There should be a section in "09 Mobile Applications.md" talking about encryption and security of the PHI data stored on mobile as we have to adhere to encryption at rest and at transit.
Need more elaboration on API calls between the mobile application and back-end server where mobile application transfer the PHI data which later used by covered entity.
If you are okey I can add and raise PR, please let me know

@samarendra-fissionhq, we will be happy to review your PR. Thank you.