This report analyzes the implications of the HIPAA rules for mobile health care applications and recommends next steps for developing an end-to-end architecture that will ensure HIPAA compliance for mobile health care applications. We believe that a mobile-ready HIPAA-compliant architecture would create significant opportunities to serve the health care industry as it continues to embrace mobile applications as a means to save money and improve patient care.

1. Analysis of the HIPAA Privacy and Security
Rules and Their Implications for Mobile
Health Care Applications
Matt Mendrala
Architecture & Mobile Strategy
DISTRIBUTION STATEMENT: Distribution authorized Aspenware Internet Solutions. Other requests for this document
shall be referred to the author via e-mail address: m.mendrala@aspenware.com.
1

2. Executive Summary
This report analyzes the implications of the HIPAA rules for mobile health care
applications and recommends next steps for developing an end-to-end
architecture that will ensure HIPAA compliance for mobile health care
applications. We believe that a mobile-ready HIPAA-compliant architecture would
create significant opportunities to serve the health care industry as it continues to
embrace mobile applications as a means to save money and improve patient
care.
Background
The Health Insurance and Portability Act of 1996 (HIPAA), which became
effective on April 14, 2001, establishes a set of rules and regulations for
safeguarding individually identifiable health information. HIPAA compliance is a
major concern for health care providers and their affiliates. The Health
Information Technology for Economic and Clinical Health (HITECH) Act, enacted
as part of the American Recovery and Reinvestment Act of 2009, and the Patient
Protection and Affordable Care Act of 2010, which mandates standardized billing
and requires health plans to begin adopting and implementing rules for the
secure, confidential, electronic exchange of health information, have put
additional pressure on health Care providers and their affiliates to ensure that
they are HIPAA compliant.
When HIPAA was passed, the dot-com boom was just getting under way and
smartphones had not yet been invented. Today, people routinely access personal
information online using their computers and smartphones and the health Care
industry has started to embrace electronic billing and medical records as a way to
reduce costs and improve quality of care. Healthcare providers are also starting
to embrace mobile as a channel for providing health care services. These trends
will continue to put pressure on health Care providers and their affiliates to
ensure HIPAA compliance. This is expected to increase demand for HIPAA-
complaint IT infrastructure and services to support the transition to electronic
billing and medical records and a myriad of online and mobile health Care
applications.
We have analyzed the implications of the HIPAA rules for mobile applications.
The results of this analysis are presented in the next section. The last section of
this report recommends next steps to move forward with development of a
mobile-ready, end-to-end, HIPAA-compliant architecture.
2

3. Go To engage.aspenware.com/mobilehealth
to download the entire report.
Or contact us at:
j.fellows@aspenware.com
303.798.5458
DISTRIBUTION STATEMENT: Distribution authorized Aspenware Internet Solutions. Other requests for this document
shall be referred to the author via e-mail address: m.mendrala@aspenware.co
3

4. 4