Salesforce Certified Heroku Architecture Designer — Question 36

A hospital wants to build a mobile app that allows patients to check the status of submitted insurance claims, which the hospital stores in Salesforce Health Cloud.
The app's back end will run on Heroku.
Which two measures should an Architect recommend to help ensure that the app is compliant with HIPAA? (Choose two.)

Answer options

• A. Use Heroku Shield Connect to sync claim data from Salesforce to a Heroku Postgres database.
• B. Use only Heroku Shield Postgres databases to store claim data outside of Salesforce Health Cloud.
• C. Ensure that the back-end application's code encrypts all claim data before writing it to a Heroku Postgres database.
• D. Ensure that the mobile app can only run when on the hospital's intranet, which is connected to the back end's Shield Private Space via VPN.

Correct answer: A, C

Explanation

Using Heroku Shield Connect (Option A) is crucial for securely transferring sensitive data while maintaining compliance with HIPAA regulations. Encrypting claim data before storage (Option C) adds an extra layer of security. Options B and D, while protective in nature, do not address the core requirements of data synchronization and encryption needed for HIPAA compliance.