Which configuration statement about privacy controls is true?

Privacy controls rely on layered safeguards that cover who can access data, how identities are verified, and how access is tracked and governed. Role-based access control ensures users can only see information necessary for their job, enforcing least privilege. Authentication confirms the person requesting access is who they claim to be. Audit logs provide a traceable record of who accessed data and when, which is essential for monitoring, investigation, and compliance. Patient privacy settings allow individuals to specify their sharing preferences, adding a patient-centric control over data visibility. Organization-level data-sharing policies govern how information moves between entities, ensuring sharing complies with governance rules and regulatory requirements. Put together, these elements create a comprehensive privacy configuration, which is why this statement is true. The other options miss important parts: relying only on passwords ignores identity verification beyond something the user knows and lacks auditing; anonymous access violates privacy; no audit logging removes accountability.