312-50V12 Question #16: Real Exam Question with Answer & Explanation

Question

Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

Options

• APCI DSS
• BPII
• CISO 2002
• DHIPPA/PHI

Explanation

HIPAA/PHI – Protecting Medical Records

Option D is correct because HIPAA (Health Insurance Portability and Accountability Act) specifically governs the protection of PHI (Protected Health Information) - which includes personal medical records, diagnoses, and patient data. When medical records are publicly exposed online, this is a direct and serious HIPAA violation, carrying significant legal and financial penalties.

Why the distractors are wrong:

• A (PCI DSS): This regulation covers payment card industry data (credit/debit card transactions), not medical records.
• B (PII): While Personally Identifiable Information is a concept used across many regulations, it is not a specific standalone regulation/law - it's a broader category, not a healthcare-specific compliance framework.
• C (ISO 2002): This is a fictitious standard - there is no notable cybersecurity regulation called "ISO 2002." (ISO 27001 is the real information security standard, but it still wouldn't be the primary regulation violated here.)

⚠️ Note: The question spells it as "HIPPA," which is a common misspelling - the correct spelling is HIPAA. Exam questions sometimes test this, so don't be confused if you see it spelled incorrectly.

Memory Tip: Think "HIPAA = Hospital/Health = Patient Privacy" - any time a question mentions medical records or patient data, your first instinct should be HIPAA/PHI.

No community discussion yet for this question.