This is addressed a bit in other comments below but to be clear: ISPs are not covered entities under HIPAA and have no explicit obligations with regards to your medical records. The three major types of organizations covered by HIPAA are: healthcare service providers (doctors, hospitals, group practices, etc), medical insurance providers, and clearinghouses (they help the first two types of entities communicate with each other).
Assuming any web-facing EMR you interact with is itself HIPAA compliant, your ISP won't be able to see any health records you access because the data will be encrypted in transit over the internet (a HIPAA requirement). The fact that you accessed your doctor's, hospital's, or insurance company website and how often you accessed it could be seen by the ISP, but it would be hard to construe this information as PHI, and even if you could somehow, see above: ISPs are not covered entities.
It's illegal to publish any medical information that can be linked back to an individual, even indirectly.
I want to call this out specifically because it is not true as stated and a lot of people believe something to this effect and think they are more protected than they actually are. It is illegal for a HIPAA covered entity to disclose your protected health information (PHI) to a third party without your consent. If you authorize a covered entity to disclose your information to a non-covered entity, and that third party then misuses the information, no law has been broken.
For example if you authorize the hospital to disclose a condition to your parents who then post the information to Facebook against your wishes, neither the hospital (who obtained your consent), your parents (not a covered entity), nor Facebook (not a covered entity) are liable under HIPAA.
Source: I was a software engineer at a HIPAA covered entity (medical claims clearinghouse) for ~10 years.