PrepAway - Latest Free Exam Questions & Answers

What data security requirements must she adhere to?

Jane has been charged with ensuring that clients’ personal health information is adequately protected before it is exchanged with a new European partner. What data security requirements must she adhere to?

PrepAway - Latest Free Exam Questions & Answers

A.
HIPAA

B.
NIST SP 800-66

C.
Safe Harbor

D.
European Union Principles on Privacy

Explanation:
C: The Safe Harbor requirements were created to harmonize the data privacy practices of the U.S. with the European Union’s stricter privacy controls, and to prevent
accidental information disclosure and loss. The framework outlines how any entity that is going to move private data to and from Europe must go about protecting it. By certifying
against this rule base, U.S. companies that work with European entities can more quickly and easily transfer data.
A is incorrect because the Health Insurance Portability and Accountability Act (HIPAA) does not specifically address data protection for the purposes of sharing it with
European entities. HIPAA provides a framework and guidelines to ensure security, integrity, and privacy when handling confidential medical information within the U.S. The U.S.
federal regulation also outlines how security should be managed for any facility that creates, accesses, shares, or destroys medical information.
B is incorrect because NIST SP 800-66 is a risk assessment methodology. It does not point out specific data privacy requirements. NIST SP 800-66 does apply to health care.
It was originally designed to be implemented in the health care field and can be used by HIPAA clients to help achieve compliance.
D is incorrect because the European Union Principles on Privacy are the foundation for the European Union’s strict laws pertaining to data that is considered private. The
purpose of the principles is not to prepare data specifically for its exchange with U.S. companies, nor are the requirements mandated for U.S. companies. This set of principles
has six areas that address using and transmitting sensitive information, and all European states must abide by these principles to be in compliance.


Leave a Reply