GEORGIA ACCESS EXAM QUESTIONS
AND ANSWERS. VERIFIED 2026.
Which of the following is not a requirement for handling Personally Identifiable Information (PII)
and Protected Health Information (PHI)?
All information received must be kept confidential in accordance with applicable state and
federal laws and regulations
Only information required to assist the consumer can be gathered/collected Store all consumer
PII and PHI on a backup device
Only share consumer PII and PHI with those who are authorized to receive such information -
ANS The requirement that is not applicable for handling Personally Identifiable Information
(PII) and Protected Health Information (PHI) is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and confidentiality of PII and PHI, storing data on a
backup device is not a specific requirement. The focus should be on ensuring confidentiality,
collecting only necessary information, and sharing it only with authorized individuals.
If you suspect or witness a breach involving unsecured Personally Identifiable Information (PII),
what is the first thing you should do?
Nothing
Alert the media
Call the consumer who's PII was compromised to let them know
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Report the incident immediately to Georgia Access and no later than twenty-four (24) hours,
after discovery of the incident - ANS If you suspect or witness a breach involving unsecured
Personally Identifiable Information (PII), the first thing you should do is:
Report the incident immediately to Georgia Access and no later than twenty-four (24) hours
after discovery of the incident.
Fill in the blank: When violations result in monetary fines from the state or federal government,
the fines associated with the violation are considered _____.
Civil penalties
Criminal penalties
Federal penalties
Negligible - ANS When violations result in monetary fines from the state or federal
government, the fines associated with the violation are considered Civil penalties.
Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of Protected Health
Information (PHI) in a manner not permitted and that compromises the security or privacy of
the PHI.
Computer Threat
Breach
Security Incident
Access Control - ANS A(n) Breach is the acquisition, access, use, or disclosure of Protected
Health Information (PHI) in a manner not permitted and that compromises the security or
privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or disclose Individually Identifiable
Health Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for
commercial advantage, personal gain, or malicious harm may be sentenced up to _____ years in
prison.
1
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, 5
7
10 - ANS Covered entities who knowingly obtain or disclose Individually Identifiable Health
Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for commercial
advantage, personal gain, or malicious harm may be sentenced up to 10 years in prison.
Fill in the blank: Data that contains Protected Health Information (PHI) stored on or accessible
from physical devices must be equipped with _____.
Wi-Fi
Access controls
Accessibility
A camera - ANS Data that contains Protected Health Information (PHI) stored on or accessible
from physical devices must be equipped with access controls.
True or False: Emma is an agent. At the end of each day, she puts the documents she has been
working on with consumer names and addresses in her desk drawer. Since the drawer does not
have a lock, someone could easily access consumer information. Emma is not effectively
protecting Personally Identifiable Information (PII).
True
False - ANS True
Emma is not effectively protecting Personally Identifiable Information (PII) if she stores
documents containing consumer names and addresses in a desk drawer that does not have a
lock. Proper safeguards should be in place to ensure that PII is secured and protected from
unauthorized access.
Which of the following is not a key rule within Health Insurance Portability and Accountability
Act (HIPAA) legislation?
HIPAA Education Rule
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
AND ANSWERS. VERIFIED 2026.
Which of the following is not a requirement for handling Personally Identifiable Information (PII)
and Protected Health Information (PHI)?
All information received must be kept confidential in accordance with applicable state and
federal laws and regulations
Only information required to assist the consumer can be gathered/collected Store all consumer
PII and PHI on a backup device
Only share consumer PII and PHI with those who are authorized to receive such information -
ANS The requirement that is not applicable for handling Personally Identifiable Information
(PII) and Protected Health Information (PHI) is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and confidentiality of PII and PHI, storing data on a
backup device is not a specific requirement. The focus should be on ensuring confidentiality,
collecting only necessary information, and sharing it only with authorized individuals.
If you suspect or witness a breach involving unsecured Personally Identifiable Information (PII),
what is the first thing you should do?
Nothing
Alert the media
Call the consumer who's PII was compromised to let them know
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Report the incident immediately to Georgia Access and no later than twenty-four (24) hours,
after discovery of the incident - ANS If you suspect or witness a breach involving unsecured
Personally Identifiable Information (PII), the first thing you should do is:
Report the incident immediately to Georgia Access and no later than twenty-four (24) hours
after discovery of the incident.
Fill in the blank: When violations result in monetary fines from the state or federal government,
the fines associated with the violation are considered _____.
Civil penalties
Criminal penalties
Federal penalties
Negligible - ANS When violations result in monetary fines from the state or federal
government, the fines associated with the violation are considered Civil penalties.
Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of Protected Health
Information (PHI) in a manner not permitted and that compromises the security or privacy of
the PHI.
Computer Threat
Breach
Security Incident
Access Control - ANS A(n) Breach is the acquisition, access, use, or disclosure of Protected
Health Information (PHI) in a manner not permitted and that compromises the security or
privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or disclose Individually Identifiable
Health Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for
commercial advantage, personal gain, or malicious harm may be sentenced up to _____ years in
prison.
1
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, 5
7
10 - ANS Covered entities who knowingly obtain or disclose Individually Identifiable Health
Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for commercial
advantage, personal gain, or malicious harm may be sentenced up to 10 years in prison.
Fill in the blank: Data that contains Protected Health Information (PHI) stored on or accessible
from physical devices must be equipped with _____.
Wi-Fi
Access controls
Accessibility
A camera - ANS Data that contains Protected Health Information (PHI) stored on or accessible
from physical devices must be equipped with access controls.
True or False: Emma is an agent. At the end of each day, she puts the documents she has been
working on with consumer names and addresses in her desk drawer. Since the drawer does not
have a lock, someone could easily access consumer information. Emma is not effectively
protecting Personally Identifiable Information (PII).
True
False - ANS True
Emma is not effectively protecting Personally Identifiable Information (PII) if she stores
documents containing consumer names and addresses in a desk drawer that does not have a
lock. Proper safeguards should be in place to ensure that PII is secured and protected from
unauthorized access.
Which of the following is not a key rule within Health Insurance Portability and Accountability
Act (HIPAA) legislation?
HIPAA Education Rule
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
