Heather is the network administrator for her company, a small medical billing company in Billings. Since the company handles personal information for thousands of clients, they must comply with HIPAA rules and regulations. Heather downloads all the HIPAA requirements for information security and begins an audit of the company. Heather finds out that many of the billing technicians have beensending sensitive information in PDF documents to outside companies. To protec
t this information, they have been password protecting the PDF documents. Heather has informed all the technicians that this method of protecting the data is not safe enough. Why is using passwords to protect PDF documents not enough to safeguard against information leakage?

A.
This is not enough protection because PDF passwords can easily be cracked by many different software applications.

B.
The technicians should not only rely on PDF passwords because the passwords are sent as an attached text file went sent through email.

C.
Since PDF password protection alone does not comply with SOX; they should not solely rely on them for protection.

D.
PDF passwords are not reliable because they are completely stripped off from the documents once they are passed through email.