GEORGIA ACCESS 2025 EXAM WITH
CORRECT QUESTIONS AND ASWERS
2025
Which of the following is not a requirement for handling Personally Identifiable Information
(PII) and Protected Health Information (PHI)?
All information received must be kept confidential in accordance with applicable state and
federal laws and regulations
Only information required to assist the consumer can be gathered/collected Store all consumer
PII and PHI on a backup device
Only share consumer PII and PHI with those who are authorized to receive such information -
CORRECT-ANSWERSThe requirement that is not applicable for handling Personally
Identifiable Information (PII) and Protected Health Information (PHI) is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and confidentiality of PII and PHI, storing data on a
backup device is not a specific requirement. The focus should be on ensuring confidentiality,
collecting only necessary information, and sharing it only with authorized individuals.
,If you suspect or witness a breach involving unsecured Personally Identifiable Information (PII),
what is the first thing you should do?
Nothing
Alert the media
Call the consumer who's PII was compromised to let them know
Report the incident immediately to Georgia Access and no later than twenty-four (24) hours,
after discovery of the incident - CORRECT-ANSWERSIf you suspect or witness a breach
involving unsecured Personally Identifiable Information (PII), the first thing you should do is:
Report the incident immediately to Georgia Access and no later than twenty-four (24) hours
after discovery of the incident.
Fill in the blank: When violations result in monetary fines from the state or federal government,
the fines associated with the violation are considered _____.
Civil penalties
Criminal penalties
Federal penalties
Negligible - CORRECT-ANSWERSWhen violations result in monetary fines from the state or
federal government, the fines associated with the violation are considered Civil penalties.
, Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of Protected Health
Information (PHI) in a manner not permitted and that compromises the security or privacy of
the PHI.
Computer Threat
Breach
Security Incident
Access Control - CORRECT-ANSWERSA(n) Breach is the acquisition, access, use, or disclosure
of Protected Health Information (PHI) in a manner not permitted and that compromises the
security or privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or disclose Individually Identifiable
Health Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for
commercial advantage, personal gain, or malicious harm may be sentenced up to _____ years
in prison.
1
5
7
CORRECT QUESTIONS AND ASWERS
2025
Which of the following is not a requirement for handling Personally Identifiable Information
(PII) and Protected Health Information (PHI)?
All information received must be kept confidential in accordance with applicable state and
federal laws and regulations
Only information required to assist the consumer can be gathered/collected Store all consumer
PII and PHI on a backup device
Only share consumer PII and PHI with those who are authorized to receive such information -
CORRECT-ANSWERSThe requirement that is not applicable for handling Personally
Identifiable Information (PII) and Protected Health Information (PHI) is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and confidentiality of PII and PHI, storing data on a
backup device is not a specific requirement. The focus should be on ensuring confidentiality,
collecting only necessary information, and sharing it only with authorized individuals.
,If you suspect or witness a breach involving unsecured Personally Identifiable Information (PII),
what is the first thing you should do?
Nothing
Alert the media
Call the consumer who's PII was compromised to let them know
Report the incident immediately to Georgia Access and no later than twenty-four (24) hours,
after discovery of the incident - CORRECT-ANSWERSIf you suspect or witness a breach
involving unsecured Personally Identifiable Information (PII), the first thing you should do is:
Report the incident immediately to Georgia Access and no later than twenty-four (24) hours
after discovery of the incident.
Fill in the blank: When violations result in monetary fines from the state or federal government,
the fines associated with the violation are considered _____.
Civil penalties
Criminal penalties
Federal penalties
Negligible - CORRECT-ANSWERSWhen violations result in monetary fines from the state or
federal government, the fines associated with the violation are considered Civil penalties.
, Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of Protected Health
Information (PHI) in a manner not permitted and that compromises the security or privacy of
the PHI.
Computer Threat
Breach
Security Incident
Access Control - CORRECT-ANSWERSA(n) Breach is the acquisition, access, use, or disclosure
of Protected Health Information (PHI) in a manner not permitted and that compromises the
security or privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or disclose Individually Identifiable
Health Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for
commercial advantage, personal gain, or malicious harm may be sentenced up to _____ years
in prison.
1
5
7
