Frequently Asked Questions

Overview of Privacy, Security, and Mobile Devices

Do you need to comply with HIPAA if you are using a mobile device?

What are some activities that make mobile devices vulnerable to attack?

What are common sources of threats to mobile devices or the health information on them?

What are some risks to know about before using a mobile device for patient care?

What can you do to protect and secure health information when you are using a mobile device for patient care?

Mobile Device Ownership (BYOD vs. Organization-Provided)

What if you use a mix of personally owned and organization-provided mobile devices?

What should you know about your mobile device if you are affiliated with more than one organization?

What should you do when terminating access by a provider, professional, or staff to a mobile device or their access to an internal network or system with their personally owned mobile device?

What is the difference between using your personally owned mobile device for work and using the mobile device your employer, practice, hospital, or organization provides?

What should you know about using your personally owned mobile device for work?

Location of Mobile Device Use

What should you do when using a mobile device in a combination of locations, such as home, hospital, or at a hotel?

What should you do when using a mobile device in remote location, such as a home office?

What should you do when using a mobile device in a health care facility, such as a hospital or in your office?

What should you do when using a mobile device in a public space, such as a coffee shop or an airport?

Using a Mobile Device to Communicate

What privacy and security safeguards should you have in place on your mobile device before communicating with a patient?

What should you know when transmitting health information using a public wired Internet connection?

Can you use email to send health information using your mobile device?

Can you use texting to communicate health information, even if it is to another provider or professional?

What should you know if your mobile device has Bluetooth capability?

Electronic Health Record/Health Information Exchange Access Using a Mobile Device

How can you access the organization’s Electronic Health Record (EHR) system or Health Information Exchange (HIE) using your mobile device?

Backing Up Data Stored on a Mobile Device

How can you back up data stored on your mobile device to a secure server?

Mobile Device Disposal

Can you reuse or dispose of a mobile device that has stored health information on it?

Mobile Device Security Incident Reporting

What should you do if you think there was an unauthorized use or disclosure of health information involving your mobile device?

Mobile Device Passwords

What is a password policy?

What are some tips for protecting your password?

What is a strong password?

What are some tips for creating a strong password?

Mobile Device Encryption

How do mobile devices and encryption relate to Meaningful Use?

Are there any standards for encryption?

What is encryption?

Mobile Device Privacy and Security Video Series

Where can you find examples of how a provider’s office identifies mobile device risks and security safeguards?

How can a mobile device user protect and secure health information against the possibility of the device being lost or stolen?

How can a mobile device user protect and secure health information in a public space and on a public Wi-Fi networks or hot spots?

Definitions for Mobile Device Privacy and Security

What is remote disabling?

What is an “organization” for purposes of the Mobile Device Privacy and Security subsection of HealthIT.gov?

Who is a “provider” or “professional” for purposes of the Mobile Device Privacy and Security subsection of HealthIT.gov?

What is a “mobile device” for purposes of the Mobile Device Privacy and Security subsection of HealthIT.gov?

What does “https” in a web address mean?

What is “health information” for purposes of the Mobile Device Privacy and Security subsection of HealthIT.gov?

What is a “secure Wi-Fi network”?

What is remote wipe?

What is a virtual private network?

What is a firewall?

What is mobile device time-out or automatic logoff?

What is security software?

What is a mobile application?

Submit a Question or Comment

I don’t see an answer to a question I have regarding using a mobile device to access, send, transmit or receive health information. How can I submit a question to ONC?

How can I contact OCR with questions regarding the HIPAA Privacy, Security and HITECH Breach Notification Rules?

NOTE: The content on the Mobile Device Privacy and Security subsection of HealthIT.gov is provided for informational purposes only and does not guarantee compliance with Federal or state laws. Please note that the information and tips presented may not be applicable or appropriate for all health care providers and professionals. We encourage providers, professionals, and organizations to seek expert advice when evaluating these tips. The Mobile Device Privacy and Security subsection of HealthIT.gov is not intended to be an exhaustive or definitive source on safeguarding health information from privacy and security risks. It is also not intended to serve as legal advice or offer recommendations based on a provider’s or professional’s specific circumstances. For more information about the HIPAA Privacy and Security Rules, please visit the HHS Office for Civil Rights Health Information Privacy website.