This is not the function of HIPAA exactly. HIPAA is primarily used as a way to regulate the sharing of health information, and provides very specific requirements for the sharing of health information, with many caveats.
HIPAA specifically targets healthcare providers (covered entities) and the third-parties (Business Associates) which they work with. More specifically, it provides requirements for the sharing and storage of data from a covered entity to a business associate, and establishes liability in the event of a data compromise for either party.
If the data did not originate from a healthcare provider, likely HIPAA does not apply.
In this instance, the applications identified as sharing the data are not covered entities or even business associates.
They’re all fair game