance, or reckless disregard of the truth

D.Strict liability with no knowledge requirement

Explanation: The False Claims Act defines 'knowing' broadly to include actual knowledge of the false information, deliberate ignorance of the truth or falsity of the information, or reckless disregard of the truth or falsity of the information. This means a provider does not need to have specific intent to defraud; acting in deliberate ignorance or reckless disregard is sufficient for FCA liability.

4Under the Anti-Kickback Statute (AKS), which of the following is prohibited?

A.Paying a physician fair market value for legitimate medical director services

B.Offering remuneration to induce referrals for services covered by federal healthcare programs

C.Providing discounts that are properly disclosed and accurately reported

D.Employing a physician under a bona fide employment arrangement at fair market value

Explanation: The Anti-Kickback Statute prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals of items or services covered by federal healthcare programs such as Medicare and Medicaid. The other options describe legitimate arrangements that may qualify for safe harbor protection under the AKS, including fair market value payments, properly disclosed discounts, and bona fide employment relationships.

5What is the primary distinction between the Stark Law and the Anti-Kickback Statute regarding intent?

A.Both require proof of intent to defraud

B.The Stark Law is a strict liability statute while the AKS requires knowing and willful conduct

C.The AKS is strict liability while the Stark Law requires intent

D.Neither statute requires proof of intent

Explanation: A key distinction is that the Stark Law (Physician Self-Referral Law) is a strict liability statute, meaning no intent to violate the law needs to be proven. If a financial relationship exists and an exception does not apply, a violation has occurred. The Anti-Kickback Statute, by contrast, requires that the conduct be 'knowing and willful' — meaning the government must prove the defendant intended to engage in prohibited conduct.

6Which federal law prohibits physicians from referring Medicare patients for designated health services (DHS) to entities with which the physician has a financial relationship, unless an exception applies?

A.The Anti-Kickback Statute

B.The Physician Self-Referral Law (Stark Law)

C.The False Claims Act

D.The Civil Monetary Penalties Law

Explanation: The Physician Self-Referral Law, commonly known as the Stark Law (42 U.S.C. Section 1395nn), specifically prohibits physicians from making referrals for designated health services payable by Medicare or Medicaid to an entity with which the physician or an immediate family member has a financial relationship, unless a specific exception applies. Financial relationships include both ownership/investment interests and compensation arrangements.

7Which of the following is NOT a designated health service (DHS) under the Stark Law?

A.Emergency room visits

B.Durable medical equipment

C.Clinical laboratory services

D.Physical therapy services

Explanation: Emergency room visits are not on the list of designated health services under the Stark Law. The DHS categories include clinical laboratory services, physical therapy services, occupational therapy services, radiology services, radiation therapy services, durable medical equipment and supplies, parenteral and enteral nutrients, prosthetics and orthotics, home health services, outpatient prescription drugs, and inpatient and outpatient hospital services.

8A healthcare organization discovers that a billing error resulted in overpayments from Medicare. Under the 60-day rule, when must the overpayment be reported and returned?

A.Within 60 days of identification of the overpayment

B.Within 30 days of identification

C.Within 90 days of identification

D.Within 1 year of identification

Explanation: Under the 60-day rule (established by Section 6402 of the Affordable Care Act), once an overpayment is identified, the provider or supplier must report and return the overpayment within 60 days of identification or the date any corresponding cost report is due, whichever is later. Failure to report and return an identified overpayment within 60 days may create liability under the False Claims Act.

9Which provision of the False Claims Act allows private citizens to file lawsuits on behalf of the government against entities that have defrauded federal programs?

A.Safe harbor provision

B.Good faith exception

C.Whistleblower immunity clause

D.Qui tam provision

Explanation: The qui tam provision of the False Claims Act allows private individuals, known as 'relators,' to file lawsuits on behalf of the U.S. government against entities that have submitted false claims. If the government recovers funds, the relator may receive a percentage of the recovery — typically 15-30% depending on whether the government intervenes in the case. This provision is a major enforcement tool and incentivizes insiders to report fraud.

