It's not a HIPPA violation because they give the information to one of their "partners", and you agree to this in all the crap that gets signed.
I went to a Norton Hospital Immediate Care Center and paid cash because I didn't have insurance at the time. Because I paid cash, Norton turned all of my contact information over to a company that sells health insurance and gives loans to pay for medical services. They bugged the everlovin' shit out of me with automated phone calls until I decided enough is enough.
The Immediate Care Center denied giving any information out and were shocked this was happening, but Norton central billing knew about it, said they would remove me, but the 3rd party already had my info so it was too late.
The 3rd party were complete assholes, and when I got fired up because I wouldn't give them even MORE personal info to be removed from their call list, they said it was my fault: if I had just called them back and given them the 15-digit code, an agent would have removed me. That's also a lie, because I eventually did try that.
To protect my privacy, I told Norton my phone number had changed, and my new number was 812-555-1212, which is the 812 area code directory assistance number.
They did the same thing to my sister when she paid with cash because her husband had just changed jobs and she didn't have the new insurance info yet.
How the hell was trading individually identifiable hospital admittance and treatment information not a HIPAA violation?