CompTIA CASP+ (CAS-003) — Question 382

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee. Which of the following BEST mitigates the risk to the company?

Answer options

• A. Log all access to the data and correlate with the researcher.
• B. Anonymize identifiable information using keyed strings.
• C. Ensure all data is encrypted in transit to the researcher.
• D. Ensure all researchers sign and abide by non-disclosure agreements.
• E. Sanitize date and time stamp information in the records.

Correct answer: C

Explanation

The correct answer, C, is vital because encrypting data in transit protects it from interception and unauthorized access, thus safeguarding sensitive patient information. While logging access (A) and non-disclosure agreements (D) are important for accountability and trust, they do not directly prevent data breaches during transmission. Anonymizing data (B) and sanitizing timestamps (E) can help reduce risk but do not address the transmission security aspect.