Certificate of Cloud Auditing Knowledge (CCAK) — Question 233

A large healthcare provider within the United States is seeking a cloud service provider offering Software as a Service (SaaS) for core business systems. The selected provider MUST comply with which of the following regulations?

Answer options

• A. GDPR
• B. HIPAA
• C. GLBA
• D. FISMA

Correct answer: B

Explanation

The correct answer is B, HIPAA, as it specifically governs the handling of protected health information in the healthcare sector. GDPR applies to data protection in the European Union, GLBA pertains to financial institutions, and FISMA relates to federal information security, making them inappropriate for this context.