Question

1. Write a thorough description of GLBA. Be sure to include the following topics in your discussion:

• Who co-sponsored the act?
• Who is protected by the act?
• Who is restricted by the act?
• How are financial institutions defined?
• What does the act allow?
• How would you define the major parts of the privacy requirements: the Financial Privacy Rule, the Safeguards Rule, and the pretexting provisions? What do each of these spell out in the act? (Write three paragraphs on each of these.)

2. Write a thorough description of HIPPA

• Which U.S. government agency acts as the legal enforcement entity for HIPAA compliance violations?
• Who is protected by HIPAA?
• Who is restricted by the act?
• Who must comply with HIPAA?
• What is the relevance of health care plans, providers, and clearinghouses?
• How would you define the major parts of the Privacy Rule and the Security Rule? What do each of these spell out? (Write three paragraphs on each rule.)

3. Identify the similarities between GLBA and HIPAA compliance laws.

4. Identify the differences between GLBA and HIPAA compliance laws.

5. Explain how GLBA and HIPAA requirements align with information systems security.

6. Identify two privacy data elements for both GLBA and HIPAA. Describe two specific security controls and security countermeasures that support GLBA and HIPAA compliance.

Answer 1

I hope I have addressed each part of the question you’ve asked. Please leave a like if you find this answer helpful, it really helps me a lot and motivates me in providing better answers in future. If you have any doubts, please let me know before leaving a dislike I would surely assist you. Thanks in advance for liking this answer.

1. Write a thorough description of GLBA. Be sure to include the following topics in your discussion:

Who co-sponsored the act?

Customers of financial institutions.

Who is protected by the act?

Customers of financial institutions.

Who is restricted by the act?

Financial institutions.

How are financial institutions defined?

Companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance.

What does the act allow?

It allows one financial institutions to act as any combination of an investment bank, a commercial bank, and an insurance company.

How would you define the major parts of the privacy requirements: the Financial Privacy Rule, the Safeguards Rule, and the pretexting provisions? What do each of these spell out in the act?

The financial privacy law allows financial institutions to include detailed notifications and to comply with other restrictions on the release of personal information that is not public. A financial institution must notify all associated andnon-affiliated third parties of its privacy policies and practices, and allow the customer to opt out of revealing the non-public personal information of the user to a non-affiliated third party if the disclosure is outside the exceptions.

The Safeguards Rule allows financial institutions that have measures in place under FTC jurisdiction to keep customer information secure. In addition to creating their own protections, it is the duty of businesses covered by the Regulation to take action to ensure that their suppliers and service providers hold consumer details in their care.

The pretext provisions prohibit third parties-either corporations or individuals-from obtaining personal information from a customer by means of "false pretenses" - that is, fraud or "trickery." Under the GLBA, a person or organization can not:

(i) Use false or fraudulent statements, or forged, lost, or stolen documents, to get your personal information from a financial institution or from you personally, or

(ii) Ask another individual or company to get your personal information by using false or fraudulent statements, or forged, lost, or stolen documents.

2. Write a thorough description of HIPPA

Which U.S. government agency acts as the legal enforcement entity for HIPAA compliance violations?

The “American Recovery and Reinvestment Act of 2009”(ARRA), established a tiered civil penalty structure for HIPAA violations.

Who is protected by HIPAA?

Individuals’ medical records.

Who is restricted by the act?

Covered entities such as health plans, health care clearinghouses, such as billing services and community health information systems, and health care providers that transmit health care data in a way that is regulated by HIPAA.

Who must comply with HIPAA?

Covered entities.

What is the relevance of health care plans, providers, and clearinghouses?

Health Plan – An individual or group plan that provides or pays the cost of medical care.

Health Care Clearinghouse – A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “valueadded” networks and switches that either process or facilitate the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or receive a standard transaction from another entity and process or facilitate the processing of health information into a nonstandard format or nonstandard data content for the receiving entity.

Health Care Provider – A provider of services, a provider of medical or health services, and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.

How would you define the major parts of the Privacy Rule and the Security Rule? What do each of these spell out?

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. It requires safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

            The HIPAA Security rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

3. Identify the similarities between GLBA and HIPAA compliance laws.

(i) Both require technical safeguards to protect or guarantee the veracity of critical information.

(ii) GLBA protects personal financial information of an organization's customers. And HIPAA protects and guarantees the privacy of an individual's Personal Health Information (PHI).

(ii) Both have a requirement for specific IT controls.

4. Identify the differences between GLBA and HIPAA compliance laws.

(i) GLBA is primarily for financial institutions, and HIPAA is primarily for all types of healthcare services.

(ii) GLBA is sponsored and pushed by the Department of Human Resources, and HIPAA is sponsored and pushed by the Federal Trade Commission.

(iii) Different standards on how the information is protected, and what kind of information is protected.

5. Explain how GLBA and HIPAA requirements align with information systems security.

GLBA and HIPAA requirements align with information systems security because information security is a series of processes that are used to define policies and procedures around the implementation and ongoing management of information security controls in an enterprise environment. Of those requirements are regulatory requirements such as HIPAA and GLBA.

6. Identify two privacy data elements for both GLBA and HIPAA. Describe two specific security controls and security countermeasures that support GLBA and HIPAA compliance.

Names and Social Security Numbers. Security controls and countermeasures that support both are data encryption and access controls.