Also, HIPAA only applies to unauthorized disclosures from qualified healthcare providers. If you authorize release of your protected healthcare information (PHI), your doctor can shout details of your case from the rooftops.

I do not know if Allianz is a QHCP, but if they are not, then none of the HIPAA (or HITECH) protections apply to how they treat PHI. (As insurance companies are typically regulated under state law, there may be other privacy protections that attach.)