This requirement is only applicable for health care clearinghouses which are part of a larger organization. (geminisecurity.com)
§ 160.10 lays that out: a health plan, health care clearinghouse, care provider, their business associates, and the Inspector General. (law.stackexchange.com)
According to the U.S. Department of Health & Human Services (HHS), the HIPAA Privacy Rule applies to covered entities, which it defines as health plans, health care clearinghouses, and certain health care providers. (lawtechnologytoday.org)