Which action best protects PHI when sending emails about patient care?

• A. Only disclose PHI with patient consent, regardless of necessity.
• B. Email PHI in plain text to colleagues to speed up care.
• C. Share PHI on public bulletin boards.
• D. Use secure, encrypted email channels and limit PHI to the minimum necessary.

Answer: (D)

Protecting patient information when communicating electronically is about keeping PHI secure in transit and sharing only what is needed. Using secure, encrypted email channels ensures that the content cannot be read by unauthorized people if the message is intercepted. Limiting the information to the minimum necessary reduces the risk of exposing more PHI than is needed for the care being provided. In contrast, sending PHI in plain text, posting it on public boards, or relying solely on patient consent without considering necessity can expose sensitive data and violate privacy protections. So the best approach is to use secure, encrypted email and include only the minimum PHI required for patient care.