Google Workspace Associate Administrator — Question 23

Your company operates several primary care clinics where employees routinely work with protected health information (PHI). You are in the process of transitioning the organization to Google Workspace from a legacy communication and collaboration system. After you sign the Business Associate Agreement (BAA), you need to ensure that data is handled in compliance with regulations when using Google Workspace. What should you do?

Answer options

• A. Implement a third-party backup service that is also compliant with Google Workspace core services.
• B. Create a label for Google Drive content to help employees identify sensitive data.
• C. Instruct the staff to not store any PHI in Google Workspace core services, including Google Drive, Docs, Sheets, and Keep.
• D. Disable integrations with third-party apps and turn off non-core Google services.

Correct answer: D

Explanation

The correct answer is D because disabling third-party app integrations and non-core services minimizes the risk of exposing PHI in non-compliant environments. Options A, B, and C do not effectively mitigate the risks associated with data handling in Google Workspace, as they either allow for potential exposure of PHI or fail to address the compliance requirements adequately.