A: The individual would be responsible for the exposure, sharing, or theft of patient portal credentials. What a patient does with login credentials is outside the control of the CE, or the vendor acting on behalf of the CE, so the liability or risk rests with the individual. It is important to educate patient portal users that it is their ....