Yes, in one of the examples in the HHS Scenarios, the agency
distinguished between apps that appear to be the same except that:
One version is offered in connection with the health plan.
The other version is offered directly by the app developer as a
direct-to-consumer version.
The app developer need not apply HIPAA’s protections to the
consumer information obtained through the direct-to-consumer app
version if the following conditions are met:
The health app is not provided on behalf of a covered entity (or its
business associate).
The app developer keeps the health information attached to the
two versions completely separate, so that information from the
direct-to-consumer version is not part of the product offered by
the health plan.