Information Security Consulting Firm - Networks Unlimited > Privacy Regs

Achieve your security objectives.

Get more info about how we can help you achieve your security objectives.

Privacy Regs

Federal Privacy Regulations

The Health Information and Portability Act of 1996 (HIPAA) is widely-known, particularly to anyone who has been a patient of a doctor or dentist in the past five years. HIPAA was originally established to ensure that individuals’ health information be safeguarded, particularly as it is communicated between different parties and participants in the healthcare process. The HIPAA standards were established by the U.S. Department of Health and Human Services (HHS). The Office of Civil Rights, a department within HHS, is responsible for implementing and enforcing the HIPAA privacy rules. HIPAA applies to organizations and persons that communicate protected health information (PHI) via electronic and other means, including paper, fax documents, and oral communications. It therefore applies to healthcare providers, insurers, healthcare-related electronic clearing houses, and health plans. Employers with employee health benefit plans are classified by HIPAA as health plan” if the plan (a) has over 50 participants or (b) is not self-administered. Protected health information (PHI) includes, but is not limited to, an individual’s health-related conditions, health insurance data, and name, address, birth date, or Social Security Number.

Note: In general, State laws that are contrary to HIPAA’s Privacy Rule are preempted by the federal requirements, which mean that the federal requirements (HIPAA) will apply.

Banks, S&Ls, credit unions, securities brokers are generally familiar with the Gramm-Leach-Bliley Act of 1999 (GLBA), which served a number of purposes, including requiring financial institutions to safeguard non-public personal information. But less well-known is that GLBA’s privacy requirements extend to non-banking businesses, such as mortgage lenders and brokers, tax preparers (CPA’s), investment advisors, insurance companies, consumer collection agencies, and even auto dealers that arrange financing. In the case of banks, S&Ls, credit unions, securities brokers, GLBA is enforced by their traditional federal (OCC, FDIC, OTS, NCUA, and SEC) and state regulatory agencies; whereas the Federal Trade Commission (FTC) has enforcement responsibilities at the non-banking businesses.

This page is not intended to address privacy regulations, such as the Privacy Act of 1974, which apply to federal government agencies.

Click here to learn more about Information Leak Prevention.