This article focuses on the specific law enforcement cases under the “Health Insurance Portability and Accountability Act”(HIPAA) in the United States. The law has been introduced in 1996 as Federal Legislation to protect patients’ information separate from the privacy legislations. However, as the law has not been clearly determined a few significant issues including supremacy(how to deal when there are conflicts between the Federal and States laws), the scope of the medical institution’s liability to protect medical information etc. Moreover, in practice, since medical institution has not been well-informed to their scope and ways to protect medical information, especially protected health information, there has been concerns whether the federal government would apply the law actively or how the court would determine. After HIPAA introduced, U.S. Department of Health and Human Services, mainly led by Office for Civil Rights, has been actively apply the law by investigating cases while making settlement or providing penalties. Recent cases includes (i) leaking PHI(directly or indirectly), (ii) risk management(system management, procedural management); and penalties levy according to the degree of intention, willingness, damages etc. In Korea, medical information is dealt by the legal system of personal information, so that it makes limitation to reflect the speciality of the medical information. To be specific, medical information may not be penalized reflecting its sensibilities or special characters as it only dealt as personal information in current legal system. Moreover, it makes barriers in promoting usages of medical information in treatment, researches or developing health policies. Therefore, while referring the legal systems in the United States, more specific laws dealing with medical information different from the personal information, which includes detailed determination of the medical information, security obligation, patients’ rights, concent procedures etc., needs to be discussed.