ExpertThis question is part of a case study — click to read the full scenario(Case 11)
CASE STUDY: CareData Health
Company Overview:
CareData Health is a large healthcare provider network operating 50 hospitals. They manage petabytes of patient records, medical imaging, and telemetry data.
Current Technical Environment:
- Decentralized on-premises data centers at each hospital
- Legacy Electronic Health Record (EHR) systems
- Fragmented data silos preventing holistic patient views
Business Requirements:
- Centralize patient data into a single secure data lake
- Enable machine learning for predictive diagnostics
- Securely share anonymized data with external research partners
Executive Statements:
- CEO: "We must leverage AI to improve patient outcomes and reduce readmission rates."
- CISO: "Zero tolerance for data breaches. Patient data must be encrypted everywhere, and we must prevent any unauthorized data exfiltration."
- DPO (Data Protection Officer): "We must strictly adhere to HIPAA in the US and GDPR for our European patients. Data residency is mandatory."
Technical Requirements:
- End-to-end encryption using keys managed by CareData
- Strict access controls and comprehensive audit logging
- Ingestion of HL7 and FHIR healthcare data formats
- Physical separation of EU and US data
Constraints:
- Highly regulated environment
- Legacy systems cannot be modified, only integrated with
QUESTION:
To meet the CISO's requirement of preventing unauthorized data exfiltration from the centralized data lake (BigQuery and Cloud Storage), which security control should you implement?
GCP PCA · Question 13 · Domain 1: Designing and Planning a Cloud Solution Architecture
CASE STUDY: CareData Health
Company Overview:
CareData Health is a large healthcare provider network operating 50 hospitals. They manage petabytes of patient records, medical imaging, and telemetry data.
Current Technical Environment:
- Decentralized on-premises data centers at each hospital
- Legacy Electronic Health Record (EHR) systems
- Fragmented data silos preventing holistic patient views
Business Requirements:
- Centralize patient data into a single secure data lake
- Enable machine learning for predictive diagnostics
- Securely share anonymized data with external research partners
Executive Statements:
- CEO: "We must leverage AI to improve patient outcomes and reduce readmission rates."
- CISO: "Zero tolerance for data breaches. Patient data must be encrypted everywhere, and we must prevent any unauthorized data exfiltration."
- DPO (Data Protection Officer): "We must strictly adhere to HIPAA in the US and GDPR for our European patients. Data residency is mandatory."
Technical Requirements:
- End-to-end encryption using keys managed by CareData
- Strict access controls and comprehensive audit logging
- Ingestion of HL7 and FHIR healthcare data formats
- Physical separation of EU and US data
Constraints:
- Highly regulated environment
- Legacy systems cannot be modified, only integrated with
QUESTION:
How should you architect the ingestion pipeline to handle the legacy EHR data formats (HL7 and FHIR) without modifying the legacy systems?
CASE STUDY: CareData Health
Company Overview:
CareData Health is a large healthcare provider network operating 50 hospitals. They manage petabytes of patient records, medical imaging, and telemetry data.
Current Technical Environment:
- Decentralized on-premises data centers at each hospital
- Legacy Electronic Health Record (EHR) systems
- Fragmented data silos preventing holistic patient views
Business Requirements:
- Centralize patient data into a single secure data lake
- Enable machine learning for predictive diagnostics
- Securely share anonymized data with external research partners
Executive Statements:
- CEO: "We must leverage AI to improve patient outcomes and reduce readmission rates."
- CISO: "Zero tolerance for data breaches. Patient data must be encrypted everywhere, and we must prevent any unauthorized data exfiltration."
- DPO (Data Protection Officer): "We must strictly adhere to HIPAA in the US and GDPR for our European patients. Data residency is mandatory."
Technical Requirements:
- End-to-end encryption using keys managed by CareData
- Strict access controls and comprehensive audit logging
- Ingestion of HL7 and FHIR healthcare data formats
- Physical separation of EU and US data
Constraints:
- Highly regulated environment
- Legacy systems cannot be modified, only integrated with
QUESTION:
How should you architect the ingestion pipeline to handle the legacy EHR data formats (HL7 and FHIR) without modifying the legacy systems?
Answer options:
Write a custom Python script on Compute Engine to parse the HL7 messages using regular expressions.
Use the Cloud Healthcare API to ingest, parse, and de-identify the HL7 and FHIR data before storing it in BigQuery.
Stream the data directly into Cloud Spanner and use SQL views to format the data.
Use Cloud Data Fusion to connect directly to the legacy EHR databases and extract the data.
How to approach this question
Full Answer
Common mistakes
Practice the full GCP Professional Cloud Architect Practice Exam 3
50 questions · hints · full answers · grading