A covered entity is not HIPAA compliant if it has not taken basic steps to prepare for?
A. Security risk assessments
B. Employee training on privacy policies
C. Implementing physical safeguards
D. Developing and implementing policies and procedures