[zdragnar]

HIPAA is a legal framework to describe lawful disclosure of health information- defining who and when, and what steps must be taken when unauthorized / impermissible disclosure happens.

It is technologically agnostic, because it applies whether your doctor is fully remote and everything uses electronic records, or if the provider is still using pen and paper and carrier pigeons.

For actual security details, there may be some regulations with the change to the mandating of electronic records, but nothing in HIPAA ourself. For that, you want to look for organizations that have a certification like SOC2 or similar.