Explanation:

The Timeline View Configuration object in Health Cloud controls how each timeline is displayed.
Admins can go to the Health Cloud – Lightning Admin app → locate the relevant Timeline View Configuration → update the Orientation field to Vertical.
This change applies per timeline configuration, not globally.

❌ Eliminations
A. Custom Metadata orientation setting
❌ No single global “orientation” custom metadata type exists that controls all timelines. Each timeline is configured individually.
C. Enable Timeline in Salesforce Setup and add to Lightning record
❌ Enabling Timeline in Setup is for initial activation, not for changing orientation.
D. Toggle for vertical orientation in Setup
❌ No such toggle exists in Salesforce Setup. This is a distractor.

📌 Reference
Salesforce Docs: Configure the Patient Timeline
Health Cloud Implementation Guide — Timeline Configuration

Explanation:

This answer directly and comprehensively addresses all three requirements from the compliance department:

Encryption at Rest: Salesforce Shield is a suite of premium security features that includes Platform Encryption. This feature provides encryption of sensitive data at rest (as it is stored in the database) and in transit, meeting the most stringent compliance requirements without disrupting standard functionality.
Notification of Activities: Event Monitoring (a component of Salesforce Shield) provides detailed logs of user activity (logins, logouts, report exports, record views, etc.). This data can be used to set up alerts and notifications for specific activities that may be of interest to the compliance team (e.g., a user exporting a large report of sensitive data).
Extensive Field Tracking: While Field History Tracking is standard, Field Audit Trail (another component of Salesforce Shield) provides a far more extensive and immutable audit trail. It captures up to 10 years of historical data on field changes and allows you to see the before-and-after values of encrypted fields, which standard field history cannot do.

Additionally, Data Classification helps identify and tag which fields contain sensitive data (like PII, PHI, PCI), which is a critical first step for applying the appropriate level of security controls like encryption.

Why the other options are incorrect:
A. Use Role Hierarchy... password policies... IP Restrictions: These are all excellent general security practices. However, they do not specifically address the core requirements:
Role Hierarchy controls data access, not encryption at rest.
Password policies and IP restrictions are about authentication and network access, not about auditing activities or encrypting stored data.
C. Enable Field Audit Trail, implement encryption... two-factor authentication: This is a strong contender but is incomplete and slightly misaligned.
It correctly identifies Field Audit Trail (from Shield) for extensive tracking and encryption.
However, it suggests "implement encryption," but the recommended practice for robust, native encryption at rest is specifically to enable Salesforce Shield.
Two-factor authentication is crucial for login security but does not fulfill the "notification of activities" requirement. Event Monitoring is the specific tool for that.
D. Use Salesforce Security Health Check... custom profiles... Data Loss Prevention (DLP):
The Security Health Check is a great tool for identifying gaps but is not a control itself.
Custom profiles and permission sets are fundamental for access control but do not provide encryption or detailed activity logging.
Data Loss Prevention (DLP) policies are for monitoring and restricting data in outbound emails and files, not for internal field tracking, encryption, or user activity notifications. This is a common distractor.

Reference:
Salesforce Help: What Is Salesforce Shield?
Salesforce Help: Monitor User Activity with Event Monitoring
Salesforce Help: Field Audit Trail

Explanation:

Before installing the Health Cloud Claims unmanaged package, the Health Cloud managed package must already be installed and configured in the Salesforce org. The Claims package depends on foundational components provided by the managed package, including object definitions, permission structures, and platform services.
If the admin attempts to install the Claims package without the managed package in place, the installation will fail due to missing dependencies.

🛑 Why the other options are incorrect:
B. Health Cloud permission set license is missing: While PSLs are required for user access, they don’t block package installation.
C. Administrator is not registered in AppExchange: Registration isn’t a prerequisite for installing unmanaged packages via direct URL.
D. Administrator doesn’t have Health Cloud license: The admin’s license affects access, not installation capability.

📚 Reference:
Salesforce Help: Install the Claims Data Model
Salesforce Developer Docs: Health Cloud Package Installation

Explanation:

C. Healthcare Provider:
The Healthcare Provider object is a core component of the Health Cloud data model. It represents an individual or organization that provides healthcare services. This object is used to capture comprehensive information about the physician, such as their credentials, specialties, and affiliations with facilities. It is the central object for managing provider-related data.
D. Healthcare Practitioner:
The Healthcare Practitioner object is a standard object aligned with the FHIR (Fast Healthcare Interoperability Resources) data model. It is used to represent an individual who is qualified to provide a medical service, which directly aligns with a physician's role. This object works in conjunction with the Healthcare Provider object to provide a robust, industry-standard way of modeling clinicians.

Incorrect Options
A. Person Account: A Person Account is a Salesforce feature that combines an Account and a Contact. While it is often used for managing individual consumers in a B2C model, it is not the recommended or purpose-built approach for modeling doctors within the specialized Health Cloud data model. The Healthcare Provider and Healthcare Practitioner objects provide the necessary fields and relationships to manage the complex data associated with clinicians.
B. Contact: A Contact is a standard Salesforce object used to represent individuals. While a physician could be modeled as a Contact, this approach would not leverage the specific, industry-standard fields and functionalities provided by Health Cloud. Using the specialized Healthcare Provider and Healthcare Practitioner objects is the correct way to capture detailed information about licenses, specialties, and affiliations, which are critical for provider management in a healthcare setting.

Explanation:

✅ A. Care Provider Facility Specialty (or "Healthcare Practitioner Facility Specialty" in some orgs)
Purpose: Links specialties to specific practice locations (e.g., Dr. Smith performs surgeries at Hospital A but not Hospital B).
Use Case: Filters providers by specialty and location.

✅ B. Healthcare Provider Specialty
Purpose: Tracks a provider's specialties (e.g., Cardiology, Pediatrics) and their associated:
Facilities (where they practice)
Certifications (board-approved specialties)
Use Case: Powers filters like "Find a Cardiologist."

✅ D. Healthcare Provider Taxonomy
Purpose: Stores hierarchical specialty classifications (e.g., "Cardiology → Interventional Cardiology") using:
NUCC Taxonomy codes (U.S. standard)
Sub-specialty relationships (parent-child mappings)
Use Case: Enables searches like "Find a Pediatric Oncologist."

Why Not the Others?

❌ C. Care Taxonomy – Not a standard Health Cloud object.
❌ E. Care Specialty – Generic term; not a specific object.