What's Hip with HIPAA? Protected Health Information

Dec. 15, 2017

It goes without saying that if you have ever dealt with or thought about HIPAA, you have figured out there is a lot of jargon that goes along with it.  The following article will discuss some HIPAA basics.


The Health Insurance Portability and Accountability Act – simply known as HIPAA – protects individually identifiable health information (IIHI). There are three requirements to consider information to be IIHI:


  • The information is created by a health care provider, health plan, employer, health care clearinghouse, or other covered entities (we covered this term here in What's Hip with HIPAA? Covered Entities)

  • The information concerns a person’s physical or mental health, any health care the person receives, or payment for their health care.

  • The information is identifiable, i.e., where the person’s name, address, photograph, and other personal, identifiable details are connected to the information.


When IIHI is maintained or transmitted in electronic form, it is called protected health information (PHI). HIPAA created certain privacy and data security rules to regulate the collection, use, disclosure, and protection of PHI.


Generally, covered entities, such as health care providers, must only collect, use, and disclose the minimum amount of PHI necessary to accomplish a transaction. The HIPAA Transactions Rule mandates compliance with uniform standards for some electronic transactions using PHI. Covered entities must also create data security procedures, policies, and protocols to protect PHI. Both covered entities and business associates (we covered this term here What's Hip with HIPAA? Covered Entities and What's Hip with HIPAA? Business Associate Agreements) must notify individuals if there is a security breach.


Violations of HIPAA include both civil and criminal penalties. Civil penalties may range from $100 to $1.5 million for each type of violation. Criminal sanctions can include up to $250,000 and 10 years in prison, depending on the circumstances. However, multiple violations have the potential to drive penalties much, much higher – as demonstrated in this $5.5 million settlement case.

Written By:
Kimberly Lowe

For almost 20 years Kim Lowe has lawyered from the trenches. Kim lawyers from experience, using her knowledge of the law and understanding of how both for-profit and nonprofit business enterprises operate.

Emilee Walters is our first Avisen Fellow Legal alum and a third year law student at St. Thomas School of Law. Emilee is exploring a legal career in business law.

E-mail Kimberly

901 Marquette Ave S.
Suite 1675
Minneapolis, MN 55302

Call Us:

(612) 584-3400