Which statement about HIPAA is true?

• A. It regulates only privacy, not security.
• B. It regulates the privacy and security of PHI.
• C. It governs hospital scheduling and staffing.
• D. It has no relevance to patient data.

Answer: (B)

HIPAA protects health information through two main areas: privacy and security. The Privacy Rule sets who can access PHI and under what circumstances, while giving patients rights over their information. The Security Rule focuses on protecting electronic PHI, requiring administrative, physical, and technical safeguards such as risk management policies, secure facilities and devices, access controls, encryption, and audit trails. Together, these rules ensure PHI is kept confidential, protected from unauthorized access, and available appropriately.

So, the statement is true because HIPAA covers both privacy and security of PHI, not just one aspect. It doesn’t govern hospital scheduling and staffing, and it is highly relevant to patient data.