877.334.8512 |      

EHR and practice management for mental / behavioral health

Are Your Mobile Devices HIPAA Compliant?

PIMSY behavioral health EMR shares tips to being HIPAA compliant on mobile devices

by Donna Koger, 2.21.17

Okay, so we’ve told you about encryption on computers, but what about mobile devices like iPads, iPhones and Androids? Can you encrypt these so that PHI on them is not accessible by anyone but you? The answer is yes and it is actually quite simple in most cases.

Encryption on Apple Devices

  • According to TechTarget, [Their team] “found the Apple iOS to be more secure, in part because iOS has very limited multitasking functions. It has more security features than Android or Windows at this time.”
  • Turning on an iPad’s passcode feature automatically encrypts all the data stored on the device. The device will prevent access to the passcode if the wrong one is entered 10 times consecutively.
  • The iPad can encrypt messages through the Advanced Settings Option under Account Information.
  • The iPad’s built-in email client supports encrypted email transfers over the Secure Sockets Layer (SSL) protocol. To turn on SSL, go to the Advanced Settings option under Account Information. This will not encrypt email while it is on your iPad, but it will encrypt emails sent over the internet between your iPad and your email server.

Encryption on Android Devices

There are a few things worth noting:

  • Encrypting the device can take an hour or longer.
  • Your device’s battery must be at least 80% charged. Android won’t even start the process otherwise.
  • Your device must be plugged in throughout the entire process. If you interfere with the process or end it before it’s finished, you will likely lose all your data.


  • Go to the Settings menu to Security or however it is labeled on your device. If your device is already encrypted, it will show here.
  • Some devices will also allow SD card contents to be encrypted, however, by default, Android only encrypts on-board storage.

Take Away

Of course, the ultimate answer to being mobile ready is not storing PHI on a mobile device. If you must, however, to be sure your device is HIPAA compliant, implement encryption.

Resources Include



Find more complimentary resources in our HIPAA Resource Center.
Our Most Popular Posts:
OMG HIPAA Compliance Key
2016 HIPAA Audit Series
Disaster Backup Plan: Are You Prepared?
HIPAA Compliance in a Nutshell
HIPAA Email Guidelines



Donna Koger
 is currently the HIPAA Compliance Officer and materials developer for software training and support at Smoky Mountain Information Systems, home of PIMSY EHR. Ms. Koger is also a regular contributor to the PIMSY EHR Blog.

Kudos from Clients

  • Seth H.

    “PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

    ~ Seth H., Business Owner

  • Karen B.

    “Love PIMSY! So much quicker to complete notes and easier for everyone working with clients to know current authorizations and track units.”

    ~ Karen B., Therapist

  • Dr. Carmen L.

    “I am extremely appreciative and am so glad I decided to go with PIMSY versus the other options I was considering. I was singing your praises to a colleague of mine today who is feeling overwhelmed with her paper process. I highly recommend all of you.”

    ~ Dr. Carmen L., Program Director

  • Kim T.

    “We are now functioning at a 50% faster recovery rate for money and a 50% lower denial rate. You should really give the PIMSY team time to demonstrate for you personally.”

    ~ Kim T., Business Director

Subscribe To Our Newsletter

Subscribe to the PIMSY newsletter
What topics are you most interested in?