Encrypting the data using shield (A) and using field level security setting, record access setting and object permission (E) are two ways to prevent unauthorized users from accessing the data. Installing shield and enabling mask (B) is not enough to protect the data, as masking only obscures the data in reports and dashboards, but does not prevent access to the underlying data. Creating sharing sets and optimizing data using mask (D) are not relevant to data security.

Health Cloud meets compliance and regulatory requirements in the following ways2:
Health Cloud helps healthcare organizations achieve HIPAA compliance. HIPAA is a US law that protects the privacy and security of patient health information. Health Cloud offers various features and tools to help customers comply with HIPAA, such as encryption, audit trails, data masking, and consent management. Customers who want to use Health Cloud for HIPAA purposes can sign a Business Associate Addendum (BAA) with Salesforce.
Health Cloud is HL7 compliant. HL7 is a set of standards for exchanging health information electronically. Health Cloud supports HL7 FHIR (Fast Healthcare Interoperability Resources), which is a modern specification for representing and sharing health data. Health Cloud allows customers to integrate with external systems that use FHIR APIs and access FHIR resources within Salesforce.
Health Cloud is HITRUST certified. HITRUST is a framework that provides a comprehensive and flexible approach to security and privacy in the healthcare industry. HITRUST certification demonstrates that an organization meets the highest standards of data protection and compliance. Health Cloud has achieved HITRUST CSF certification for its core services and features.
Health Cloud is not HIPAA certified or GDPR certified. HIPAA certification does not exist as a formal process or accreditation. HIPAA compliance is a shared responsibility between Salesforce and its customers, and each party must implement appropriate safeguards and policies to protect patient data3. GDPR is a European law that regulates the processing of personal data of individuals in the EU. GDPR compliance depends on various factors, such as the type and purpose of data processing, the location of data subjects and processors, and the rights and obligations of data controllers4. Salesforce provides various tools and resources to help customers comply with GDPR, but it does not certify Health Cloud as GDPR compliant.

To enhance their assessment functionality with Discovery Framework, a consultant should configure the following capabilities with Health Cloud out-of-the-box:
Using Previously Submitted Responses: This capability allows users to pre-populate assessment questions with responses from previous assessments, saving time and effort. Users can also edit the responses if needed1.
Digital Signature Capture: This capability allows users to capture electronic signatures from patients or other parties on the assessment form, ensuring consent and compliance. Users can also view and download the signed document as a PDF file2.
Adding a QR Code: This capability allows users to generate a QR code for the assessment form, which can be scanned by patients or other parties to access and complete the assessment on their mobile devices. Users can also track the status of the QR code and send reminders if needed3. FHIR Question Bank or SMS Assessment Completion are not capabilities that are available with Health Cloud out-of-the-box.

Salesforce Surveys is the best solution for moving existing PROMs surveys to Health Cloud. It allows for question banks and version control for this standardized survey.

To implement remote monitoring functionality in Health Cloud, an administrator should populate the following records:
Code Sets: These are records that define the codes and descriptions for various types of data, such as care metrics, care observations, or units of measure. Code sets help standardize the data and enable interoperability with external systems1.
Units of Measure: These are records that define the units of measurement for various types of data, such as weight, blood pressure, or temperature. Units of measure help convert the data into a common format and enable comparison and analysis2.
Care Metric Targets: These are records that define the target values or ranges for various types of care metrics, such as blood glucose level, heart rate, or oxygen saturation. Care metric targets help monitor the patient's health status and identify any deviations or risks3.
Care Observations: These are records that store the data collected from patient devices, such as blood pressure monitors, glucose meters, or pulse oximeters. Care observations help track the patient's health progress and provide insights for care management4. Remote Monitoring Device Types, Biometrics, Chart Metrics, or Care Episodes are not records that are required for remote monitoring functionality.