Questions: Which of the following is NOT a safe harbor when it comes to securing PHI: direct text messaging, encryption, destruction, password protected computers.

The answer is the first one: direct text messaging.

Explanation for each option:

1. Direct text messaging: This is NOT a safe harbor for securing Protected Health Information (PHI). Standard text messaging services are typically not secure and do not comply with the Health Insurance Portability and Accountability Act (HIPAA) requirements for protecting PHI. They lack encryption and other security measures necessary to ensure the confidentiality and integrity of sensitive health information.

2. Encryption: This is a safe harbor for securing PHI. Encryption transforms data into a format that is unreadable to unauthorized users, ensuring that PHI is protected during transmission and storage. HIPAA strongly recommends encryption as a method to safeguard PHI.

3. Destruction: This is a safe harbor for securing PHI. Proper destruction methods, such as shredding paper records or securely deleting electronic files, ensure that PHI cannot be reconstructed or retrieved by unauthorized individuals. HIPAA requires covered entities to implement policies and procedures for the secure disposal of PHI.

4. Password protected computers: This is a safe harbor for securing PHI. Using strong passwords and ensuring that computers are password-protected helps prevent unauthorized access to PHI. This is a basic security measure recommended by HIPAA to protect electronic health information.

Summary: Direct text messaging is not a safe harbor for securing PHI because it lacks the necessary security measures such as encryption, making it vulnerable to unauthorized access.