A debt collector would apply since they have been contracted by a HIPAA-covered entity and the data they have likely came from that source. Grindr is completely unrelated to another HIPAA-covered entity and any health data you give them is solely your responsibility... so don't.