A medical practice sent an email to its patient list and didn't hide its patients email addresses. The patients email alias is listed along with the associated ISP so someone could contact anyone on the list via email/SPAM. The doctors office has now made visible the names/emails of people undergoing treatment at the clinic. Are there provisions under the Washington state privacy or CAN-SPAM rules that would allow me to sue the medical practice? This might be a Federal HIPPA violation, but is more likely a consumer privacy violation.