HIPAA will impact handhelds and any other device for that matter that stores or transmits/receives protected health information (PHI). The entire HIPAA security rule applies to these devices just like any other computer. There are several things you can do to get started including determining what, if any, PHI is handled on these devices, harden the devices, install antivirus software and develop policies and procedures outlining the proper security measures.
Also, don't forget to include handhelds in your contingency and incident response plans as well. My co-author wrote a good section on handheld security for HIPAA compliance in our new book The Practical Guide to HIPAA Privacy and Security Compliance.
Also, check out the following are resources to help get you started:
For more info on this topic, check out these SearchSecurity.com resources:
This was first published in September 2003