This is the most important question you can ask, because HIPAA violations can result in some serious penalties.
If you handle, store or transmit protected health information (PHI) to or from a covered entity then you need to be HIPAA compliant.
If you skipped straight here and don't know what PHI is, read this part of the guide.
The short answer is that the HIPAA rules apply to both Covered Entities and their Business Associates. HHS.gov