txblond1
The actions of your boss and the actions of your physician will be evaluated. If a violation of your rights is determined to have occurred, you may be contacted by a civil rights attorney or provided with instructions on the next steps you should take. HIPAA will communicate with your physician and his or her practice and their privacy officers and attorneys.
Do not start counting on any financial gain from this event. The privacy laws were not intended to be the next great way to win the lottery by suing healthcare providers. Most fines are paid by the violator of HIPAA to the government.
If you choose to file a civil rights violation legal action against your physician, please be fair and consult with an employment law attorney regarding the behavior of your boss. Most likely, your boss is not required to follow any HIPAA guideline but employers who are intruding on the privacy of their worker's health information is current topic of discussion related to HIPAA and civil rights.
Personally, I want to see HIPAA abolished or limited to initial concept instead of the mushrooming explosion it has become. Did you know it is illegal to look at your own medical records if you work in a healthcare facility that has your records on file? How ridiculous can one law become? Unfortunately, I don't think we've begun to see ridiculous.
Anyway--In your situation, your physician knew better, as did your boss, and HIPAA or no HIPAA, it was just plain wrong.
EC