You have an app to manage chronic care that is primarily driven by the patient and requires patient persmission to share any data, but where providers can enter some data, such as messages, or some information related to the patient's medication.
The system is offered independently from a covered entity.
Just because providers enter some PHI in the system, are you seen as a BA covered, or you are not a BA as long as you are not acting on behalf of the covered entity?
A secondary question to clarify:
Does it matter what use the providers give to the data (e.g. if they use it to monitor the patient, share it with the health plan, etc), or all it matters is whether you are acting for a covered entity or not?