PT0-001 · Question #24
PT0-001 Question #24: Real Exam Question with Answer & Explanation
The correct answer is D: Health information communicated over HTTP. HIPAA requires that personal health information be protected both in transit and at rest; testers must verify that PHI is not sent over unencrypted channels and that storage-level encryption is enforced on records servers.
Question
Options
- ACleartext exposure of SNMP trap data
- BSoftware bugs resident in the IT ticketing system
- CS/MIME certificate templates defined by the CA
- DHealth information communicated over HTTP
- EDAR encryption on records servers
Explanation
HIPAA requires that personal health information be protected both in transit and at rest; testers must verify that PHI is not sent over unencrypted channels and that storage-level encryption is enforced on records servers.
Common mistakes.
- A. SNMP trap data carries network management information such as interface statistics and device alerts - not personal health information - so its cleartext exposure does not constitute a HIPAA PHI violation.
- B. Bugs in an IT ticketing system are general software quality issues unrelated to HIPAA's specific PHI protection mandates unless the system itself stores or processes covered health information.
- C. S/MIME certificate templates define how email signing and encryption certificates are issued, which is a PKI administration concern and not a specific HIPAA PHI protection test target in this context.
Concept tested. HIPAA PHI protection - in-transit and at-rest encryption testing
Reference. https://www.hhs.gov/hipaa/for-professionals/security/index.html
Topics
Community Discussion
No community discussion yet for this question.