No. HHS has distinguished between health apps that are offered:
Directly to individuals as consumers.
On behalf of a covered entity (such as a health plan or health care
provider).
Under the HHS Scenarios, an employer should consider three
threshold questions in evaluating whether HIPAA applies in the
health app context. First, the employer should consider whether
the health app creates, receives, maintains, or transmits identifiable
information. The second question is whether the health app
was independently selected by an individual plan participant or
employee (for example, an individual consumer) and, if so, whether
the individual controls all decisions about whether to transmit his
data to a covered entity or one of its business associates. Third,
the employer should consider whether the health plan or health
insurance company (or business associate acting on its behalf)
has a relationship with or directly pays for services provided in
connection with the health app.
A related consideration is whether the health plan or health
insurance company (or business associate acting on its behalf)
directs the health app, health app service provider, or app developer
to create, receive, maintain, or disclose information related to a
health plan participant.
HHS has clarified that if an individual consumer (for example, a plan
participant) independently selects an app, and the consumer can
control all decisions about whether to transmit his data to a third
party, then the health information is no.
