Which of the following poses a security risk for electronic protected health information (ePHI)?

Losing a work computer poses a significant security risk for electronic protected health information (ePHI) because it directly increases the likelihood of unauthorized access to sensitive data. When a computer that stores or has access to ePHI is lost, the confidential information it contains could potentially fall into the hands of individuals who are not authorized to view it. This breach could lead to a variety of harmful consequences, such as identity theft, privacy violations, and a loss of trust from patients and regulatory bodies.

In contrast, the other options mentioned either help mitigate risk or inherently involve practices that enhance security. Using cloud storage for backups, when done correctly and with secure providers, can be a means to protect data from loss. Implementing a strong password policy serves to fortify access controls, making it harder for unauthorized users to gain entry into systems that house ePHI. Encrypting patient records secures the information itself, ensuring that even if data is intercepted or accessed without permission, it remains unreadable without the proper decryption key. Thus, each of these strategies contributes to a robust security framework for handling ePHI, whereas losing a work computer severely undermines that framework.