Georgia Access 2025 EXAM Questions
and Answers Graded A+
Which of the following is not a requirement for handling Personally Identifiable
Information (PII) and Protected Health Information (PHI)?
All information received must be kept confidential in accordance with applicable
state and federal laws and regulations
Only information required to assist the consumer can be gathered/collected Store
all consumer PII and PHI on a backup device
Only share consumer PII and PHI with those who are authorized to receive such
information - Correct answer-The requirement that is not applicable for handling
Personally Identifiable Information (PII) and Protected Health Information (PHI)
is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and confidentiality of PII and PHI,
storing data on a backup device is not a specific requirement. The focus should be
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,on ensuring confidentiality, collecting only necessary information, and sharing it
only with authorized individuals.
If you suspect or witness a breach involving unsecured Personally Identifiable
Information (PII), what is the first thing you should do?
Nothing
Alert the media
Call the consumer who's PII was compromised to let them know
Report the incident immediately to Georgia Access and no later than twenty-four
(24) hours, after discovery of the incident - Correct answer-If you suspect or
witness a breach involving unsecured Personally Identifiable Information (PII), the
first thing you should do is:
Report the incident immediately to Georgia Access and no later than twenty-four
(24) hours after discovery of the incident.
Fill in the blank: When violations result in monetary fines from the state or federal
government, the fines associated with the violation are considered _____.
Civil penalties
Criminal penalties
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, Federal penalties
Negligible - Correct answer-When violations result in monetary fines from the
state or federal government, the fines associated with the violation are considered
Civil penalties.
Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of
Protected Health Information (PHI) in a manner not permitted and that
compromises the security or privacy of the PHI.
Computer Threat
Breach
Security Incident
Access Control - Correct answer-A(n) Breach is the acquisition, access, use, or
disclosure of Protected Health Information (PHI) in a manner not permitted and
that compromises the security or privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or disclose Individually
Identifiable Health Information (IIHI) under false pretenses with the intent to sell,
transfer, or use it for commercial advantage, personal gain, or malicious harm may
be sentenced up to _____ years in prison.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
and Answers Graded A+
Which of the following is not a requirement for handling Personally Identifiable
Information (PII) and Protected Health Information (PHI)?
All information received must be kept confidential in accordance with applicable
state and federal laws and regulations
Only information required to assist the consumer can be gathered/collected Store
all consumer PII and PHI on a backup device
Only share consumer PII and PHI with those who are authorized to receive such
information - Correct answer-The requirement that is not applicable for handling
Personally Identifiable Information (PII) and Protected Health Information (PHI)
is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and confidentiality of PII and PHI,
storing data on a backup device is not a specific requirement. The focus should be
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,on ensuring confidentiality, collecting only necessary information, and sharing it
only with authorized individuals.
If you suspect or witness a breach involving unsecured Personally Identifiable
Information (PII), what is the first thing you should do?
Nothing
Alert the media
Call the consumer who's PII was compromised to let them know
Report the incident immediately to Georgia Access and no later than twenty-four
(24) hours, after discovery of the incident - Correct answer-If you suspect or
witness a breach involving unsecured Personally Identifiable Information (PII), the
first thing you should do is:
Report the incident immediately to Georgia Access and no later than twenty-four
(24) hours after discovery of the incident.
Fill in the blank: When violations result in monetary fines from the state or federal
government, the fines associated with the violation are considered _____.
Civil penalties
Criminal penalties
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, Federal penalties
Negligible - Correct answer-When violations result in monetary fines from the
state or federal government, the fines associated with the violation are considered
Civil penalties.
Fill in the blank: A(n) _____ is the acquisition, access, use, or disclosure of
Protected Health Information (PHI) in a manner not permitted and that
compromises the security or privacy of the PHI.
Computer Threat
Breach
Security Incident
Access Control - Correct answer-A(n) Breach is the acquisition, access, use, or
disclosure of Protected Health Information (PHI) in a manner not permitted and
that compromises the security or privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or disclose Individually
Identifiable Health Information (IIHI) under false pretenses with the intent to sell,
transfer, or use it for commercial advantage, personal gain, or malicious harm may
be sentenced up to _____ years in prison.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3