What are secure methods to transmit PHI between providers and payers?

• A. Secure patient portal messages, encrypted email, or direct secure fax.
• B. Unencrypted email.
• C. Public social media.
• D. Regular mail.

Answer: (A)

Transmitting PHI must use channels that protect confidentiality and prevent interception or misuse. The best options are methods designed for secure health information exchange: patient portal messages that require user authentication, encrypted email that protects content in transit, and direct secure fax that uses a secure, authenticated delivery path. These channels restrict access to authorized recipients and keep PHI encrypted and protected both in transit and, often, at rest.

Unencrypted email can be read if intercepted, so it doesn’t meet security requirements. Public social media is not a private or controlled channel for PHI and lacks appropriate safeguards. Regular mail can pose exposure risks and is slower and harder to control, making it less suitable for sensitive health data.