GEORGIA ACCESS EXAM QUESTIONS AND ANSWERS

GEORGIA ACCESS EXAM QUESTIONS AND ANSWERS



Which of the following is not a requirement for handling Personally Identifiable Information (PII) and
Protected Health Information (PHI)?



All information received must be kept confidential in accordance with applicable state and federal laws
and regulations

Only information required to assist the consumer can be gathered/collected Store all consumer PII and
PHI on a backup device

Only share consumer PII and PHI with those who are authorized to receive such information -
(answer)The requirement that is not applicable for handling Personally Identifiable Information (PII) and
Protected Health Information (PHI) is:

Store all consumer PII and PHI on a backup device

While it is important to ensure the security and confidentiality of PII and PHI, storing data on a backup
device is not a specific requirement. The focus should be on ensuring confidentiality, collecting only
necessary information, and sharing it only with authorized individuals.



If you suspect or witness a breach involving unsecured Personally Identifiable Information (PII), what is
the first thing you should do?

Nothing

Alert the media

Call the consumer who's PII was compromised to let them know

Report the incident immediately to Georgia Access and no later than twenty-four (24) hours, after
discovery of the incident - (answer)If you suspect or witness a breach involving unsecured Personally
Identifiable Information (PII), the first thing you should do is:

Report the incident immediately to Georgia Access and no later than twenty-four (24) hours after
discovery of the incident.



Fill in the blank: When violations result in monetary fines from the state or federal government, the
fines associated with the violation are considered _____.

Civil penalties

Criminal penalties

Federal penalties

Negligible - (answer)When violations result in monetary fines from the state or federal government, the
fines associated with the violation are considered Civil penalties.

,GEORGIA ACCESS EXAM QUESTIONS AND ANSWERS




Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of Protected Health Information
(PHI) in a manner not permitted and that compromises the security or privacy of the PHI.



Computer Threat

Breach

Security Incident

Access Control - (answer)A(n) Breach is the acquisition, access, use, or disclosure of Protected Health
Information (PHI) in a manner not permitted and that compromises the security or privacy of the PHI.



Fill in the blank: Covered entities who knowingly obtain or disclose Individually Identifiable Health
Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for commercial
advantage, personal gain, or malicious harm may be sentenced up to _____ years in prison.

1

5

7

10 - (answer)Covered entities who knowingly obtain or disclose Individually Identifiable Health
Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for commercial
advantage, personal gain, or malicious harm may be sentenced up to 10 years in prison.



Fill in the blank: Data that contains Protected Health Information (PHI) stored on or accessible from
physical devices must be equipped with _____.



Wi-Fi

Access controls

Accessibility

A camera - (answer)Data that contains Protected Health Information (PHI) stored on or accessible from
physical devices must be equipped with access controls.



True or False: Emma is an agent. At the end of each day, she puts the documents she has been working
on with consumer names and addresses in her desk drawer. Since the drawer does not have a lock,

, GEORGIA ACCESS EXAM QUESTIONS AND ANSWERS



someone could easily access consumer information. Emma is not effectively protecting Personally
Identifiable Information (PII).

True

False - (answer)True

Emma is not effectively protecting Personally Identifiable Information (PII) if she stores documents
containing consumer names and addresses in a desk drawer that does not have a lock. Proper
safeguards should be in place to ensure that PII is secured and protected from unauthorized access.



Which of the following is not a key rule within Health Insurance Portability and Accountability Act
(HIPAA) legislation?

HIPAA Education Rule

HIPPA Privacy Rule

HIPPA Security Rule

HIPPA Breach Notification Rule - (answer)HIPAA Education Rule

The key rules within HIPAA legislation are the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA
Breach Notification Rule. There is no specific "HIPAA Education Rule."



True or False: Personally Identifiable Information (PII) contains demographic information and personal
information that may be able to identify a consumer. True

False - (answer)True

Personally Identifiable Information (PII) includes demographic and personal information that can be
used to identify a consumer.



While employers of any size may offer Individual Coverage Health Reimbursement Arrangements
(ICHRAs), only small employers (generally those with fewer than 50 employees) are eligible to offer
Qualified Small Employer Health Reimbursement Arrangements (QSEHRAs).

All of the following are goals of the Health Insurance Portability and Accountability Act (HIPAA) except:

Make it easier for consumers to keep health insurance

Protect the confidentiality of consumer healthcare information

Ensure that consumer healthcare data is secured properly

Lower the cost of monthly premiums. - (answer)Lower the cost of monthly premiums