List three (3) differences between glba and hipaa.

32 | LAB #4 Analyzing and Comparing GLBA and HIPAA

Lab #4 - Assessment Worksheet

Analyzing and Comparing GLBA and HIPAA Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________

Overview

In this lab, you identified the similarities and differences of GLBA and HIPAA compliance laws, you explained how the requirements of GLBA and HIPAA align with information systems security, you identified privacy data elements for each, and you described security controls and countermeasures that support each.

Lab Assessment Questions & Answers

1. Which U.S. government agency acts as the legal enforcement entity for businesses and organizations involved in commerce?

2. Which U.S. government agency acts as the legal enforcement entity regarding HIPAA compliance and HIPAA violations?

3. List three (3) similarities between GLBA and HIPAA.

4. List five (5) examples of privacy data elements for GLBA as defined in the Financial Privacy

Rule.

5. List five (5) examples of privacy data elements for HIPAA as defined in the Privacy Rule.

33

Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual

6. List three (3) differences between GLBA and HIPAA.

7. How does GLBA’s and HIPAA’s privacy rule translate into information systems security controls and countermeasures?

8. What three areas does the GLBA Safeguards Rule encompass?

9. What is ePHI?

10. What three areas does the HIPAA Security Rule encompass for PHI?

11. Are organizations under GLBA and HIPAA required to mail and inform their customers in writing about their privacy rights?

12. When you go to your doctor’s office, one of the forms the office asks you to fill in and sign is a HIPAA Release Form authorizing your doctor to share your medical records and privacy data with third parties, including health insurance companies. Is this an example of the HIPAA Privacy Rule or the HIPAA Security Rule?

13. Why is a Business Associate Agreement/Contract required between a HIPAA-covered entity and a downstream medical or service provider to that covered entity?

14. Like HIPAA, GLBA has both privacy and security rules. What are the official names of these rules in GLBA law?

34 | LAB #4 Analyzing and Comparing GLBA and HIPAA

15. True or false: GLBA encompasses insurance companies and stock brokerage firms.