HIPAA is largely a call to a strong control environment, with a focus on the necessary security safeguards to ensure the security of patients. Contrary to prevailing opinion, the achievement of HIPAA Security compliance is not reliant on complex technology solutions and strategies, but rather on simpler people and process-oriented control environment issues.
A key tenet of HIPAA compliance is ensuring the confidentiality of patient information – most notably electronic patient health information (EPHI). As most security practitioners are all too familiar with a surprisingly large percentage of data breach notifications are triggered by the theft or loss of data in a mobile form. Accordingly most mobile security protection schemes are centered on good physical security of the mobile devices, good logical access control to the device, and encryption of all sensitive data on the device.
There are many ways a business can comply with HIPAA requirements, but more healthcare providers are moving toward HITRUST or ISO 27001 Certification. You can read more about it at https://www.defensorum.com/hipaa-encryption/