200-201 Question #483: Real Exam Question with Answer & Explanation

Question

A software development company develops high-end technology for the customer that will go through the HIPAA audit program. The technology will be hosted on the cloud, and the healthcare, employee names, and contact information will be stored on two separate logically isolated private cloud services. The patents and inventions will be hosted on separated encrypted database. A compliance team is asked to analyze the cloud infrastructure and architecture to identify the protected data. Which two types of protected data should be identified? (Choose two.)

Options

• AFederated Identity ID (FII)
• BProtected Health Information (PHI)
• CSelf-sovereign Identity (SSI)
• DPersonally Identifiable Information (PH)
• EPayment Card Industry (PCI)

Explanation

PHI is any information related to the health status, provision of healthcare, or payment for healthcare services that can be linked to an individual. Since the company is dealing with healthcare data, PHI will be part of the data stored on the cloud, making it subject to HIPAA (Health Insurance Portability and Accountability Act) compliance. Examples of PHI include medical records, healthcare data, and patient names. PII refers to any data that can be used to identify an individual, such as employee names and contact information. Since the company is storing employee names and contact details on the cloud, this data will also need to be protected. Examples of PII include full names, phone numbers, addresses, and social security numbers.

No community discussion yet for this question.