If you work in the healthcare sector, you’ve probably heard about HIPAA. HIPAA is required for anyone in or working with the healthcare industry. If you work in the financial sector, you’ve probably heard of the GLBA. The GLBA has everything to do with financial organizations.
But can these two regulations overlap in any respective industry? How are they similar, and how are they different? When it comes down to it, what these laws have in common is their purpose to protect and guard the general public’s personal data within their respective industries. The terminology, applicability, and many other things do differ between the two.
In this guide, we’ll break down everything you need to know about the Gramm Leach Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).
Healthcare organizations nowadays are required to take extensive measures to safeguard the protected health information of their patients and consumers. Thanks to HIPAA, there is security over this information. Standards protecting the privacy of a person's health-related information were set by the Health Insurance Portability and Accountability Act of 1996 (commonly known as HIPAA). These requirements concern the data required for healthcare coverage. The purpose of HIPAA was to enhance the continuity and portability of health insurance coverage in both group markets and individual markets.
A "Covered Entity” is one type of organization that is subjected to HIPAA requirements. Among the covered entities are the following:
Additionally, some HIPAA rules must be followed by business associates of covered businesses. Your health information will frequently need to be accessible to contractors, subcontractors, and other external parties who are not employed by a covered business in order to provide services for the covered company.
The Gramm-Leach-Bliley Act, or GLBA, focuses on the data protection measures that financial organizations are required to have in place. Companies that provide customers with financial goods or services are subject to these compliance requirements. This might refer to lenders, advisers on finances or investments, or insurers. Practices for exchanging information must have the necessary protections in place to secure sensitive data.
All firms, regardless of size, that play a substantial role in offering customers financial goods or services are subject to the Gramm-Leach-Bliley Act. This covers a wide range of businesses that aren't typically regarded as financial institutions, including check cashing operations, payday lenders, mortgage brokers, nonbank lenders, appraisers of personal property or real estate, merchants who issue branded credit cards, certified tax preparers, and courier services. The rule also applies to businesses that obtain information about clients of other financial institutions, such as credit reporting agencies and ATM operators. Companies covered by the regulation are required to take efforts to guarantee that their affiliates and service providers preserve client information in their care in addition to adopting their own safeguards.
The main distinction between these two sets of compliance guidelines is that each one is concentrated on safeguarding a different kind of data. Healthcare information about a patient is protected by HIPAA, while consumer data about financial institutions are protected under GLBA. But they all strive to protect sensitive data, which is a common objective. They can both take part in preserving PHI.