If your business handles patient health information (PHI), then it should comply with HIPAA legislation. This includes not only healthcare providers themselves, but also business associates who handle PHI on their behalf, such as accounting firms, health insurance providers, and cloud vendors.