Thank you for using JustAnswer.
I'm sorry to hear about your situation. Unfortunately, HIPAA does not apply to employers, but only "covered entities", so unless your employer is in the healthcare business, the disclosure of your medical records without your consent would not be a violation of HIPAA because your employer would not be bound by HIPAA. Normally, an employer will only deal with covered entities, not actually be one. However, if an employer has any kind of health clinic operations available to employees, or provides a self-insured health plan for employees, or acts as the intermediary between its employees and health care providers, it will find itself handling the kind of PHI that is protected by the HIPAA privacy rule.
The HIPAA privacy rule applies to health plans, health care clearinghouses, and health care providers. It applies to employers only to the extent that they somehow operate in one or more of those capacities. The same standards apply to covered entities in both the public and private sectors. But it doesn't apply to employers.
I know this is probably not what you wanted to hear, but it is the law. I hope that clears things up anyway. If you have any other questions, please let me know. If not, and you have not yet, please rate my answer AND press the "submit" button, if applicable. Please note that I don't get any credit for my answer unless and until you rate it a 3, 4, 5 (good or better). Thank you, ***** ***** luck to you!