[selinkocalar]

Yup! Not every provider is classified as a Covered Entity and not every healthcare business is classified as a Business Associate. It's where the nuances of HIPAA law come into play.

For example, you could be a medical app that processes pages and pages of medical data from an individual, but if you're not doing it on behalf of a Covered Entity, then you won't be subject to HIPAA.

In cases like these, as well as certain therapist examples and other scenarios described in the final article you provided, HIPAA is not applicable. It's still good practice to have proper security measures in place, since there could be other governing bodies regulating you (e.g. the FTC, https://www.ftc.gov/news-events/news/press-releases/2018/10/...), but you're not regulated under HIPAA.