Actually, this sounds like a Family Medical Leave Act issue (FMLA).
Once an employee
provides "complete and sufficient" certification signed by the physician, the employer "may not request additional information from the health care provider." 29 C.F.R. § 825.307(a). See Oak Harbor Freight Lines, Inc. v. Antti.
It would not be a stretch to state that the same applies to asking that of the employer, unless it is for recertification
Even though the internal policy limits the knowledge of your medical matters, the practical application of FMLA allows management to share the medical information, albeit reasonably. In other words, management and supervisors can find out information about your FMLA issues, since they work directly with you. Even though this violated the company's internal policy, this in itself is not a violation of HIPAA. However, incessant questioning and over-requirements to qualify for extended leave under FMLA is arguably a violation of FMLA.
I hope this helps and clarifies. Please use the SEND or REPLY button to keep chatting, or please RATE when finished. You may always ask follow ups at no charge after rating. Kindly rate my answer as one of TOP THREE FACES/STARS and then SUBMIT, as this is how experts get credit for our time. Rating my answer the bottom two faces/stars (or failing to submit the rating) does not give me credit and reflects poorly on me, even if my answer is correct. I work very hard to formulate an informative and honest answer for you; please reciprocate my good faith with a positive rating.