Bergen's company has such policies in addition to the authentication and encryption of mobile data.

"We try to not put HIPAA data on mobile devices at all," Bergen said. "But that's one of those things you can't absolutely stop, which is why we've taken all those other steps."

Fortunately, some of the policies and procedures, as well as specifics about implementation, are covered either in the regulations themselves or by supplementary documents provided by the regulatory agencies or other governmental entities. For instance, Morency noted that the National Institute of Standards and Technology has guidelines that cover issues that auditors might consider when it comes to securing wireless devices and networks and managing remote users.

Get users to buy in

The experts acknowledged that compliance efforts can lead to pushback from end users. And without support from users, the road to mobile compliance will be difficult.