21 Oct Understanding the GLBA compliance: A guide to protecting your patient’s data.
The Gramm-Leach-Bliley Act, (GLBA) is also known to be the Financial Modernization Act of 1999. It is a federal law in the USA that obligates financial institutions to explain in detail how they protect and choose to share their consumer’s confidential information. To become GLBA compliant, a healthcare facility must reach out to its patients and inform them about how they share their sensitive data. Patients are also given an option to opt out if they do not wish for their personal information to be shared. The healthcare provider may arrange a specific protection plan for the patient in a written form if they have requested it.
The implications of the GLBA are declared in its Safeguard Rule with some added security and privacy requirements that are issued by the FTC’s Financial Privacy Rule. The FPR was solely created for the GLBA so it can comply with its requirements. The GLBA is implemented by the FTC, federal regulatory agencies, and federal banking authorities.
The act has three basic sections which consist of rules and regulations. The ‘3 rule’ term has been adopted so the layman can understand GLBA with ease per the legislation.
- The types of data to protect.
- Lessening and presenting opportunities for any unauthorized access.
- Particular measures are expected from the bill.
Let’s have a look at what exactly the 3 rules are.
- Financial Privacy Rule
Any institution that receives ‘’nonpublic personal information (NPI) regarding its consumers is obligated to adhere to the privacy rule of the GLBA. This information covers personal information, transactional data, and health information. This includes any information that may be acquired during the process of a transaction, medical procedure, or appointment. The FTC covers all aspects of the privacy rule thoroughly.
- Pretexting Provisions
On top of protecting nonpublic personal information (NPI), organizations that fall under the bracket of GLBA must take measures to prevent and detect any access which is authorized. Various scams attempt to access personal information through email, phone, or in person. Pretexting provisions focus to eradicate any instances of data loss and protect consumers.
- Safeguard Rule
Anyone or any institution under the GLBA is presented with specific options to ensure their private information is protected. According to the GLBA, every party must comply with ‘’the administrative, technical, or physical safeguards you use to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information’’.
A few of those requirements include:
- Complete software
- Training the Employee(s)
- Test and Trial, and monitor vulnerability
Advantages of GLBA Compliance
Complying with the GLBA guidelines ensures health facilities are at a lower risk of penalties or any other damage enforced by unauthorized sharing of data. There are also various privacy and security benefits offered by the Safeguards Rule for consumers. Those include:
- Any private information must be kept secure from unauthorized access.
- Consumers are to be notified if their personal information is benign and shared with any third party or another financial institute.
- Any activity on the information should be tracked. This includes any attempts to acquire access to confidential records.
Compliance with the GLBA guidelines aims to protect consumers and their records. This feature assists to build a stranger relationship with those using your services. Patients and consumers are at ease that all information is kept secured and the health facility they have chosen can be trusted.
If the GLBA non-compliance allegation is proven, the consequences can be dire and sometimes life-altering.
Some penalties include:
- Any financial institution proven to be in violation will face USD 100,000 fine for each violation.
- Individual persons proved to be in violation and are fined USD 10,000.
- Individual persons proved to be in violation can be put in prison for a maximum of 5 years.
The primary focus of GLBA is to tighten the security measures to safeguard the privacy of data in medical billing. It aims to concern to maintain the confidentiality of customers’ financial and private information. Ensuring GLBA compliance is crucial for any financial institution of a healthcare facility. In case of a violation, the consequences can prove to be quite costly. By maintaining NPI and following GLBA guidelines, organizations will endure the benefits of no penalties, and improved security along with building trusting relationships with their consumers.