Question

A systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server.

Which of the following steps should the administrator take NEXT?

A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
B. Take an MD5 hash of the server
C. Delete all PHI from the network until the legal department is consulted
D. Consult the legal department to determine the legal requirements

Answer 1

The systems administrator should consult the legal department to determine the legal requirements regarding the discovery of protected health information (PHI) on a general-purpose file server.

Step-by-step explanation:

The systems administrator should consult the legal department to determine the legal requirements regarding the discovery of protected health information (PHI) on a general-purpose file server. This step is necessary because legal considerations are important in such situations, especially when dealing with patient information which is protected by laws such as the Health Insurance Portability and Accountability Act (HIPAA). Consultation with the legal department will ensure that the appropriate actions are taken to comply with legal requirements and protect patient privacy rights.