Something they are hoping you don't consider is the fact that HIPPA does in fact extend to individual persons attempting to access your medical privacy. A violation does not have to just pin the company. You can and should file suit against anyone prying into your personal, private information. And more than likely, the company will try to distance themselves from the employee you are suing. This will flip the script on them when companies start struggling to employ fall guys.
EDIT: I really need to wake up more. The thought came to me so I shared it. You cannot discuss people's medical history or status unless they volunteer it, but even then you can still get in trouble if it turns out said someone didn't want that information volunteered. It does not only apply to medical professionals.
From hhs.gov site -
Your employer can ask you for a doctor’s note or other health information if they need the information for sick leave, workers’ compensation, wellness programs, or health insurance.
However, if your employer asks your health care provider directly for information about you, your provider cannot give your employer the information without your authorization unless other laws require them to do so.
Generally, the Privacy Rule applies to the disclosures made by your health care provider, not the questions your employer may ask.
"Even if HIPAA is implicated by the employer's disclosure of the OSHA Log, the statue and implementing regulation expressly permits the disclosure of protected health information to the extent required by law. See 45 CFR 164.512(a)."