312-50V10 · Question #869
Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and
The correct answer is B. Pll. Exposed patient medical records found via a simple internet search constitute a violation of regulations protecting Personally Identifiable Information (PII), as medical data contains directly identifiable personal details.
Question
Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?
Options
- AHIPPA/PHl
- BPll
- CPCIDSS
- DISO 2002
How the community answered
(19 responses)- B84% (16)
- C11% (2)
- D5% (1)
Why each option
Exposed patient medical records found via a simple internet search constitute a violation of regulations protecting Personally Identifiable Information (PII), as medical data contains directly identifiable personal details.
HIPAA (misspelled as HIPPA in the question) and its PHI provisions specifically regulate how covered healthcare entities handle Protected Health Information - while closely related, the question identifies PII as the broader regulatory category most directly violated by publicly exposed identifiable records.
PII (Personally Identifiable Information) encompasses any data that can identify a specific individual, and medical records contain highly sensitive PII including names, dates of birth, addresses, and health conditions. Regulations governing PII require organizations to implement appropriate safeguards to prevent unauthorized public disclosure, and publicly indexable medical records represent a direct and serious violation of these protections.
PCI DSS (Payment Card Industry Data Security Standard) is a security framework governing the storage, processing, and transmission of payment card data - it does not cover personal medical records.
ISO 2002 is not a recognized international standard; the relevant framework would be ISO/IEC 27002, which provides information security control guidelines but is not a legally enforceable regulation specifically governing medical record exposure.
Concept tested: Regulatory compliance violations for exposed medical PII
Source: https://csrc.nist.gov/glossary/term/personally_identifiable_information
Topics
Community Discussion
No community discussion yet for this question.