Something they are hoping you don't consider is the fact that HIPPA does in fact extend to individual persons attempting to access your medical privacy. A violation does not have to just pin the company. You can and should file suit against anyone prying into your personal, private information. And more than likely, the company will try to distance themselves from the employee you are suing. This will flip the script on them when companies start struggling to employ fall guys.
EDIT: I really need to wake up more. The thought came to me so I shared it. You cannot discuss people's medical history or status unless they volunteer it, but even then you can still get in trouble if it turns out said someone didn't want that information volunteered. It does not only apply to medical professionals.
Worked at a hospital today. They asked if I was around anyone w covid. I said no but I was around someone with ebola. They didn't care. The idiocy is astonishing.