Where should PHI records be stored to maintain confidentiality?

• A. In an unlocked storage cabinet.
• B. In personal email accounts.
• C. In locked storage or secure electronic systems.
• D. On a public shared drive.

Answer: (C)

PHI records must be kept confidential by limiting access to authorized personnel through both physical and electronic safeguards. Physically, store PHI in a locked cabinet or secured area to prevent unauthorized access. Electronically, keep PHI in locked storage or secure electronic systems that require authentication, encryption, and protections like audit logs and regular backups. This approach follows privacy and security standards (such as HIPAA) that require safeguarding PHI from improper access, disclosure, or loss. Unsecured options—like an unlocked cabinet, personal email accounts, or public shared drives—do not provide adequate access controls or protection, so they fail to maintain confidentiality.