Identify the similarities and differences of GLBA and HIPAA compliance laws. Explain how the requirements of GLBA and HIPAA align with information systems security. Identify privacy data elements for each, and describe security controls and countermeasures that support each.

Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA)

Individuals and customers should normally expect companies and health providers to protect personal information. Custodians of private information should protect it as they would any other asset. Personal information has great market value both to other companies and would-be thieves. Because of this value, numerous examples exist of companies opting to share, sell, or inadequately safeguard their customers’ personal information. The result has been two landmark pieces of legislation.

The purpose of the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) is to make organizations responsible and accountable for protecting customer privacy data and implementing security controls to mitigate risks, threats, and vulnerabilities of that data. Both of these laws impact their industries significantly.

In this discussion, you will identify the similarities and differences of GLBA and HIPAA compliance laws, you will explain how the requirements of GLBA and HIPAA align with information systems security, you will identify privacy data elements for each, and you will describe security controls and countermeasures that support each.