Certified Information Systems Security Professional (CISSP) — Question 159

If a medical analyst independently provides protected health information (PHI) to an external marketing organization, which ethical principal is this a violation of?

Answer options

• A. Higher ethic in the worst case
• B. Informed consent
• C. Change of scale test
• D. Privacy regulations

Correct answer: B

Explanation

The correct answer is B, Informed consent, as it emphasizes the necessity of obtaining permission from individuals before sharing their PHI. The other options do not directly relate to the requirement for consent in handling personal health information.