Question

A systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server.

Which of the following steps should the administrator take NEXT?

A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
B. Immediately encrypt all PHI with AES-256
C. Delete all PHI from the network until the legal department is consulted
D. Consult the legal department to determine legal requirements

Answer 1

The systems administrator should consult the legal department right away to ensure the proper handling of PHI in accordance with HIPAA regulations and to address any potential data breaches.

Step-by-step explanation:

When a systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server, the immediate next step should be to consult the legal department to determine legal requirements. Since the discovery of PHI in an unsecured environment raises concerns about compliance with the Health Insurance Portability and Accountability Act (HIPAA), legal expertise is required to ensure the proper handling of the data. The legal department will provide guidance on how to secure the information according to HIPAA standards and address potential breaches.