10What is the role of the OIG Work Plan in a healthcare compliance program?

A.It identifies the OIG's focus areas for audits and investigations, helping organizations prioritize compliance efforts

B.It serves as a template for writing the organization's code of conduct

C.It outlines mandatory staffing requirements for compliance departments

D.It provides the legal framework for imposing civil monetary penalties

Explanation: The OIG Work Plan is published annually and identifies areas that the OIG intends to focus on for audits, evaluations, and investigations in the coming year. Healthcare compliance officers should review the Work Plan to identify risk areas relevant to their organizations and adjust their compliance activities, auditing, and monitoring accordingly. It serves as a roadmap for potential enforcement priorities.

About the CPCO Compliance Officer Exam

The CPCO credential validates the skills needed to develop, implement, and manage a healthcare compliance program. It covers OIG compliance guidance, HIPAA, fraud and abuse laws, risk assessments, and internal auditing procedures.

Questions

100 scored questions

Time Limit

4 hours

Passing Score

70%

Exam Fee

$425 (1 attempt) or $499 (2 attempts) (AAPC)

CPCO Compliance Officer Exam Content Outline

25%

OIG Compliance Program Guidance

OIG compliance program elements for individual physicians, small group practices, clinical labs, and third-party billing companies

20%

Key Enforcement Laws

False Claims Act, Anti-Kickback Statute, Stark Law, Civil Monetary Penalties, and related enforcement mechanisms

20%

HIPAA Privacy and Security

HIPAA Privacy Rule, Security Rule, breach notification requirements, and patient rights

15%

Risk Assessment and Auditing

Internal compliance reviews, risk assessments, corrective action plans, and monitoring procedures

10%

Regulatory Requirements

EMTALA, CLIA, OSHA, human resource laws, and healthcare regulatory compliance

10%

Investigations and Legal Process

RACs, ZPICs, MICs, PSCs, MFCUs, and the investigation and enforcement process

How to Pass the CPCO Compliance Officer Exam

What You Need to Know

Passing score: 70%
Exam length: 100 questions
Time limit: 4 hours
Exam fee: $425 (1 attempt) or $499 (2 attempts)

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

CPCO Compliance Officer Study Tips from Top Performers

1Read and annotate the OIG compliance program guidance documents as your primary study resource

2Create a reference chart mapping each enforcement law to its penalties and key provisions

3Practice identifying compliance violations in real-world healthcare scenarios

4Study HIPAA Privacy and Security Rule requirements with emphasis on breach notification

5Review RAC, ZPIC, and MFCU processes to understand enforcement investigation workflows

Frequently Asked Questions

What is the CPCO exam format?

The CPCO exam is an open-book certification with 100 multiple-choice questions in a 4-hour window. You need 70% or higher to pass. Approved reference materials include OIG compliance program guidance documents.

What reference materials can I bring to the CPCO exam?

AAPC permits approved OIG compliance program guidance documents during the exam. No other reference materials, binders, or printed resources are allowed. Check the current AAPC candidate handbook for the exact list.

What topics are tested on the CPCO exam?

The exam covers OIG compliance program guidance, key enforcement laws (False Claims Act, Anti-Kickback Statute, Stark Law), HIPAA, EMTALA, CLIA, OSHA, risk assessments, auditing, and investigation processes.

How difficult is the CPCO exam?

The CPCO exam is considered challenging. It tests deep knowledge of compliance regulations, enforcement laws, and practical compliance program management. Thorough study of the OIG guidance documents and related regulations is essential.

How should I prepare for CPCO in 2026?

Study the OIG compliance program guidance documents thoroughly, annotate your approved reference materials, review all major enforcement laws, and practice applying compliance concepts to healthcare scenarios.

What careers does CPCO certification support?

CPCO holders work as healthcare compliance officers, compliance managers, privacy officers, and regulatory affairs professionals in hospitals, physician practices, and healthcare organizations.