News and Insights

Visit regularly for up-to-date information on relevant news, firm announcements and additions to our AZ Health Law Blog.

The issue of mobile devices and electronic protected health information (“ePHI”) has become an area of primary concern as health care providers increasingly use mobile devices to communicate with patients or other providers. The Office of the National Coordinator for Health Information Technology, the agency that spearheads the promotion of health information technology, and the Office for Civil Rights, the agency that enforces HIPAA, have taken steps to address this concern.

As the result of a roundtable discussion and public demand, the agencies have developed an educational initiative in accordance with HIPAA’s Privacy and Security Rules. The initiative, Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information, offers health care providers and organizations tips on ways to protect their patients’ protected information on laptops, tablets, and smart phones.

The initiative seeks to educate providers on the risks associated with using mobile devices in the office setting, and offers tips to reduce the possibility of improper use or disclosure of the information on the devices, including using encryption software, firewalls, and password protection. The initiative was developed with HIPAA requirements in mind, but it does not guarantee compliance with HIPAA. HIPAA requires providers to assess their security and privacy risks and to develop and implement policies and procedures specific to the use of mobile devices in the office setting.

For more information on this initiative, visit