It depends on how it’s done.
These companies are providing cloud services and hosting software and databases in the cloud for their customers.
If they are signing third party data agreements to provide data processing services and to limit data access and respect HIPPA laws, then they are like any other data processing vendor that works with hospitals.
If they are using the data but the data has been modified so that it’s no longer patient identifiable, then that’s acceptable use under HIPPA.
If they are using the data to create a health or consumer marketing profile on individuals, then that would be a huge violation of HIPPA.
A family member spent several weeks in the hospital. Family phones and email were inundated with medical spam and phishing on day two in the hospital and have been continuous for months.
Even that would be OK if they were doing it under contract for the medical provider and signed the agreements you mentioned.
These large healthcare companies use consultants and contractors all the time, many of them having some access to patient data.