Which option correctly describes a secure way to share PHI?

• A. Share PHI with all staff to ensure transparency.
• B. Post PHI on public bulletin boards.
• C. Share PHI only with authorized personnel and use secure channels; keep records in locked storage or secure systems.
• D. Store PHI in personal email accounts.

Answer: (C)

Protecting PHI relies on limiting access to those who genuinely need it and moving information only through secure, verifiable channels. The proper approach is to share PHI exclusively with authorized personnel who have a legitimate need to know, and to use encrypted, authenticated methods for any transmission. Keeping PHI in locked physical storage or in secure digital systems with strict access controls, strong authentication, and audit logs ensures records aren’t exposed or tampered with. This combination—minimum necessary access, secure transmission, and protected storage—maintains confidentiality, integrity, and accountability.

Sharing with everyone, posting PHI publicly, or using personal email accounts bypasses these safeguards and creates unnecessary risk of disclosure and violations.