What if the patient causes a breach, such as by using a weak password, sharing credentials, or losing a mobile device that has a connection to the portal? And, of course, you must have proper physical, technical, and administrative security on the equipment used to run the portal..