Which measure is included in protecting confidential patient data in physical and digital forms?

• A. Leaving unencrypted records on open shelves.
• B. Sharing login credentials with colleagues to speed up care.
• C. Access controls, encryption, secure storage, disposal, and staff training on privacy.
• D. Printing copies of all records for every department.

Answer: (C)

Protecting confidential patient data requires a layered approach that covers both paper and electronic records through technical safeguards and strong privacy practices. The best choice brings together access controls, encryption, secure storage, proper disposal, and staff training on privacy.

Access controls limit who can view records, ensuring only authorized staff can access sensitive information. Encryption protects data so that even if a device or file is accessed without permission, the data remains unreadable. Secure storage prevents physical theft or tampering of paper records and backup media. Proper disposal ensures that discarded records and media cannot be recovered. Staff training on privacy reinforces correct handling, labeling, and sharing practices, reducing human error and inadvertent breaches.

Why the other options don’t fit: leaving records unencrypted on open shelves creates an obvious risk of exposure; sharing login credentials eliminates accountability and weakens security; printing copies for every department increases the number of records that could be lost or exposed. Together, the described measures address confidentiality across both forms of data.