Two, HIPAA is not a law on any level. It is a compilation of federal regulations.
Three, HIPAA only applies to what are known as "covered entities." These are businesses and professionals like hospitals, doctors, medical staff, and medical records contractors that have access to medical data as a part of normal course of their business operations.
Four, you as a private individual can neither charge nor sue anyone under HIPAA. You can call the HHS office of civil rights to complain under that statute if you believe your rights have been violated. Their responses will vary. If someone from Holistic Harry's House of Insurance started selling your info on the dark web, you probably got a case. If the bouncer at Cori the Callipygean's topless bar and pizza kitchen requires you to wear a mask or otherwise prove you're not a plague rat, HHS will back them up, not you.
Take care of yourselves out there.