HIPAA privacy rules require covered entities to take all of the following actions EXCEPT___
a) Safeguarding protected health information (PHI)
b) Obtaining written consent before disclosing PHI
c) Providing individuals with a notice of privacy practices
d) Implementing measures to prevent unauthorized access to PHI