🔥 3-day streak
ISC2 CC — Certified in Cybersecurity52 / 145
Question 52 of 145

A regional clinic must protect patient health records. The clinic's compliance officer notes two governing documents: a national healthcare data-protection statute passed by the legislature that mandates breach notification, and the clinic's own internal document requiring staff to lock workstations when unattended. If the clinic fails to comply with the national statute, which consequence is MOST likely, and how should these two documents be classified?

Reviewed for accuracy · Report an issueNext question