I'm 99% sure HIPAA just applies to medical personnel (i.e. nurses, doctors) so they can't outright share private information. Third parties (i.e. your mom or insurance companies) can share it all day without violating HIPAA.
Insurance companies are absolutely covered by HIPAA. If it’s true that the insurance company (and not some third party service or app) shared the information directly with HR this is definitely a violation.
It does not protect your medical data whatsoever.