<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3209473&amp;fmt=gif">
Skip to content
English - United States
Contact us
  • There are no suggestions because the search field is empty.

What is the difference between HIPAA and Consumer Privacy Laws?

What is the difference between HIPAA and Consumer Privacy Laws?

If you're concerned about your personal information being kept private, you've probably heard about HIPAA and PHI. But how do they differ from consumer privacy laws — and which one applies to Styku?

HIPAA and Protected Health Information (PHI)

HIPAA stands for the Health Insurance Portability and Accountability Act, passed by Congress in 1996. HIPAA is a set of regulations put in place to protect the privacy and security of patients' medical records and other protected health information (PHI). This includes things like medical history, test results, and other sensitive data that could be used to identify you as it relates to your medical information.

Protected health information (PHI) refers to individually identifiable health information that is created, received, stored, or transmitted by an entity covered under HIPAA. PHI includes any information related to an individual's physical or mental health, healthcare provision, or payment for healthcare services.

Examples of Protected Health Information (PHI):

  • Medical records — diagnoses, treatments, and prescribed medications (e.g., a record indicating a diabetes diagnosis with blood-glucose levels and prescribed insulin dosage).
  • Lab results — blood tests, genetic testing, and pathology reports (e.g., a lab report showing cholesterol levels or genetic predispositions).
  • Prescription information — drug names, dosages, and refill instructions.
  • Billing and insurance information — explanation-of-benefits (EOB) documents and insurance reimbursement records.
  • Imaging studies — X-rays, MRI, CT scans, and other medical imaging reports.
  • Appointment records — dates, times, and reasons for medical visits.
  • Mental health information — therapy notes, psychiatric evaluations, and counseling records.

PHI includes any individually identifiable health information. Indirect identifiers like birth dates, demographic data, and contact information fall under PHI, but only in the context of a patient's health information.

Names, phone numbers, email addresses, and demographic information do not always fall under HIPAA or PHI if they aren't associated with patient medical information. However, those identifiers do fall under consumer privacy laws.

Consumer Privacy Laws

Consumer privacy laws — such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States — are broader in scope and cover personal data across industries, not just healthcare. While HIPAA focuses specifically on PHI, consumer privacy laws protect personal information collected and processed by businesses, including:

  • Personal identifiers — names, addresses, phone numbers, email addresses, and social security numbers.
  • Financial information — credit card details, bank account numbers, and transaction history.
  • Online identifiers — IP addresses, cookies, and device information.
  • Behavioral data — purchase history, browsing patterns, and preferences.

While there is some overlap, HIPAA specifically regulates healthcare data and the healthcare industry, whereas consumer privacy laws apply broadly to any industry that handles personal data.

Does Styku Fall Under HIPAA and PHI?

No. Although Styku does collect personal identifiable information like names and email addresses, this data is not related to patient medical or health information.

Does Styku Fall Under Consumer Privacy Laws?

Yes. Because Styku collects personal identifiable information like names and email addresses, Styku strictly protects that information based on national and international consumer privacy laws.

What is Styku's Privacy Policy?

Styku's Privacy Policy is publicly available at styku.com/privacy.

Does Styku Sell My Information?

No. Styku takes privacy seriously and does not sell or share user data with any third parties for marketing or advertising purposes. Data is only shared with affiliated Styku entities, service providers (hosting, analytics, customer service), legal authorities when required, or in the event of a business sale or merger — see Styku Privacy Policy — Data Sharing and Third-Party Disclosures for the full list.

How do I request deletion of my data?

End users scanned at a Styku-powered facility can submit a deletion request at styku.com/delete-my-information. See How do I request deletion of my personal data from Styku's systems? for the full process.

Summary

Both businesses and consumers can trust that their data is safe and secure with Styku. The data and information collected from a Styku scan does not fall under HIPAA and is not considered PHI — it falls under consumer privacy laws, which Styku complies with through the practices documented in the Styku Privacy Policy.

Applies to: All Styku configurations.

Related Resources

  • How do I request deletion of my personal data from Styku's systems?
  • Styku Privacy Policy — Overview and Information We Collect
  • Styku Privacy Policy — Data Sharing and Third-Party Disclosures
  • Styku Privacy Policy — Your Rights and Data Storage