What is the purpose of a covered entity creating policies and procedures that limit who can access patient PHI?
A. To protect the privacy of consumers' health information
B. To limit the use and disclosure of PHI
C. To provide training to employees on safeguarding PHI
D. To create barriers to accessing patient PHI