Certified Information Systems Auditor (CISA) — Question 1275

Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?

Answer options

• A. Compliance with industry standards and best practice
• B. Compliance with action plans resulting from recent audits
• C. Compliance with local laws and regulations
• D. Compliance with the organization's policies and procedures

Correct answer: C

Explanation

Compliance with local laws and regulations is essential because it ensures that the healthcare organization meets the legal requirements for handling patient data, which is critical for patient privacy and security. While the other options are important, they may not encompass all legal obligations that protect patient information.