EHR and practice management for mental / behavioral health

Are Your Mobile Devices HIPAA Compliant?

by Donna Koger, 2.21.17

PIMSY behavioral health EMR shares tips to being HIPAA compliant on mobile devicesOkay, so we’ve told you about encryption on computers, but what about mobile devices like iPads, iPhones and Androids? Can you encrypt these so that PHI on them is not accessible by anyone but you? The answer is yes and it is actually quite simple in most cases.

Encryption on Apple Devices

  • According to TechTarget, [Their team] “found the Apple iOS to be more secure, in part because iOS has very limited multitasking functions. It has more security features than Android or Windows at this time.”
  • Turning on an iPad’s passcode feature automatically encrypts all the data stored on the device. The device will prevent access to the passcode if the wrong one is entered 10 times consecutively.
  • The iPad can encrypt messages through the Advanced Settings Option under Account Information.
  • The iPad’s built-in email client supports encrypted email transfers over the Secure Sockets Layer (SSL) protocol. To turn on SSL, go to the Advanced Settings option under Account Information. This will not encrypt email while it is on your iPad, but it will encrypt emails sent over the internet between your iPad and your email server.

Encryption on Android Devices

There are a few things worth noting:

  • Encrypting the device can take an hour or longer.
  • Your device’s battery must be at least 80% charged. Android won’t even start the process otherwise.
  • Your device must be plugged in throughout the entire process. If you interfere with the process or end it before it’s finished, you will likely lose all your data.


  • Go to the Settings menu to Security or however it is labeled on your device. If your device is already encrypted, it will show here.
  • Some devices will also allow SD card contents to be encrypted, however, by default, Android only encrypts on-board storage.

Take Away

Of course, the ultimate answer to being mobile ready is not storing PHI on a mobile device. If you must, however, to be sure your device is HIPAA compliant, implement encryption.

Resources Include


Find more complimentary resources in our HIPAA Resource Center.
Our Most Popular Posts:
OMG HIPAA Compliance Key
2016 HIPAA Audit Series
Disaster Backup Plan: Are You Prepared?
HIPAA Compliance in a Nutshell
HIPAA Email Guidelines


Donna Koger
 is currently the HIPAA Compliance Officer and materials developer for software training and support at Smoky Mountain Information Systems, home of PIMSY EHR. Ms. Koger is also a regular contributor to the PIMSY EHR Blog.

Kudos from Clients

Seth H.

“PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

~ Seth H., Business Owner

Subscribe To Our Newsletter

Subscribe to the PIMSY newsletter
What topics are you most interested in?