1

Part 1

1. Following the passage of the legislation, GLBA researchers looked into the profitability of

banks as well as the effect of non-interest income operations on bank risk.

https://www.sciencedirect.com/science/article/pii/S0148619519300980

2. According to industry analysts, the GLBA is anticipated to include physical

protections, administrative processes, the processing, distribution, transmission, and

administration of client information, as well as the distribution, transmission, and

management of client information. There are three distinct types of privacy notifications that

have been created in compliance with the regulation: updated notifications, first-notification

notifications, and annual notifications. Under the General Liability Act (GLBA), non-public

personal information is protected. This information includes, among other things, credit and

bank card account numbers, phone number names, and mailing address information.

Conformity with the GLBA requires the creation of privacy strategies, procedures, and

policies by companies, which are obliged to provide more information about how they

acquire personal information, as well as how it is sold, disseminated, and disposed of.

Furthermore, customers have the right to choose whatever information they want to receive

from a company when it is obliged to do so. This is referred to as the "right to information

selection."

For the purpose of maintaining the confidentiality and security of their customers'

non-public personal data, all financial institutions are obliged by law to conduct themselves

in compliance with the law. Under the provisions of the legislation, financial institutions are

obliged to have a security strategy in place to protect the personal information of their

customers. It is necessary for federal banking institutions, as well as other regulatory

organizations such as federal regulatory authorities and insurance monitoring agencies, to

collaborate in order for the GLBA legislation to be implemented.

 2

Part2

1. Protection of Health information in the 21ST century and the HIPAA law

https://jamanetwork.com/journals/jama/article-abstract/2682916

HIPAA is a federal legislation that establishes national standards and norms for the

protection of patient medical records and other sensitive health information. It was passed in

1996. Both health-care services and insurance policies are covered under this plan. Physical

and technological safeguards that enhance the integrity of data are among the security

measures that may be implemented. Other examples include the security of electronic health

data and the protection of personal information. In the United States, HIPAA is a federal law

that protects any identifying health information about individuals who are insured by a

business. The Health Insurance Portability and Accountability Act of 1996 (often known as

HIPAA) is a federal law that protects health insurance consumers (PHI).

In order to comply with its privacy responsibilities under the HIPAA law, a company

must implement safeguards to secure individually identifiable health information.

Information sharing with people who are not meant to know about it is prevented, among

other things, by this security measure. As part of the HIPAA security rule, it is necessary to

put in place appropriate administrative, technical, and physical safeguards to guarantee the

confidentiality and integrity of electronically protected health information. Compliance with

HIPAA regulations are overseen by the Office for Civil Rights, which is part of the

Department of Health and Human Services (HHS).

Part 3

GLBA prohibits financial institutions from releasing non-public information, such as

client account information, without first obtaining the consent of the customers who have

supplied the data that is being disclosed. The Health Insurance Portability and Accountability

Act (HIPAA), which was enacted in 1996, ensures that patient health information is kept
 3

secure and confidential. (HIPAA). One thing that they all have in common is the need to keep

data safe and secure. Several security principles, such as the ones listed below, are shared by

HIPAA and GLBA.

a) Employee and management training on security-related rules and procedures

b) Implementation of processes and policies aimed at mitigating risk associated with

security concerns.

c) Protection and stewardship of people' private data

2. Compliance with HIPAA and GLBA regulations differs significantly in terms of

the kind of information that must be protected under each statute. In accordance with HIPAA,

patient health information is protected, while consumer information concerning financial

institutions and publicly traded companies is protected by the Gramm-Leach-Bliley Act.

When it comes to information security, HIPAA and GLBA are diametrically opposed in

many ways:

a) HIPAA safeguards health-care data, whereas the Gramm-Leach-Bliley Act

(GLBA) safeguards financial institution customers' private information, which is deemed

non-personally identifiable.

b) The Department of Health and Human Services is in charge of implementing

HIPAA security regulations, while federal financial institutions are in charge of

implementing GLBA security requirements.

c) The GLBA has a presumptive security provision, while the HIPAA does not.

Part 4

1. Because it works with extremely sensitive material that may be compromised by

enemies, it has developed extra information security-related policies and procedures to

protect its employees. Because the financial and banking sectors are among the most
 4

susceptible to viruses, they tend to put a higher focus on information security requirements

than other companies.

2. HIPAA seems to offer more training than other regulations since they are

concerned with the health of the public. Modern society places more emphasis on the

protection of its citizens' health, necessitating increased expertise in administrative and

therapeutic processes.
 5

References

MacGahan, T., Johnson, C., Rodriguez, A., von Ronne, J., & Niu, J. (2017, June). Provable

Enforcement of HIPAA-Compliant Release of Medical Records Using the History

Aware Programming Language. In Proceedings of the 22nd ACM on Symposium on

Access Control Models and Technologies (pp. 191-198).

MacGahan, T., Johnson, C., Rodriguez, A., von Ronne, J., & Niu, J. (2017, June). Provable

Enforcement of HIPAA-Compliant Release of Medical Records Using the History

Aware Programming Language. In Proceedings of the 22nd ACM on Symposium on

Access Control Models and Technologies (pp. 191-198).