MOCK EXAM EXAM PREP QUESTIONS AND
ANSWERS STUDY GUIDE 2026
◉ In a regional health system, a PIA is usually done by:
a. CEO.
b. CPO.
c. HIM.
d. Provincial privacy commissioner. Answer:
◉ In a regional health system, a PIA is usually done by:
a. CEO.
b. CPO.
c. HIM.
d. Provincial privacy commissioner. Answer: b. CPO.
◉ Although an addressable implementation specification, this
reduces or prevents access and viewing of ePHI.
a. anonymization of all data.
,b. data management technology.
c. decryption.
d. encryption. Answer: d. encryption.
◉ Three examples of forms that are needed in a file are the consent
to treatment form, the waiver of liability, and the acknowledgment
by the patient that personal items are in the care of the facility. What
should be done if the patient/client is unable or unwilling to sign the
documents?
a. a family member would be asked to sign.
b. note is made in the file stating that the patient/client refused to
sign or was unable to sign.
c. the staff would document the reason the consent is not signed.
d. the patient/client would be done it later. Answer: c. the staff
would document the reason the consent is not signed.
◉ When a patient collapses upon arrival at the entrance to an
emergency department, what type of treatment authorization is in
effect?
a. emergency consent.
b. expressed consent.
c. implied consent.
,d. informed consent. Answer: c. implied consent.
◉ Categories of people-oriented security threats include all except:
a. Insiders who abuse their privileges.
b. insiders who make mistakes.
c. insiders who have privileges.
d. outsiders who steal devices. Answer: c. insiders who have
privileges.
◉ Actions taken to protect health care recipients from the potential
harm of health care services is known as
a. patient safety improvement.
b. quality improvement.
c. quality management.
d. risk management. Answer: d. risk management.
◉ What is the most common type of security threat to a health
information system?
a. computer viruses.
, b. environmental in nature.
c. external to the healthcare entity.
d. internal to the healthcare entity. Answer: d. internal to the
healthcare entity.
◉ Two tools that can be used to evaluate privacy issues are:
a. audits and oaths of confidentiality.
b. oaths of confidentiality and PIAs.
c. PIAs and TRAs.
d. user agreements and confidentiality oaths. Answer: c. PIAs and
TRAs.
◉ An employee confidentiality agreement is an example of:
a. access policy.
b. network control.
c. physical restriction.
d. training. Answer: d. training.
◉ A framework that ensures an organization has implemented
effective measures to protect data and information is known as a(n):
ANSWERS STUDY GUIDE 2026
◉ In a regional health system, a PIA is usually done by:
a. CEO.
b. CPO.
c. HIM.
d. Provincial privacy commissioner. Answer:
◉ In a regional health system, a PIA is usually done by:
a. CEO.
b. CPO.
c. HIM.
d. Provincial privacy commissioner. Answer: b. CPO.
◉ Although an addressable implementation specification, this
reduces or prevents access and viewing of ePHI.
a. anonymization of all data.
,b. data management technology.
c. decryption.
d. encryption. Answer: d. encryption.
◉ Three examples of forms that are needed in a file are the consent
to treatment form, the waiver of liability, and the acknowledgment
by the patient that personal items are in the care of the facility. What
should be done if the patient/client is unable or unwilling to sign the
documents?
a. a family member would be asked to sign.
b. note is made in the file stating that the patient/client refused to
sign or was unable to sign.
c. the staff would document the reason the consent is not signed.
d. the patient/client would be done it later. Answer: c. the staff
would document the reason the consent is not signed.
◉ When a patient collapses upon arrival at the entrance to an
emergency department, what type of treatment authorization is in
effect?
a. emergency consent.
b. expressed consent.
c. implied consent.
,d. informed consent. Answer: c. implied consent.
◉ Categories of people-oriented security threats include all except:
a. Insiders who abuse their privileges.
b. insiders who make mistakes.
c. insiders who have privileges.
d. outsiders who steal devices. Answer: c. insiders who have
privileges.
◉ Actions taken to protect health care recipients from the potential
harm of health care services is known as
a. patient safety improvement.
b. quality improvement.
c. quality management.
d. risk management. Answer: d. risk management.
◉ What is the most common type of security threat to a health
information system?
a. computer viruses.
, b. environmental in nature.
c. external to the healthcare entity.
d. internal to the healthcare entity. Answer: d. internal to the
healthcare entity.
◉ Two tools that can be used to evaluate privacy issues are:
a. audits and oaths of confidentiality.
b. oaths of confidentiality and PIAs.
c. PIAs and TRAs.
d. user agreements and confidentiality oaths. Answer: c. PIAs and
TRAs.
◉ An employee confidentiality agreement is an example of:
a. access policy.
b. network control.
c. physical restriction.
d. training. Answer: d. training.
◉ A framework that ensures an organization has implemented
effective measures to protect data and information is known as a(n):
