You have it correct in your other reply. Simply put, most of these apps aren't Covered Entities, so they don't need to be HIPAA compliant.