The Health Information Portability and Accountability Act of 1996 (HIPAA), and the 2013 HIPAA Omnibus Update, established national standards for electronic transactions surrounding electronic protected health information (“ePHI”). The law provides guidance on the Privacy and Security of ePHI as handled by providers, health insurance plans, and employers.

While HIPAA provides guidance on how ePHI is handled in many scenarios (e.g., within electronic health records [EHRs]), the development of new technology in recent years has called into question how ePHI and HIPAA apply to other situations where ePHI is viewed, maintained, transmitted, and even deleted.

This resource is intended to provide some basic guidance for providers on how various HIPAA regulations interact with the use of text messaging, mobile devices, e-mail, and mobile apps.

The Basics of Title II: The Privacy and Security Rules

Title II of HIPAA contains “Administrative Simplification” provisions, which establish national standards for electronic healthcare transactions. These standards are further delineated in the Privacy and Security Rules.

The Privacy Rule

Know when, how, and with whom patient health information may be shared.

The Security Rule

The tools you need to ensure the privacy and confidentiality of your patients’ information.

HIPAA Applications with E-mail, Texting, and Mobile Health (mHealth)

Communicating with patients is now easier than ever, whether you’re using e-mail to confirm appointments or an “app” to collect data on a patient’s health status. The APA is here to help you manage these activities in ways that are HIPAA-compliant.

E-mail and Text Messaging

What you need to know before you hit “send.”

Mobile Health (mHealth)

Using a tablet or smartphone to manage patient health information? Follow these tips before you begin.