Question 4
Domain 5: Security, Compliance, and Governance for AI SolutionsA hospital is developing an AI system to assist doctors in diagnosing diseases based on patient records and medical images. To comply with regulations, the sensitive patient data must not leave the country the data is located in. Which data governance strategy will ensure compliance and protect patient privacy?
Correct answer: A
Explanation
Data residency keeps data stored and processed within the country where it is collected, which satisfies rules that sensitive patient data must not leave that country. This strategy supports compliance and reduces privacy risk by preventing cross-border transfer of medical records and images.
Why each option is right or wrong
A. Data residency
Under GDPR Article 44 and, where applicable, cross-border health-data restrictions in national health privacy laws, personal data may not be transferred outside the jurisdiction unless the required legal mechanism exists; if the requirement is that patient records and images must not leave the country at all, the compliant control is to keep storage and processing in-country. Data residency is the governance strategy that enforces that geographic boundary, preventing the AI workload from moving sensitive medical data to another region or country during training or inference.
B. Data quality
Data quality concerns accuracy, completeness, and consistency of data, not geographic storage location.
C. Data discoverability
Data discoverability means finding and cataloging data, not restricting where it can be stored or processed.
D. Data enrichment
Data enrichment adds or augments data fields; it does not control cross-border data movement.