CPHRM Exam Prep Free practice test →

Free CPHRM Practice Questions

10 free, exam-style Certified Professional in Health Care Risk Management (CPHRM) practice questions with answers and explanations. No signup required. Work through them below, then take the full free CPHRM practice test to study every exam domain.

Question 1

A nurse on a busy med-surg unit has been bypassing the barcode scanning step during medication administration to save time. Other nurses on the unit have admitted to doing the same when the unit is short-staffed. No patient harm has occurred. Applying Just Culture principles, the MOST appropriate initial response is to:

  1. Issue formal disciplinary action to the nurse who was observed
  2. Coach the nurse and address the system pressures that incentivized the workaround
  3. Console the nurse, as this represents human error from a high-workload environment
  4. Require all unit nurses to complete remedial medication safety training
Show answer & explanation

Correct answer: B - Coach the nurse and address the system pressures that incentivized the workaround

Question 2

Dr. Patel is retiring after 25 years of practice and her current claims-made professional liability policy will terminate on her retirement date. To protect her against future malpractice claims arising from care she provided during her career, she should obtain:

  1. Prior acts (nose) coverage from a new carrier
  2. An occurrence policy effective on her retirement date
  3. Extended Reporting Period (tail) coverage
  4. Continuation of her existing claims-made policy at a reduced premium
Show answer & explanation

Correct answer: C - Extended Reporting Period (tail) coverage

Question 3

A medical malpractice claim against Dr. Chen is settled for $7,500 paid by the hospital's insurer on Dr. Chen's behalf. The hospital's risk manager believes the settlement was made for nuisance value and that Dr. Chen committed no negligence. Regarding National Practitioner Data Bank (NPDB) reporting, the hospital must:

  1. Report the payment only if it exceeds the NPDB minimum threshold of $10,000
  2. Decline to report, since no admission of liability was made in the settlement
  3. Report the payment within 30 days, as any payment made on a practitioner's behalf is reportable
  4. Allow Dr. Chen to elect whether the payment is reported, since he denies negligence
Show answer & explanation

Correct answer: C - Report the payment within 30 days, as any payment made on a practitioner's behalf is reportable

Question 4

A plaintiff's attorney serves a subpoena duces tecum on the medical records department requesting the complete medical record of a patient who is suing a competing physician. The subpoena is signed by the attorney, not by a judge, and is not accompanied by a patient authorization or notice that the patient has been informed. The records custodian's MOST appropriate action is to:

  1. Produce the records, as a properly issued subpoena satisfies HIPAA disclosure requirements
  2. Decline to produce the records and require either patient authorization, satisfactory assurances of patient notice, a qualified protective order, or a court order
  3. Produce only the portions of the record directly relevant to the litigation described in the subpoena
  4. Notify the patient of the subpoena and produce the records 14 days later if no objection is received
Show answer & explanation

Correct answer: B - Decline to produce the records and require either patient authorization, satisfactory assurances of patient notice, a qualified protective order, or a court order

Question 5

During a surgical procedure, a sponge count is incorrect at closure. The surgical team performs an immediate intraoperative X-ray, locates the retained sponge, and removes it before the patient leaves the OR. The patient experiences no clinical consequences. Under The Joint Commission's definition, this event:

  1. Meets the definition of a sentinel event because retained foreign objects are always sentinel events
  2. Does not meet the definition of a sentinel event because the event did not reach the patient in a way causing death, permanent harm, or severe temporary harm requiring intervention to sustain life
  3. Meets the definition of a sentinel event because intraoperative imaging constitutes intervention to sustain life
  4. Requires a Root Cause Analysis to be submitted to The Joint Commission within 45 days regardless of patient outcome
Show answer & explanation

Correct answer: B - Does not meet the definition of a sentinel event because the event did not reach the patient in a way causing death, permanent harm, or severe temporary harm requiring intervention to sustain life

Question 6

A 34-year-old uninsured patient presents to the emergency department reporting severe chest pain. The triage nurse asks the on-call cardiologist to come in for evaluation. The cardiologist refuses, stating that the patient should be transferred to the county hospital because she 'doesn't take charity cases' and her partner will be on call tomorrow. Which federal law has MOST clearly been implicated by the cardiologist's refusal?

  1. The Health Insurance Portability and Accountability Act (HIPAA)
  2. The Emergency Medical Treatment and Labor Act (EMTALA)
  3. The Patient Safety and Quality Improvement Act (PSQIA)
  4. The Health Care Quality Improvement Act (HCQIA)
Show answer & explanation

Correct answer: B - The Emergency Medical Treatment and Labor Act (EMTALA)

Question 7

A hospital's board of trustees is being sued by a group of former employees who allege that the trustees, acting in their governance capacity, made misrepresentations during a recent restructuring that caused financial harm to the employees' retirement plans. To respond to this claim, the hospital should look PRIMARILY to which line of insurance coverage?

  1. Employment Practices Liability Insurance (EPLI)
  2. Fiduciary Liability Insurance
  3. Directors' and Officers' Liability Insurance (D&O)
  4. Commercial Crime / Fidelity Coverage
Show answer & explanation

Correct answer: C - Directors' and Officers' Liability Insurance (D&O)

Question 8

Following an unexpected patient death, the risk manager submits an incident report into the hospital's Patient Safety Evaluation System (PSES) for subsequent reporting to the hospital's contracted Patient Safety Organization (PSO). Six months later, the patient's family files a wrongful death suit and their attorney serves a discovery request for the incident report. Federal Patient Safety Work Product (PSWP) privilege under PSQIA is MOST likely to protect this incident report from discovery if:

  1. The incident report was created at the direction of the hospital's in-house counsel
  2. The information was collected, maintained, or developed for reporting to the PSO and was not also maintained separately for an external mandatory reporting obligation
  3. The hospital marked the incident report as 'Confidential - Peer Review' at the time of creation
  4. The state in which the hospital operates has a statutory peer review privilege covering incident reports
Show answer & explanation

Correct answer: B - The information was collected, maintained, or developed for reporting to the PSO and was not also maintained separately for an external mandatory reporting obligation

Question 9

A defective infusion pump malfunctions during a chemotherapy infusion, contributing to a patient's death. The hospital has identified the device manufacturer. Under the Safe Medical Devices Act (SMDA), the hospital must report this event:

  1. To the FDA only, within 24 hours of the event
  2. To the device manufacturer only, within 30 calendar days of becoming aware of the event
  3. To both the device manufacturer AND the FDA, within 10 work days of becoming aware of the event
  4. To the FDA only, in the next annual SMDA summary report
Show answer & explanation

Correct answer: C - To both the device manufacturer AND the FDA, within 10 work days of becoming aware of the event

Question 10

A risk manager learns that an employee in the billing department accessed the electronic medical records of 612 patients without any work-related justification over a six-month period, viewing demographic information, diagnoses, and insurance details. After conducting a HIPAA breach risk assessment, the hospital concludes that the four-factor analysis does not demonstrate a low probability of compromise. The hospital's notification obligations include:

  1. Notifying the affected individuals only, within 60 days of discovery
  2. Notifying the affected individuals and HHS within 60 days, and notifying prominent media outlets serving the affected jurisdiction
  3. Notifying HHS in the annual breach log only, since the breach was caused by an employee rather than an external attacker
  4. Notifying affected individuals only if the accessed information included Social Security numbers or financial account information
Show answer & explanation

Correct answer: B - Notifying the affected individuals and HHS within 60 days, and notifying prominent media outlets serving the affected jurisdiction

Ready for the real thing?

Practice hundreds more CPHRM questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing