ABSTRACT
Although mobile computing brings many advantages, it introduces new threats to the privacy and security of health information. It is therefore imperative that mobile device uses are carefully considered. This paper provides guidance from a security best practice perspective (ISO17799) and from a legislative perspective (HIPAA). It is argued that healthcare organizations will be doing well when considering mobile computing according to ISO17799, but additional controls needed to comply with HIPAA requirements are identified.