1)List some of the mobile devices that collect health information - such as insulin pumps, personal blood pressure units, pacemakers/defibrillators, blood glucose monitors and explain how they gather and where they store the personal health information.

2)explain what kinds of security precautions (as listed in HIPAA Security rules) that a medical facility or physicians office must take to keep the individuals protected health information secure.

I hope the answer will be helpful for you, if any queries regarding to the answer please let me know through comments.    Thank You

Step-by-step explanation

Wearable Health Devices (WHDs) are increasingly helping people to better monitor their health status both at an activity/fitness level for self-health tracking and at a medical level providing more data to clinicians with a potential for earlier diagnostic and guidance of treatment. The technology revolution in the miniaturization of electronic devices is enabling to design more reliable and adaptable wearables, contributing for a world-wide change in the health monitoring approach. In this paper we review important aspects in the WHDs area, listing the state-of-the-art of wearable vital signs sensing technologies plus their system architectures and specifications. A focus on vital signs acquired by WHDs is made: first a discussion about the most important vital signs for health assessment using WHDs is presented and then for each vital sign a description is made concerning its origin and effect on heath, monitoring needs, acquisition methods and WHDs and recent scientific developments on the area (electrocardiogram, heart rate, blood pressure, respiration rate, blood oxygen saturation, blood glucose, skin perspiration, capnography, body temperature, motion evaluation, cardiac implantable devices and ambient parameters). A general WHDs system architecture is presented based on the state-of-the-art. After a global review of WHDs, we zoom in into cardiovascular WHDs, analysing commercial devices and their applicability versus quality, extending this subject to smart t-shirts for medical purposes. Furthermore we present a resumed evolution of these devices based on the prototypes developed along the years. Finally we discuss likely market trends and future challenges for the emerging WHDs area.

Electrocardiogram (ECG)
Electrocardiograms (ECGs) are among the most widely used biosignals, as a diagnostic tool in healthcare environment, providing information of the cardiac electrical cycle. The ECG waveform is characterized by five peaks and valleys (named P, Q, R, S, T, U), where each one represents a change in the electrical potential of the heart resulting in muscle activity and consequent in heart movement. The most differentiated peak of the ECG is the R-peak included in the QRS complex that represents the ventricles depolarization where there is a higher differential potential. Due to this reason, the consequent R-peaks (R-R interval) are used to measure the heart cycles.

Heart Rate (HR)
Heart rate (HR) is a standard vital sign and has become a routine measurement in both healthcare and fitness/sport activities. The monitoring of this signal provides information about the physiologic status by indicating changes in the heart cycle. This vital sign can be easily extracted from the ECG (R-peak) or photoplethysmography (PPG) signals. Although these two physiological signs have different morphologic information in their waveforms and are from two different physiological origins, they contain a similar heart rate information.

There are other ways to measure heart rate, like using inertial sensors or scales, named ballistocardiogram (BCG), but are methods that do not have feasible measurement when compared with the HR extracted from the ECG and PPG.

Blood Pressure (BP)
Blood pressure (BP) is considered the most important cardiopulmonary parameter, indicating the pressure exerted by blood against the arterial wall. BP provides indirect information about the blood flow when the heart is contracting (systole) and relaxing (diastole) and can also indicate cellular oxygen delivery. It is influenced by several human physiological characteristics: cardiac output; peripheral vascular resistance; blood volume and viscosity; and vessel wall elasticity. Ambulatory BP monitoring allows getting BP readings several times a day, which is ideal to monitoring high blood pressure (hypertension), one of the greatest threats to the global burden of diseases, improving cardiovascular diseases prediction.

BP is traditionally measured using inflatable pressure cuffs with a stethoscope on the patient's arm. This method was adapted to perform autonomous BP measurement, including a fully automated inflatable cuff that measure BP by relating external pressure with the magnitude of arterial volume pulsations.

Respiration Rate (RR)
Respiration rate (RR) is a fundamental physiologic parameter in patient's observation. It is an accurate and important health information in several cases as it is in acidosis . In critical illnesses, this is one of the most sensitive indicators such as in case of distress and potential hypoxia. Elliot and Convetry state that the "respiratory rate is often not recorded in clinical settings or is simply guessed", a major problem since RR is the best predictor of adverse events like cardiac arrest. In the medical environment, although there are multiparameter monitors, according to the authors the respiratory rate if often not recorded for analysis, such as ECG for example, and when these devices are not present, the RR is assumed (observation of the patient respiration during 30 s) or not accessed. According to Elliot and Convetry a possible reason of this behaviour by medical specialists can be due the assumption that oxygen saturation provides a better reflection of patient respiratory function. Respiratory rate ambulatory monitoring is important in the detection of symptoms of respiratory diseases such as sleep apnea syndrome, chronic obstructive pulmonary disease and asthma, improving the administration of treatments if needed. This constant monitoring is particularly important in children with pulmonary diseases.

