If your application will involve the electronic storage or transmission of protected health care information that can be used to identify an individual (name, address, social security number, medical history, etc.), then you may very well be covered by HIPAA... that is, at least as a business associate. Without knowing more details of your particular business model/processes, it's hard to completely determine exactly how your organization would be covered. I would suggest engaging a HIPAA consultant to assist you further.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Relevancy of HIPPA to a civilian government agency
Ask the Expert: Where to find statement of HIPAA security standards
Best Web Links: Securing Health Care/Health Services
This was first published in October 2002