> I complained to the hospitals’ privacy officer and the state regulator and found that everything was legal.
Both of those are the wrong venue for complaint on this issue; the hospital privacy officer exist to protect the hospital from liability and will never confirm to an outside party, especially a complaining party, that an act is a violation of the hospital’s legal duty, and the state regulator isn't responsible for enforcing federal law.
The right place for complaint is the federal Department of Health and Human Services Office or Civil Rights, which is actually responsible for enforcing the privacy provisions of HIPAA. Or getting your own attorney.
Both of those are the wrong venue for complaint on this issue; the hospital privacy officer exist to protect the hospital from liability and will never confirm to an outside party, especially a complaining party, that an act is a violation of the hospital’s legal duty, and the state regulator isn't responsible for enforcing federal law.
The right place for complaint is the federal Department of Health and Human Services Office or Civil Rights, which is actually responsible for enforcing the privacy provisions of HIPAA. Or getting your own attorney.