This vital parameter is normally calculated from the acquired respiratory waveform that reflects the chest volume variation during the inspiration and expiration. Thoracic expansion joined with muscle signs allow to calculate the respirator effort, indicating different physiological states. The analysis of these data in sport, mainly in competitive athletes can help in the achievement of a better respiratory performance.

Blood Oxygen Saturation (SpO2)
Blood oxygen saturation (SpO2) is an extremely valuable vital parameter and easy to measure using photoplethysmography (PPG) technology and pulse oximetry principles. The PPG method enables to acquire blood vessel variation waveform, and when measured using two wavelengths (normally 660 nm and 905 nm) it is possible to estimate blood oxygen saturation. This is due to the haemoglobin absorbance spectrum change when it bounds with oxygen. Using oximetry principles it is possible to estimate the amount of oxygen that is being carried by blood cells (normally: 95-100%). This measure may lead to detect patient condition change that otherwise could be missed, such as lower percentage of oxygen (<95%) which indicates hypoxia and causes insufficient oxygen supply to the human body. One of the problems in blood oxygen saturation measurement is when the patient is anemic.

Blood Glucose (BG)
Blood glucose (BG) is a worldwide measurement need in diabetic's subjects. It is not measured in a normal procedure of a clinical environment, but is important in diabetic global population. According to the World Health Organization, in 2014 it was estimated that 9% of the worldwide population, aged above 18, had diabetes and in 2012 it was estimated 1.5 million deaths directly caused by this disorder. Diabetes disease causes several physiological disorders (cerebral vascular disturbance, retinopathy and nephropathy). To prevent it, diabetic individuals control blood glucose concentration measuring BG levels and inject insulin when needed to maintain the standard values. The most used method to evaluate BG concentration is collecting a blood sample by pricking the finger with a lancet. There has been a lot of effort to prevent finger pricking and as a result several devices have been developed and are already in the market that have the purpose to continuous measure BG levels still using invasive methods. Some examples are the Medtronic Continuous Glucose Monitoring (CGM) device capable to measure BG levels using an adhesive patch with a needle, sending the data wirelessly into a wearable insulin pump to release insulin into the human body; Dexcom, Inc. (San Diego, CA, USA) has a device named Dexcom G4 Platinum also as an adhesive patch with a needle to measure the BG levels and is able to send the data wirelessly to a mobile device. Dexcom become the first company to obtain FDA pre-market approval for their mobile application to support continuous monitoring. It can display data from their G4 Platinum CGM System, a system to measure BG from a needle with a sensor inserted just under the skin.

The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI), as explained in the Privacy Rule and here - PDF - PDF. The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information "electronic protected health information" (e-PHI). The Security Rule does not apply to PHI transmitted orally or in writing. 
General Rules
The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.
Specifically, covered entities must:

Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
Identify and protect against reasonably anticipated threats to the security or integrity of the information;
Protect against reasonably anticipated, impermissible uses or disclosures; and
Ensure compliance by their workforce.
The Security Rule defines "confidentiality" to mean that e-PHI is not available or disclosed to unauthorized persons. The Security Rule's confidentiality requirements support the Privacy Rule's prohibitions against improper uses and disclosures of PHI. The Security rule also promotes the two additional goals of maintaining the integrity and availability of e-PHI. Under the Security Rule, "integrity" means that e-PHI is not altered or destroyed in an unauthorized manner. "Availability" means that e-PHI is accessible and usable on demand by an authorized person.

HHS recognizes that covered entities range from the smallest provider to the largest, multi-state health plan. Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a particular covered entity will depend on the nature of the covered entity's business, as well as the covered entity's size and resources.

Therefore, when a covered entity is deciding which security measures to use, the Rule does not dictate those measures but requires the covered entity to consider:

Its size, complexity, and capabilities,
Its technical, hardware, and software infrastructure,
The costs of security measures, and  
The likelihood and possible impact of potential risks to e-PHI.
Covered entities must review and modify their security measures to continue protecting e-PHI in a changing environment.