2026 - George Access
Georgia Access Exam 2025/2026
Questions and Answers
Which of the following is not a requirement for handling Personally Identifiable
Information (PII) and Protected Health Information (PHI)?
All information received must be kept confidential in accordance with applicable state
and federal laws and regulations
Only information required to assist the consumer can be gathered/collected Store all
consumer PII and PHI on a backup device
Only share consumer PII and PHI with those who are authorized to receive such
information - The requirement that is not applicable for handling Personally Identifiable
Information (PII) and Protected Health Information (PHI) is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and confidentiality of PII and PHI, storing
data on a backup device is not a specific requirement. The focus should be on ensuring
confidentiality, collecting only necessary information, and sharing it only with authorized
individuals.
If you suspect or witness a breach involving unsecured Personally Identifiable
Information (PII), what is the first thing you should do?
Nothing
Alert the media
Call the consumer who's PII was compromised to let them know
Report the incident immediately to Georgia Access and no later than twenty-four (24)
hours, after discovery of the incident - If you suspect or witness a breach involving
unsecured Personally Identifiable Information (PII), the first thing you should do is:
Report the incident immediately to Georgia Access and no later than twenty-four (24)
hours after discovery of the incident.
2026 - George Access
,2026 - George Access
Fill in the blank: When violations result in monetary fines from the state or federal
government, the fines associated with the violation are considered _____.
Civil penalties
Criminal penalties
Federal penalties
Negligible - When violations result in monetary fines from the state or federal
government, the fines associated with the violation are considered Civil penalties.
Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of Protected
Health Information (PHI) in a manner not permitted and that compromises the security or
privacy of the PHI.
Computer Threat
Breach
Security Incident
Access Control - A(n) Breach is the acquisition, access, use, or disclosure of Protected
Health Information (PHI) in a manner not permitted and that compromises the security or
privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or disclose Individually
Identifiable Health Information (IIHI) under false pretenses with the intent to sell,
transfer, or use it for commercial advantage, personal gain, or malicious harm may be
sentenced up to _____ years in prison.
1
5
7
10 - Covered entities who knowingly obtain or disclose Individually Identifiable Health
Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for
2026 - George Access
, 2026 - George Access
commercial advantage, personal gain, or malicious harm may be sentenced up to 10 years
in prison.
Fill in the blank: Data that contains Protected Health Information (PHI) stored on or
accessible from physical devices must be equipped with _____.
Wi-Fi
Access controls
Accessibility
A camera - Data that contains Protected Health Information (PHI) stored on or accessible
from physical devices must be equipped with access controls.
True or False: Emma is an agent. At the end of each day, she puts the documents she has
been working on with consumer names and addresses in her desk drawer. Since the
drawer does not have a lock, someone could easily access consumer information. Emma
is not effectively protecting Personally Identifiable Information (PII).
True
False - True
Emma is not effectively protecting Personally Identifiable Information (PII) if she stores
documents containing consumer names and addresses in a desk drawer that does not have
a lock. Proper safeguards should be in place to ensure that PII is secured and protected
from unauthorized access.
Which of the following is not a key rule within Health Insurance Portability and
Accountability Act (HIPAA) legislation?
HIPAA Education Rule
HIPPA Privacy Rule
HIPPA Security Rule
HIPPA Breach Notification Rule - HIPAA Education Rule
2026 - George Access
Georgia Access Exam 2025/2026
Questions and Answers
Which of the following is not a requirement for handling Personally Identifiable
Information (PII) and Protected Health Information (PHI)?
All information received must be kept confidential in accordance with applicable state
and federal laws and regulations
Only information required to assist the consumer can be gathered/collected Store all
consumer PII and PHI on a backup device
Only share consumer PII and PHI with those who are authorized to receive such
information - The requirement that is not applicable for handling Personally Identifiable
Information (PII) and Protected Health Information (PHI) is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and confidentiality of PII and PHI, storing
data on a backup device is not a specific requirement. The focus should be on ensuring
confidentiality, collecting only necessary information, and sharing it only with authorized
individuals.
If you suspect or witness a breach involving unsecured Personally Identifiable
Information (PII), what is the first thing you should do?
Nothing
Alert the media
Call the consumer who's PII was compromised to let them know
Report the incident immediately to Georgia Access and no later than twenty-four (24)
hours, after discovery of the incident - If you suspect or witness a breach involving
unsecured Personally Identifiable Information (PII), the first thing you should do is:
Report the incident immediately to Georgia Access and no later than twenty-four (24)
hours after discovery of the incident.
2026 - George Access
,2026 - George Access
Fill in the blank: When violations result in monetary fines from the state or federal
government, the fines associated with the violation are considered _____.
Civil penalties
Criminal penalties
Federal penalties
Negligible - When violations result in monetary fines from the state or federal
government, the fines associated with the violation are considered Civil penalties.
Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of Protected
Health Information (PHI) in a manner not permitted and that compromises the security or
privacy of the PHI.
Computer Threat
Breach
Security Incident
Access Control - A(n) Breach is the acquisition, access, use, or disclosure of Protected
Health Information (PHI) in a manner not permitted and that compromises the security or
privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or disclose Individually
Identifiable Health Information (IIHI) under false pretenses with the intent to sell,
transfer, or use it for commercial advantage, personal gain, or malicious harm may be
sentenced up to _____ years in prison.
1
5
7
10 - Covered entities who knowingly obtain or disclose Individually Identifiable Health
Information (IIHI) under false pretenses with the intent to sell, transfer, or use it for
2026 - George Access
, 2026 - George Access
commercial advantage, personal gain, or malicious harm may be sentenced up to 10 years
in prison.
Fill in the blank: Data that contains Protected Health Information (PHI) stored on or
accessible from physical devices must be equipped with _____.
Wi-Fi
Access controls
Accessibility
A camera - Data that contains Protected Health Information (PHI) stored on or accessible
from physical devices must be equipped with access controls.
True or False: Emma is an agent. At the end of each day, she puts the documents she has
been working on with consumer names and addresses in her desk drawer. Since the
drawer does not have a lock, someone could easily access consumer information. Emma
is not effectively protecting Personally Identifiable Information (PII).
True
False - True
Emma is not effectively protecting Personally Identifiable Information (PII) if she stores
documents containing consumer names and addresses in a desk drawer that does not have
a lock. Proper safeguards should be in place to ensure that PII is secured and protected
from unauthorized access.
Which of the following is not a key rule within Health Insurance Portability and
Accountability Act (HIPAA) legislation?
HIPAA Education Rule
HIPPA Privacy Rule
HIPPA Security Rule
HIPPA Breach Notification Rule - HIPAA Education Rule
2026 - George Access
