Introduction
Individuals and customers should normally expect companies and health providers to protect
personal information. Custodians of private information should protect it as they would any other
asset. Personal information has great market value both to other companies and would-be
thieves. Because of this value, numerous examples exist of companies opting to share, sell, or
inadequately
pieces of legislation.
The purpose of the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and
Accountability Act (HIPAA) is to make organizations responsible and accountable for protecting
customer privacy data and implementing security controls to mitigate risks, threats, and
vulnerabilities of that data. Both of these laws impact their industries significantly.
In this lab, you will identify the similarities and differences of GLBA and HIPAA compliance
laws, you will explain how the requirements of GLBA and HIPAA align with information
systems security, you will identify privacy data elements for each, and you will describe security
controls and countermeasures that support each.
Learning Objectives
Upon completing this lab, you will be able to:
Identify the similarities between GLBA and HIPAA compliance laws.
Identify the differences between GLBA and HIPAA compliance laws.
Explain how GLBA and HIPAA requirements align with information systems security.
Identify privacy data elements for both GLBA and HIPAA.
Describe specific security controls and security countermeasures that support GLBA and
HIPAA compliance.
Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
1. Lab Report file;
2. Lab Assessments file.
Instructor Demo
The Instructor will present the instructions for this lab. This will start with a general discussion
about GLBA and HIPAA, their similarities, differences, etc. The Instructor will then present an
overview of this lab and reference the overview documents.
www.jblearning.com
Hands-On Steps
1. On your local computer, the .
2. the . You will find answers to these questions as you
proceed through the lab steps.
3. On your local computer, a new .
4. Using your favorite search engine, on the .
5. about this act.
6. Next, the for the Gramm-Leach-Bliley Act.
7. In your Lab Report file, a thorough description of the Gramm-Leach-Bliley Act
basic components. Be sure to include the following topics:
Who co-sponsored the act?
Who is protected by the act?
Who is restricted by the act?
How are financial institutions defined?
What does the act allow?
How would you define the major parts of the privacy requirements: the Financial
Privacy Rule, the Safeguards Rule, and the pretexting provisions? What do each of
these spell out in the act? ( three paragraphs on each of these.)
8. Using your favorite search engine, the compliance law .
9. In your Lab Report file, a thorough description of HIPAA. Be sure to include the
following topics in your discussion:
Which U.S. government agency acts as the legal enforcement entity for HIPAA
compliance violations?
Who is protected by HIPAA?
Who must comply with HIPAA?
What is the relevance of health care plans, providers, and clearinghouses?
How would you define the major parts of the Privacy Rule and the Security Rule?
What do each of these spell out? ( three paragraphs on each rule.)
10.In your Lab Report file, what the GLBA and HIPAA have in
common. Then, how the two are different.
11.In your Lab Report file, what the GLBA and HIPAA have in
common. Then, how the two are different.
12.In your Lab Report file, how GLBA and HIPAA requirements align with
information systems security.
13.In you Lab Report file, two privacy data elements for GLBA and two privacy data
elements for HIPAA that are under compliance.
14.In your Lab Report file, two security controls or security countermeasures for GLBA
and listtwo security controls or security countermeasures for HIPAA that support
compliance.
www.jblearning.com
Evaluation Criteria and Rubrics
The following are the evaluation criteria for this lab that students must perform:
1. Identify the similarities between GLBA and HIPAA compliance laws. [20%]
2. Identify the differences between GLBA and HIPAA compliance laws. [20%]
3. Explain how GLBA and HIPAA requirements align with information systems security.
[20%]
4. Identify privacy data elements for both GLBA and HIPAA. [20%]
5. Describe specific security controls and security countermeasures that support GLBA and
HIPAA compliance. [20%]
