Which of the following poses a security risk for electronic protected health information (ePHI)?

Losing a work computer is indeed a significant security risk for electronic protected health information (ePHI). When a work computer is lost, it can potentially expose all the data stored on it, including sensitive patient information. This incident can lead to unauthorized access to ePHI, putting the privacy and security of patients at risk. If the computer is not secured with encryption or strong password protection, the chances of data breaches increase substantially.

In contrast, using cloud storage for backups can present risks if the cloud service lacks adequate security measures; however, many reputable cloud services offer strong protections and compliance with health information privacy regulations. Implementing a strong password policy and encrypting patient records are proactive measures intended to enhance security, thus reducing the risk of unauthorized access to ePHI. These practices help ensure that even in the unfortunate event of a breach or loss of a physical device, the data itself remains protected.