The U.S Department of Health and Human Services (HHS) Office for Civil Rights (OCR) oversees the HIPAA compliance. Violations of HIPAA regulations can lead to heavy penalties and fines. The lawsuit filed against Anthem, the largest US insurance company is a case in point. Considered as the biggest healthcare data breach in history, this attack compromised the personal health information of 79 million patients. The company had to pay record $115 million to settle lawsuits filed by the patients. According to OCR, HHS has collected $28.7 million from healthcare organizations and insurance companies for HIPAA enforcement in 2019 alone. So, if you are involved in or planning to develop a website or mobile application that stores, records or passes protected health information, then it is vital to learn and comply with HIPAA regulations.Whenever you are handling any sensitive medical information on your website or through your mobile application, it is crucial to guarantee HIPAA compliance. Healthcare organizations wanting to leverage cloud computing or mobile app technology should ensure to implement appropriate privacy and security safeguards to meet the HIPAA regulations. A mHealth app or website must have a clearly defined architecture and it is also essential to conduct a detailed and thoughtful review at every stage of development. Seeking the expertise of a qualified security specialist to conduct a complete audit of the security requirements and standards of your website or mobile app is strongly recommended. Risks and vulnerabilities detected during the audit need to be mitigated and fixed at the earliest. Another critical area is the transmission of PHI where encryption plays a huge role. Data must be verified and encrypted while storing and transmitting. Make sure to fortify the app environment by forcing re-authentication after inactivity and removing push notifications.If a covered entity plans to use a cloud service like Azure to build, migrate, manage and support their business applications, then it is important to enter into a Business Associate Agreement (BAA) with Microsoft beforehand. Does that make Azure HIPAA compliant? Unfortunately, No. Even though Azure takes responsibility for the security of underlying platform, it doesn’t mean it is truly HIPAA compliant. In fact, HIPAA compliance is not about the cloud platforms and features, but it is about how the cloud computing services are used by the application or user. Enterprise-class features of Azure can be used in different ways and Microsoft can’t be held liable for HIPAA violations caused as a result of the misuse of its services. It is the sole responsibility of covered entity to configure Azure cloud services in compliance to HIPAA regulations and security standards.At the end of the day, HIPAA compliance may seem tedious and nerve wracking, but addressing the privacy and security aspects of PHI helps in protecting the sensitive health information of patients. It takes dedicated effort and financial investment to ensure HIPAA compliance of a website or mobile application, yet it proves worthwhile down the road.