How does HIPAA come into play with a gym that asks for medical information on their application and Personal Trainers that ask you for personal medical information before they provide one-on-one training? Are they governed by the same regulations HR professionals use with their employees?