GCP Professional Cloud Architect Practice Question
Your team is asked to architect a new EHR analytics platform on Google Cloud. The system will store protected health information (PHI) in Cloud Storage, process it with Dataflow, and query results in BigQuery. Compliance officers insist the project must be HIPAA-compliant from day one. What is the first prerequisite you must fulfill so that Google contractually commits to safeguard PHI for all used services?
Restrict all resources to the us-central1 and us-east1 regions to keep data within U.S. boundaries.
Enable VPC Service Controls and add all projects in the workflow to a service perimeter that blocks egress to the public internet.
Execute Google Cloud's HIPAA Business Associate Addendum (BAA) for the organization or billing account before provisioning any resources.
Create customer-managed encryption keys (CMEK) in Cloud KMS and configure every service to use them for data-at-rest encryption.
Google Cloud will treat data as protected health information under HIPAA only after the customer signs Google's Business Associate Addendum (BAA). The BAA is a legal agreement linked to the customer's Cloud Billing account (or organization) that extends HIPAA safeguards to all covered Google Cloud services. While controls such as VPC Service Controls, CMEK, or choosing specific regions can strengthen security and help meet particular policy requirements, none of them establish the contractual obligations required by HIPAA. Without an executed BAA, storing or processing PHI in Google Cloud is not compliant, regardless of other technical controls in place.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Google's Business Associate Addendum (BAA)?
Open an interactive chat with Bash
Why does enabling VPC Service Controls or CMEK not fulfill HIPAA requirements by itself?
Open an interactive chat with Bash
What happens if PHI is stored in Google Cloud prior to signing the BAA?
Open an interactive chat with Bash
What is a Business Associate Addendum (BAA)?
Open an interactive chat with Bash
What is PHI and why does it require special protection?
Open an interactive chat with Bash
How does the Google Cloud BAA relate to HIPAA compliance?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing for security and compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .