Which of the following statements best describes HIPAA safeguards for protecting ePHI in a TA environment?

HIPAA safeguards require a layered approach that spans administrative, physical, and technical controls, and must include audit capabilities. Administrative safeguards cover policies, procedures, risk analysis, workforce training, and incident response. Physical safeguards protect the actual facilities, equipment, and devices—things like secure facilities, locked rooms, and workstation security. Technical safeguards are the measures that control access, authenticate users, protect data in transit and at rest, and crucially, generate and preserve audit trails so you can monitor and review who accessed ePHI and what actions were taken. In a trusted agent environment, those audit trails are essential for accountability, incident detection, and proving compliance. So, implementing all three safeguard categories with audit trails best aligns with HIPAA requirements, whereas focusing on only one area or ignoring audits leaves ePHI vulnerable and untraceable, and simply relying on a defensive perimeter does not meet the mandated need for ongoing monitoring and auditing.