[02/Magdalena/01]

Questions and Answers

Which regulatory body has requirements for patient data processing?

ISO/TS 25237

General Data Protection Regulation (GDPR)

Health Insurance Portability and Accountability Act of 1996 (HIPAA) (correct)

Payment Card Industry Data Security Standard (PCI DSS)

Which regulatory body has requirements for consumer data processing?

ISO/TS 25237

Payment Card Industry Data Security Standard (PCI DSS)

General Data Protection Regulation (GDPR) (correct)

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Which regulatory body has requirements for credit card data processing?

ISO/TS 25237

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

General Data Protection Regulation (GDPR)

Payment Card Industry Data Security Standard (PCI DSS) (correct)

True or false: The Health Insurance Portability and Accountability Act (HIPAA) regulates the processing of credit card data.

False

True or false: The General Data Protection Regulation (GDPR) applies to the processing of health data.

True

True or false: The California Consumer Privacy Act (CCPA) sets requirements for the processing of children's data.

False

Match the following regulatory bodies with the types of data they have requirements for:

HIPAA = Patient data GDPR = Consumer data PCI DSS = Credit card data COPPA = Children data

Match the following data types with the regulatory bodies that have requirements for their processing:

Health data = ISO/TS 25237 Consumer data = California Consumer Privacy Act (CCPA) Patient data = Health Insurance Portability and Accountability Act of 1996 (HIPAA) Credit card data = Payment Card Industry Data Security Standard (PCI DSS)

Match the following regulations with the data types they apply to:

GDPR = Health data COPPA = Consumer data HIPAA = Patient data CCPA = Children data

Match the following data regulations with their descriptions:

GDPR = Regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA) CCPA = Data privacy law that gives California consumers more control over their personal information HIPAA = US federal law that protects the privacy of individually identifiable health information (PHI) PCI DSS = Set of security standards designed to protect cardholder data and prevent fraud

Match the following regulations with the types of data they apply to:

GDPR = Personal data CCPA = Consumer data HIPAA = Health information PCI DSS = Cardholder data

Match the following regulations with their countries of origin:

GDPR = European Union (EU) CCPA = United States HIPAA = United States PCI DSS = International data security standard

Match the following regulations with the types of organizations they apply to:

GDPR = Any organization that processes personal data of individuals in the EU CCPA = Businesses that collect personal information of California consumers HIPAA = Healthcare providers, health plans, and healthcare clearinghouses PCI DSS = All organizations that process, store, or transmit cardholder data

Match the following regulations with the rights they provide to individuals:

GDPR = Right to be forgotten, right to data portability CCPA = Right to request access to their data, have it deleted, and opt out of its sale HIPAA = Right to access and control their own health information COPPA = Right to parental consent for the collection of personal information from children under 13

Match the following regulations with their industry focus:

GDPR = General data protection CCPA = Consumer data privacy HIPAA = Healthcare and health insurance PCI DSS = Payment card industry

Match the following regulations with their acronyms:

GDPR = General Data Protection Regulation CCPA = California Consumer Privacy Act HIPAA = Health Insurance Portability and Accountability Act PCI DSS = Payment Card Industry Data Security Standard

Match the following regulations with the age group they focus on:

COPPA = Children under the age of 13 GDPR = No specific age group, applies to all individuals CCPA = No specific age group, applies to all California consumers HIPAA = No specific age group, focuses on health information

Match the following regulations with their scope:

GDPR = EU and EEA areas CCPA = California HIPAA = United States PCI DSS = International, applies to all organizations that process cardholder data

Match the following regulations with the types of organizations they do NOT apply to:

GDPR = Organizations that do not process personal data of individuals in the EU CCPA = Businesses that do not collect personal information of California consumers HIPAA = Non-healthcare related organizations PCI DSS = Organizations that do not process, store, or transmit cardholder data

Which regulation applies to the processing of personal data outside of the European Union and European Economic Area?

General Data Protection Regulation (GDPR)

Which regulation gives California consumers more control over their personal information and allows them to request access to their data, have it deleted, and opt out of its sale?

California Consumer Privacy Act (CCPA)

Which regulation protects the privacy of individually identifiable health information (PHI) in the United States?

Health Insurance Portability and Accountability Act (HIPAA)

Which regulation sets security standards to protect cardholder data and prevent fraud?

Payment Card Industry Data Security Standard (PCI DSS)

Which regulation is specifically created to protect the privacy of children under the age of 13 in the United States?

Children's Online Privacy Protection Rule (COPPA)

Which industry is subject to regulations such as the Gramm-Leach-Bliley Act (GLBA) and the Sarbanes-Oxley Act (SOX)?

Financial services industry

Which regulatory body has requirements for the processing of patient data?

Health Insurance Portability and Accountability Act (HIPAA)

True or false: The Health Insurance Portability and Accountability Act (HIPAA) regulates the processing of credit card data.

False

True or false: The General Data Protection Regulation (GDPR) applies to the processing of health data.

True

True or false: The California Consumer Privacy Act (CCPA) sets requirements for the processing of children's data.

True

True or false: The General Data Protection Regulation (GDPR) applies to data processing in the European Union and European Economic Area (EEA) only?

True

True or false: The California Consumer Privacy Act (CCPA) gives consumers the right to request access to their data and have it deleted?

True

True or false: The Health Insurance Portability and Accountability Act (HIPAA) applies to healthcare providers, health plans, and healthcare clearinghouses?

True

True or false: The Payment Card Industry Data Security Standard (PCI DSS) applies to organizations that process, store, or transmit cardholder data?

True

True or false: The Children's Online Privacy Protection Rule (COPPA) applies to websites and online services directed to children under 13?

True

True or false: The Gramm-Leach-Bliley Act (GLBA) and the Sarbanes-Oxley Act (SOX) are industry-specific regulations in the financial services industry?

True

True or false: The General Data Protection Regulation (GDPR) applies to the processing of health data?

True

True or false: The Health Insurance Portability and Accountability Act (HIPAA) regulates the processing of credit card data?

False

True or false: The California Consumer Privacy Act (CCPA) sets requirements for the processing of children's data?

True

True or false: The Payment Card Industry Data Security Standard (PCI DSS) applies to all organizations that process, store, or transmit cardholder data?

True