I agree with Alexander's excellent reply and would like to add... Educate your workforce that if they post something to Sharepoint that contains PHI that other members do not need to see/know to do their jobs, it could possibly be a HIPAA violation (impermissible use or maybe even an breach depending on the risk assessment). The same way that if it was an actual piece of paper with PHI on it and they physically shared it with someone who had no need to know. Educate them to de-identify reports first! For example, we see a quarterly Risk Management report – but the report has been de-identified so there are no patient names, medical record numbers, etc. contained in it.
If it is accessible to those who would not need to see it to do their jobs, I would say the moment it's posted, the poster has committed a HIPAA violation (impermissible use). That's not exactly safeguarding/protecting the PHI, is it?