Certified Information Privacy Technologist (CIPT) — Question 198

Ivan is a nurse for a home healthcare service provider in the US. The company has implemented a mobile application which Ivan uses to record a patient's vital statistics and access a patient's health care records during home visits. During one visit, Ivan is unable to access the health care application to record the patient’s vitals. He instead records the information on his mobile phone's note-taking application to enter the data in the health care application the next time it is accessible. What would be the best course of action by the IT department to ensure the data is protected on his device?

Answer options

• A. Provide all healthcare employees with mandatory annual security awareness training with a focus on the health information protection.
• B. Complete a SWOT analysis exercise on the mobile application to identify what caused the application to be inaccessible and remediate any issues.
• C. Adopt mobile platform standards to ensure that only mobile devices that support encryption capabilities are used.
• D. Implement Mobile Device Management (MDM) to enforce company security policies and configuration settings.

Correct answer: D

Explanation

The best course of action is to implement Mobile Device Management (MDM) to enforce security policies and settings, which ensures that sensitive data is protected regardless of the device used. While annual training (A) and mobile platform standards (C) are beneficial, they do not directly address the immediate need for securing the data on personal devices. A SWOT analysis (B) is not proactive in protecting data but rather reactive in identifying issues.