onic PHI maintained on all of its systems, including mobile devices, and to adopt policies and procedures for addressing these threats and vulnerabilities.5Failing to comply with these security requirements could result in civil penalties of up to $50,000 per violation and a maximum penalty of $1.5 mi