If you are a covered entity or a business associate, yes. HHS OCR has detailed information explaining who is a covered entity. In general, individuals and organizations that meet the definition of a covered entity, namely those who are health plans, health care clearinghouses, or health care providers who transmit health information in electronic form in connection with certain transactions must comply with the Rules' requirements to protect the privacy and security of health information, even when using mobile devices. Their business associates are also contractually required to follow these requirements.