Health-Cloud-Accredited-Professional Practice Test
Salesforce Spring 25 Release 228 Questions
Bloomington Caregivers is implementing Health Cloud for managing the healthcare data of children under the age of 13.
Which three considerations should the company take into account to ensure compliance with the Children's Online Privacy Protection Act (COPPA)?
A. Obtaining verified parental consent before collecting and storing any personal information of children
B. Disclosing the organization's privacy policy to parents and obtaining their consent
C. Ensuring that Bloomington Caregivers' system implementation partner has met all COPPA regulations during the build phase
D. Implementing appropriate security measures to safeguard children's personal information
E. Ensuring information collected about children is protected with at rest and in-transit encryption
A. Obtaining verified parental consent before collecting and storing any personal information of children B. Disclosing the organization's privacy policy to parents and obtaining their consent D. Implementing appropriate security measures to safeguard children's personal information
Explanation:
✅ A. Obtaining verified parental consent before collecting/storing personal information
COPPA requires explicit, verifiable parental consent for data collection from children under 13
Health Cloud implementations must include consent tracking workflows (e.g., e-signature capture for consent forms)
✅ B. Disclosing privacy policies and obtaining consent
Must clearly explain:
What data is collected (e.g., medical history, contact info)
How it will be used
Third-party sharing practices
Consent mechanisms must be "opt-in" (not pre-checked boxes)
✅ D. Implementing appropriate security measures
Required safeguards include:
Role-based access controls (restrict child records to authorized staff only)
Audit trails for all access/modifications
Data retention/deletion policies for child records
Why the others are secondary:
❌ C. While important, partner compliance doesn't absolve Bloomington of its own COPPA obligations
❌ E. Encryption is a security best practice but not explicitly mandated by COPPA (though strongly recommended)