Select the correct statement regarding the administrative requirements of the HIPAA privacy rule.
Options:
A.
A covered entity must apply disciplinary sanctions against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity.
B.
A covered entity need not train all members of its workforce whose functions are materially affected by a change in policy or procedure.
C.
A covered entity must designate, and document, a contact person responsible for receiving acknowledgements of Notice of Privacy Practice.
D.
A covered entity may require individuals to waive their rights.
E.
A covered entity must provide maximum safeguards for PHI from any intentional or unintentional use or disclosure that is in violation of the regulations and to limit incidental uses and disclosures made pursuant to permitted or required use or disclosure.
