It’s HIPAA (Health Insurance Portability and Accountability Act). It only applies to certain “covered entities” such as insurance plans. So probably no violation.
HIPAA defines PHI, Personal Health Information, and sets rules for covered entities to protect privacy of PHI. So even if there is no HIPAA violation those standards could be referenced in claims against an employer, for example. So it makes a lot of sense to be careful and reticent about discussing such information. Besides, it’s the right thing. That personal health information should be private, not public, that’s why HIPAA defined the Privacy Rule covering it.