When it comes to being HIPAA compliant, not only covered entities such as healthcare providers, healthcare clearinghouses and insurance providers need to comply. If you have a single customer in healthcare and conceivably interact with their EPHI at any level, then this makes you a business associate.
All business associates, MSPs, accountants, lawyers, call centers, voice providers, faxing providers, even email hosting services all need to comply. Bottom line: If your customer is in healthcare, then you are in healthcare.
2020 was a record year for HIPAA violations. By not being HIPAA compliant, you risk being heavily fined and being placed on the HIPAA Wall of Shame. Once you are posted up on this website, it can never be removed.