What is the difference between HIPAA and Consumer Privacy Laws?

In this article, we'll be breaking down all the essential information you need to know to understand the differences between HIPAA, PHI, and consumer privacy laws.

If you're someone who is concerned about your personal information being kept private, then you've probably heard about HIPAA and PHI data. But do you really know what they are, and how they differ from consumer privacy laws? 

HIPAA and Protected Health Information (PHI)

Let's start with HIPAA. HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed by Congress in 1996. Essentially, HIPAA is a set of regulations that were put in place to protect the privacy and security of patients' medical records and other protected health information (PHI). This includes things like your medical history, test results, and other sensitive data that could be used to identify you as it relates to your medical information.

Protected health information (PHI) refers to individually identifiable health information that is created, received, stored, or transmitted by an entity covered under HIPAA. PHI includes any information related to an individual's physical or mental health, healthcare provision, or payment for healthcare services.

Here are some examples of Protected Health Information (PHI):

  • Medical Records: Information related to an individual's medical conditions, diagnoses, treatments, and medications prescribed.
  • Example: A patient's medical record indicating a diagnosis of diabetes, including their blood glucose levels, prescribed insulin dosage, and any complications.
  • Lab Results: Test results, including blood tests, genetic testing, and pathology reports.
  • Example: A laboratory report showing a patient's cholesterol levels, liver function, or genetic predisposition to certain diseases.
  • Prescription Information: Details about prescribed medications, including drug names, dosages, and instructions.
  • Example: A pharmacy record indicating that a patient was prescribed a specific medication for a certain condition, along with the dosage and refill information.
  • Billing and Insurance Information: Records related to healthcare services provided, payment details, and insurance coverage.
  • Example: An explanation of benefits (EOB) document showing the services received by a patient, the corresponding charges, and the insurance reimbursement amounts.
  • Imaging Studies: X-rays, MRI scans, CT scans, or other medical imaging reports.
  • Example: An MRI report containing detailed images and findings related to a patient's brain structure or any abnormalities detected.
  • Appointment Records: Information about scheduled appointments, including dates, times, and reasons for visits.
  • Example: An appointment log indicating that a patient visited a specific specialist for a consultation regarding their chronic back pain.
  • Mental Health Information: Notes from therapy sessions, psychiatric evaluations, or counseling records.
  • Example: Psychotherapy progress notes documenting a patient's symptoms, treatment plans, or discussions about their emotional well-being.

It's important to note that PHI includes any individually identifiable health information. Meaning, indirect identifiers like birth dates, demographic data, contact information, or any other information that can be used to identify an individual does fall under PHI, but only in the context of patient's health information.

What this means is that names, phone numbers, email addresses, demographic information, etc. do not always fall under HIPAA or PHI if not associated with patient medical information. However, though names, phone numbers, email addresses, demographic information, etc. do not always fall under HIPAA and PHI privacy laws, they do fall under consumer privacy laws.

Consumer Privacy Laws

On the other hand, consumer privacy laws, such as the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in the United States, are broader in scope and cover personal data in various industries, not just healthcare. While HIPAA focuses specifically on PHI, consumer privacy laws protect personal information collected and processed by businesses, including:

  • Personal Identifiers: Names, addresses, phone numbers, email addresses, and social security numbers.
  • Financial Information: Credit card details, bank account numbers, and transaction history.
  • Online Identifiers: IP addresses, cookies, and device information.
  • Behavioral Data: Purchase history, browsing patterns, and preferences.

While there may be some overlap in terms of protecting personal information, HIPAA specifically focuses on healthcare-related data and is designed to regulate the healthcare industry, whereas consumer privacy laws have a broader scope and apply to various industries that handle personal data.

Does Styku Fall Under HIPAA and PHI?

No. Though, Styku does collect personal identifiable information like names, email addresses, etc., this data is not related to patient medical and health information.

Does Styku Fall Under Consumer Privacy Laws?

Yes. Because Styku collects personal identifiable information like names, email addresses, etc., Styku strictly protects that information based on national and international consumer privacy laws.

What is Styku's Privacy Policy?

You can find Styku's Privacy Policy publicly available here: https://www.styku.com/privacy

Does Styku Sell My Information?

No. At Styku, we take your privacy seriously. We do not sell or share your data with any 3rd parties.


In summary, both businesses and consumers can trust that their data is safe and secure with Styku. Also, the data and information collected from a Styku scan does not fall under HIPAA, nor is it considered PHI.