Actually Im right...
Actually, if you'd like to read the law itself you'll see that you're not...
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
"The Privacy and Security Rules of the act apply only to covered entities.
The covered entities are health plans, health-care clearinghouses, and health-care providers who transmit health information in electronic form in connection with certain transactions.
If an entity is not a covered entity, it does not have to comply with the Privacy Rule."
As you point out, the law applies to hospitals because they are healthcare providers.
Pretty sure that dive shops/instructors/boats don't fall into the definition of "covered entities" for purposes of HIPAA.
And again, the main point is that HIPAA applies to someone else DISCLOSING your PHI without your permission. It does not apply to anyone ASKING FOR IT or even DEMANDING IT. And it certainly doesn't apply to YOU disclosing it.