1. HealthIT.gov >
  2. For Providers & Professionals >
  3. Privacy & Security >
  4. Mobile Device Privacy and Security >
  5. Five steps organizations can take to manage mobile devices used by health care providers and professionals

Mobile Device Privacy and Security

Five steps organizations can take to manage mobile devices used by health care providers and professionals

  1. Decide
  2. Assess
  3. Identify
  4. Develop, Document, and Implement
  5. Train

These five steps are intended to help organizations manage mobile devices in a health care setting.

  1. 1

    Decide

    Decide whether mobile devices will be used to access, receive, transmit, or store patients’ health information or used as part of your organization’s internal networks or systems (e.g., your EHR system).

    Go to Step 1

  2. 2

    Assess

    Consider how mobile devices affect the risks (threats and vulnerabilities) to the health information your organization holds.

    Go to Step 2

  3. 3

    Identify

    Identify your organization’s mobile device risk management strategy, including privacy and security safeguards.

    Go to Step 3

  4. 4

    Develop, Document, and Implement

    Develop, document, and implement the organization’s mobile device policies and procedures to safeguard health information.

    Go to Step 4

  5. 5

    Train

    Conduct mobile device privacy and security awareness and training for providers and professionals.

    Go to Step 5

"Managing Mobile Devices in Your Health Care Organization" Fact Sheet

Health care organizations can use the five steps outlined in this fact sheet to help them develop and implement mobile device policies and procedures to safeguard patient health information.

NOTE: The content on the Mobile Device Privacy and Security subsection of HealthIT.gov is provided for informational purposes only and does not guarantee compliance with Federal or state laws. Please note that the information and tips presented may not be applicable or appropriate for all health care providers and professionals. We encourage providers, professionals, and organizations to seek expert advice when evaluating these tips. The Mobile Device Privacy and Security subsection of HealthIT.gov is not intended to be an exhaustive or definitive source on safeguarding health information from privacy and security risks. It is also not intended to serve as legal advice or offer recommendations based on a provider’s or professional’s specific circumstances. For more information about the HIPAA Privacy and Security Rules, please visit the HHS Office for Civil Rights Health Information Privacy website.