The Privacy Rule, as well as all the Administrative Simplification rules, apply to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form... covered entities...
I think this just means health care industry and those who build systems for health care information?
Going to keep researching, but I don't think that it applies to literally every workplace.
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-reg...
Note that this is a high-level summary.