I just went through HIPAA training (among other things) for my new job this past week, and what I can say is that as a software engineer with access to sensitive medical and personal information, I am definitely not allowed to disclose anything I see and HIPAA is the reason. I'm not a healthcare provider, and it's arguable whether the institution I'm working at would be considered one, so I don't think it's as simple as "the only people bound to HIPAA are medical providers."
Edit for context: I can only speak as someone working in Massachusetts.