Exam CS0-002 topic 1 question 208 discussion

This like the 3rd or 4th question where the answer is Data Masking lol.

De-identified data: This process removes or replaces personally identifiable information (PII) from the data while preserving the overall structure and characteristics for development purposes. This significantly reduces the risk of exposing sensitive patient information to unauthorized individuals.

Comptia Study Guide: "Data masking can also use techniques to preserve the original format of the field. Data masking is an irreversible deidentification technique."

healthcare = de-identified

Answer is clearly D based off CompTIA's own study guide Deidentification Controls Large datasets are often shared or sold between organizations and companies, especially within the healthcare industry. Where these datasets contain PII or PHI, steps can be taken to remove the personal or identifying information. These processes can also be used internally, so that one group within a company can receive data for analysis without unnecessary risks to privacy.

Data masking is more suitable for credit card numbers, not records relating to PHI and PII. Deidentification would allow the informaton to be shared with third parties as it cant be linked to any person. The US GOV has an entire article here about how to deidentify PHI data so it can be shared with third parties. Masking isn't mentioned once: https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html

De-identified info would still retain PHI

B is a better and then D, because de-identified data process removes PII but retains PHI. This is suitable for sharing information between medical researchers but is unnecessary for a software developer.

I believe the answer is D.. I know this question completely sucks and could be interchangeable but then I found this article. It specifically speaks to HIPPA information. https://mask-me.net/blog-news/back-to-basics-de-identification-vs-data-masking/

We are dealing with medical information which until de-identified, is still protected by HIPPA. Data masking would work were we not dealing with medical data. So the only option is D. https://healthitsecurity.com/features/de-identification-of-phi-according-to-the-hipaa-privacy-rule

I think, masking is best answer, because software development will working with DB. If we are performing de-identified, developing process will wrongly.

Generally deidentification is where all PII is removed and data is merged to provide aggregrate info - would be hard to maintain the DB structure. There's some overlap between B & D here, but I think they want to see masking.

I'm choosing D. As I understand, de-identification is removing the identifiers of a person or patient based from from this scenario. Identifiers are patient names, address, their medical record info and so on. Removing these identifiers the medical facility can share the de-identified information to the vendor. Also, the medical facility complies with the compliance of HIPAA.

Same question before with D as answer. It looks like the discussion for this was refreshed.