nerdexam
Isaca

AAISM · Question #224

A hospital adopts an AI solution from an external vendor to help diagnose rare diseases. Which of the following BEST demonstrates the verification of security requirements for this technology?

The correct answer is D. Integrate requirements for sensitive data aligned with healthcare regulations.. Aligning the AI system's sensitive data handling with healthcare regulations provides a legally mandated, comprehensive security baseline that directly verifies security requirements are met.

AI Security Design and Implementation

Question

A hospital adopts an AI solution from an external vendor to help diagnose rare diseases. Which of the following BEST demonstrates the verification of security requirements for this technology?

Options

  • ARequire contractual clauses stipulating periodic information security reviews.
  • BPreview contractual clauses of mandatory security AI software update.
  • CPerform regular in-depth vulnerability scans on the AI system.
  • DIntegrate requirements for sensitive data aligned with healthcare regulations.

How the community answered

(62 responses)
  • A
    13% (8)
  • B
    6% (4)
  • C
    3% (2)
  • D
    77% (48)

Why each option

Aligning the AI system's sensitive data handling with healthcare regulations provides a legally mandated, comprehensive security baseline that directly verifies security requirements are met.

ARequire contractual clauses stipulating periodic information security reviews.

Contractual clauses for periodic security reviews schedule future assessments but do not verify that the system currently meets defined security requirements.

BPreview contractual clauses of mandatory security AI software update.

Mandatory update clauses address patch cadence for known vulnerabilities but do not comprehensively verify the system's adherence to sensitive data security requirements.

CPerform regular in-depth vulnerability scans on the AI system.

Vulnerability scans identify technical weaknesses but do not verify that the overall system design and configuration align with applicable regulatory security requirements.

DIntegrate requirements for sensitive data aligned with healthcare regulations.Correct

Integrating requirements for sensitive data aligned with healthcare regulations such as HIPAA is the best demonstration of security verification because it ensures the AI solution satisfies mandatory legal standards for protecting protected health information, including access controls, audit logging, breach notification, and data minimization. This creates a formal, auditable security baseline rooted in regulatory obligation rather than general best practice. It also ensures the vendor's implementation is evaluated against standards that carry legal accountability.

Concept tested: Healthcare AI security requirements aligned with regulatory compliance

Source: https://www.hhs.gov/hipaa/for-professionals/security/index.html

Topics

#AI Security#Data Protection#Regulatory Compliance#Security Requirements

Community Discussion

No community discussion yet for this question.

Full AAISM Practice