If they are a healthcare provider that receives payment for services, and bills electronically for any portion of payment, they are a covered entity and will need to comply with all HIPAA regulations. If they don’t meet the definition of a covered entity, they still need to know about HIPAA because they will probably be dealing with organizations like ours that are covered entities, which impacts how information passes between the two organizations.