A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital’s patient records information system.
From the hospital management’s perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement ?
A . Conduct periodic reviews of the privacy policy to ensure that the existing policy meets current legislation requirements in both regions.
B . Include a "right to audit" clause in the contract and impose detailed security obligations on the outsourced vendor
C . Implement mandatory privacy training for management to help with identifying privacy risks when outsourcing services
D . Develop an incident monitoring and response plan to track breaches from internal and external sources
Answer: A
Leave a Reply