Gary is an agent working at his home office; which of the options below is not a best practice for protecting PII and PHI?

The choice indicating that using a printer that electronically retains copies of consumer information is not a best practice for protecting Personally Identifiable Information (PII) and Protected Health Information (PHI) is correct. Such printers can pose significant risks, as they have the potential to store sensitive information internally. This means that if the printer is not properly secured or if it is disposed of without appropriate protocols, the stored data could be accessed by unauthorized individuals, leading to breaches of confidentiality and serious violations of privacy regulations.

In contrast, employing a shredding printer, a secure file storage system, and implementing strong password policies are all best practices. Shredding documents ensures that physical copies of sensitive information cannot be reconstructed or misused. A secure file storage system provides a safe environment for keeping digital information, protecting it through encryption and access controls. Strong password policies help to prevent unauthorized access to systems where PII and PHI are stored, reinforcing the overall security framework needed to protect sensitive information in various contexts, including remote work settings.

Thus, recognizing the risks associated with printers that retain electronic copies of data is crucial for effective PII and PHI protection.