Question

which of the following standards should be applied when managing protected health information (phi)?

• phi should be thrown in the trash immediately after use.
• phi should only be discussed amongst employees if they work for the same company.
• a pharmacy’s privacy notice only needs to be displayed at the request of a patient.
• electronically transmitted phi should be encrypted.

Explanation:

• For the first option: PHI should be properly disposed (e.g., shredded), not just thrown in trash, so this is incorrect.
• For the second option: PHI discussion is restricted to those with a need - to - know, not just same - company employees, so this is incorrect.
• For the third option: Pharmacies must display privacy notices prominently, not just on patient request, so this is incorrect.
• For the fourth option: Encrypting electronically transmitted PHI is a standard security measure to protect it, so this is correct.

Answer:

D. Electronically transmitted PHI should be encrypted.