Mobile health (mHealth) platforms offer a promising solution to some of the more important problems facing the current healthcare system. This paper examines some of the key challenges facing mHealth with a focus on privacy and security issues. In the first part of the paper, the security engineering process is described, which can assist healthcare organizations in developing an architecture-level protection strategy that is compliant with privacy and security legislation and industry initiatives. In the second part of the paper, use cases are selected to illustrate the diverse security architecture contexts in which the protection strategy will be deployed, and to emphasize the importance of integrating security across these contexts. In the third part of the paper, industry and government security best practices are discussed, which can assist healthcare organizations in implementing security architectures to meet their specific privacy and security requirements.