CISA Certified Information Systems Auditor – Question1663

At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?

A.
The handheld computers are properly protected to prevent loss of data confidentiality, in case of theft or loss.
B. The employee who deletes temporary files from the local PC, after usage, is authorized to maintain PCs.
C. Timely synchronization is ensured by policies and procedures.
D. The usage of the handheld computers is allowed by the hospital policy.

Correct Answer: A

Explanation:

Explanation:
Data confidentiality is a major requirement of privacy regulations. Choices B, C and D relate to internal security requirements, and are secondary when compared to compliance with data privacy laws.