The HIPAA Privacy Rule protects all fields of ‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Rule calls this information Protected Health Information (PHI). Information such as name, address, birth date, Social Security Number, address, past medical history etc. HIPAA mandates that this type of information must be protected.