When complying with HIPAA using Salesforce Shield, Bloomington Caregivers must:

Encrypt sensitive data in transit and at rest:

Shield Platform Encryption ensures encryption at rest; Salesforce uses TLS for encryption in transit.

Extract:

“Salesforce Shield encrypts sensitive data at rest. Salesforce also encrypts data in transit using TLS.”

( Source: Salesforce Se curity Guide , Shield Platform Encryption Guide )

Implement and regularly review audit trails:

Shield Event Monitoring and Field Audit Trail help monitor data access and modifications.

Extract:

“Implement audit trails and monitor them to detect unauthorized or suspicious activities.”

([Source: Salesforce Security Guide, Shield Platform Encryption Guide])

Configure data retention policies:

Retain records for legally required periods to comply with HIPAA.

Extract:

“Data retention policies must comply with legal and regulatory requirements, including HIPAA.”

([Source: Salesforce Security Guide])

Why not B or C?

Providing access to third-party auditors is not a Salesforce Shield requirement; such reviews are typically handled internally.

Using third-party backup solutions is not a core Shield/HIPAA control within Salesforce, and data residency must be managed with care.