1. B: Your facility must determine who can view and modify your patients' PHI. Some employees will have greater access to patient records than others.
2. C: Who users claim to be is their identity. Having an identity proves that a user exists and that the user has access rights.
3. A: Once users are identified, they must authenticate, or prove, that they are who they say they are. Without proper authentication, inappropriate users could access your patients' PHI!
4. B: The best practice for allowing access to information is a combination three unique identifiers. Here those identifiers are the user's name, password and a token.