First off it’s HIPAA not hippa and it’s not the warm security blanket or magic talisman you think it is. There is a very specific set of entities that law applies too and none of them are restaurants or your employer most likely unless you work for a covered entity. Here is the law from the legal agency tasked with enforcing it.
https://www.hhs.gov/hipaa/for-professionals/privacy/index.htm
Who must comply with HIPAA privacy standards?
Answer:
As required by Congress in HIPAA, the Privacy Rule covers:
Health plans
Health care clearinghouses
Health care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers.
These entities (collectively called “covered entities”) are bound by the privacy standards even if they contract with others (called “business associates”) to perform some of their essential functions. The law does not give the Department of Health and Human Services (HHS) the authority to regulate other types of private businesses or public agencies through this regulation. For example, HHS does not have the authority to regulate employers, life insurance companies, or public agencies that deliver social security or welfare benefits. See our business associate section and the frequently asked questions about business associates for a more detailed discussion of the covered entities’ responsibilities when they engage others to perform essential functions or services for them.