Which of the following is a HIPAA practice implication for electronic data?

• A. Paper records are exempt from privacy protections.
• B. There is no requirement to safeguard electronic data.
• C. Info stored or transmitted by computer must be safeguarded.
• D. Only for physicians, not for therapists.

Answer: (C)

Electronic protected health information must be safeguarded under HIPAA. The Security Rule requires protective measures for information stored or transmitted electronically, so anything on a computer, network, or digital backups needs administrative, physical, and technical safeguards. This means practical steps like controlling who can access systems, using authentication and encryption, maintaining audit trails, and ensuring secure transmission of PHI. The requirement applies to therapists and physicians alike, as well as other covered entities and business associates, not just one type of provider. Breach response and ongoing risk management flow from this safeguard obligation, underscoring that electronic data cannot be left unprotected.