2026 FINAL ASSESSMENT PAPER SECURITY
GOVERNANCE COMPREHENSIVE QUESTIONS
AND ANSWERS VERIFIED A+
◉ Which guideline should an health information management (HIM)
professional follow for documentation of both paper and electronic
records? Answer: Original documents should be maintained in the
health record.
◉ Which data type is a cardiac catheterization examination note an
example of? Answer: Unstructured data
◉ A paragraph in a physician's order specifies information about a
patient's discharge. Which type of data is described in this scenario?
Answer: Unstructured
◉ A health information manager is responsible for properly
destroying records after the retention period has passed. Which
principle for information governance is described in this scenario?
Answer: Disposition
◉ A chief information officer at a hospital is working to improve
data security methodologies within the hospital's electronic health
,record (EHR). The chief information officer enlists the help of the
hospital's health information management (HIM) director to help
design and enforce the new data security policies, which include the
utilization of a new token system to access the EHR.Which
information governance principle is described in this scenario?
Answer: Protection
◉ In a healthcare facility that still uses paper records, a physician is
requesting a record to complete a discharge summary that is now 28
days past due. The record tracker states that the record has been
sent to storage.Which record-keeping principle applies to this
scenario? Answer: Availability
◉ What does a stakeholder analysis of a data governance system
identify? Answer: Needs of those interested in the data
◉ Which organization requires reporting of medical malpractice
payments, federal licensure and certification actions, and adverse
clinical privileges actions? Answer: National Practitioner Data Bank
(NPDB)
◉ What is the name of the Centers for Medicare and Medicaid
Services (CMS) external audit program that works to reduce
Medicare improper payments? Answer: RACs
, ◉ Which assessment do the Conditions of Participation require all
home health agencies to electronically report? Answer: OASIS
◉ To which organization must a sentinel event be reported? Answer:
The Joint Commission
◉ Which model describes the information that flows to more than
one regional clinical data repository (CDR) and requested records
sent from one regional authority? Answer: Federated
◉ A local skilled nursing facility (SNF), hospital, and public health
agency all participate in a health information exchange (HIE). The
data is pushed from their facilities into one repository where they all
have access to retrieve data when needed.Which model is described
in this scenario? Answer: Centralized
◉ Which quality characteristic describes data that is unaffected
when used across all applications and systems? Answer: Consistency
◉ During a storm, the operation of information systems and data
preservation are threatened, triggering a disaster protocol.Which
disaster recovery planning process step should be taken in this
situation? Answer: Execute the continuity plan