I need help from a hippa expert?

i work for a medical group and we have ins. that is owned by the company, through a third party (coresource) and my question is this: because we are not allowed to see any physicians outside of my employers group and all medical records go through the main office for approval or disapproval of payment, wouldnt that be a hippa violation?