The Department of Health and Human Services (HHS) on December 12, 2012 published a News Release on its website regarding a new educational initiative fro providers to safely keep PHI on mobile devices.  There is a online set of tools that are available on the website for providers.  The initiative is called, “Know the Risks, Take the Steps, Protect and Secure Health Information.”  It is available at with initiative and guidance at

The recommendations place providers on notice as to what the expectations are of the HHS to protect PHI:

  • Use a password or other user authentication.
  • Install and enable encryption.
  • Install and activate remote wiping and/or remote disabling.
  • Disable and do not install or use file sharing applications.
  • Install and enable a firewall.
  • Install and enable security software.
  • Keep your security software up to date.
  • Research mobile applications before downloading.
  • Maintain physical control (i.e., protect against lost devices).
  • Use adequate security to send or receive health information over public Wi-Fi networks.
  • Delete all stored health information before discarding or reusing the mobile device

Please review the security that you use for your mobile devices to assure that you are providing the protections that are expected