How should PHI be handled during enrollment conversations?

PHI stands for protected health information, and in enrollment conversations the priority is to protect confidentiality while gathering only what’s needed. The best approach is to use secure communications, limit data collection to what’s necessary for enrollment, and obtain consent when required. Using secure channels means encrypted methods or a secure portal rather than plain emails or unprotected messaging. Collect only the information essential to complete enrollment—identity details, plan selection, eligibility, and any data strictly necessary for processing—and avoid gathering extraneous sensitive information. Also, obtain consent for disclosures when required by law or policy, and be clear about how the information will be used and shared. This aligns with privacy and security requirements and helps maintain trust and compliance. Sharing PHI with all providers by default, sending PHI in plain text, or collecting maximum data without consent would breach security and privacy rules.