First, it’s HIPAA, not HIPPA. Second, the HIPAA Privacy Rule only applies to a person or entity acting in the capacity as a Health Care Provider that electronically transmit health information in connection with a standard transaction under the HIPAA Transactions and Code Sets Rule (“Covered Health Care Provider”); a Health Plan; or Health Care Clearinghouse (collectively, “Covered Entity”); or as a Business Associate to a Cover Health Care Provider; Health Plan or Health Care Clearinghouse.

Even if you are dealing with a Covered Entity or Business Associate, the HIPAA Privacy Rule does NOT prohibit any use or disclosure of Protected Health Information. It only provides what you need to do before doing that. For example, if the use or disclosure is for Treatment, Payment or Health Care Operations, you can do so without the Individual’s Consent or HIPAA Authorization. (States may require Consents). In cases like these Apple Watch or, say, Aetna Attain Apps, they have you check a box saying you agreed to the use or disclosure by giving your HIPAA Authorization.