posted by Andrew .
Under HIPAA, which one of the following statements is true regarding the release of
PHI by covered entities to business associates?
A. Covered entities are responsible for the use of PHI made by business associates.
B. Covered entities aren’t allowed to release PHI (identifiable or de-identified) to
C. Covered entities must require adequate assurances in writing that business
associates will adequately safeguard PHI.
D. Once a covered entity releases information to a business associate, the associate
may disclose that information to other entities.