28 Sep Practice Test Question-Regulatory Compliance
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Helen is the compliance officer for a healthcare system that treats patients, accepts credit cards for payment, and also provides financing for patients who cannot pay immediately. Which one of the following regulations is least likely to apply to Helen’s organization?
A. PCI DSS
Correct Answer: D
As a healthcare provider, Helen’s organization is almost certainly covered by HIPAA, so that’s not the correct answer here. Remember, we’re looking for the regulation that does NOT apply. Accepting credit cards makes Helen’s organization subject to PCI DSS and extending financing likely makes them a financial institution regulated by GLBA. The healthcare system is less likely to be covered by FERPA, which regulates educational institutions.