Compliance

The Gramm-Leach Bliley Act

The Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.

The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to “financial institutions,” which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. Such non-traditional “financial institutions” are regulated by the FTC. For more information on the types of financial activities covered, click here.

The Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information. For a summary overview of the Financial Privacy Rule, see In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act.

The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions “such as credit reporting agencies” that receive customer information from other financial institutions.

The Pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses, a practice known as “pretexting.”

The following regulatory agencies are charged with administering GLBA for their regulated firms:

For more information on how we can help to protect your data, please contact us today at 561-705-2905

Complying With HIPPA

HIPPA (Health Insurance Privacy and Accountability Act) compliance is a critical, yet an often misunderstood area. There are technical issues to resolve, such as securing of emails, how data is stored and where it is stored, administrative policies to set, consistent training of employees on the care of PHI information, and the consistent monitoring of PHI/ePHI data as it transfers hands and or goes mobile.

A more recent example of a security breach can be viewed here “HealthLeadersMedica.com”

Some best practices to consider and enforce regularly are:

1. Policies should require that all mobile storage devices be secured
2. Encrypt all mobile devices including laptops
3. Educate employees on how to protect privacy
4. Sanction employees who violate policies
5. Implement technologies that find transfers of medical data (especially in an unencrypted form). This should include both transfers across the network and via physical devices such as USB thumb drives, iPods, etc.
6. Have your business associates and or vendors sign the appropriate agreements.

Not All Safeguards Are Technical

It is very important to understand that implementing and enforcing formal policies and procedures needs to be engrained into the business philosophy. Having a clear idea on how the data center plans to secure PHI (protected health information) and ePHI (electronic protected health information), and how consistent training will be carried out will allow for an overall win for protecting your clients and your organization’s reputation.

At JND Consulting Group LLC. we keep our employees up to date on the latest HIPPA / HITECH and compliance guidelines. It is our philosophy to make sure all of our clients and associate’s data and information at any level and any type are kept secure.

Additional information can be found at HIPPA.org

Contact us today for more information

Joe Ramos

President

Joe_Ramos@JNDConsultingGroup.com

561-705-2905

Securing your email communications

Email is still the number one communication method when communicating with other businesses, and clients. It is also one of the easiest forms of digital media to intercept and steal.

When dealing with private information such as social security numbers, medical information, or credit card information, it is always good practice to establish a buisness policy on how to deal with this data. (It scares me when I think  about how many people I see take this for granted in business.)

Although best practice and security will always be an inconvenience, there are many tools out there to keep you and your business in compliance.

Securing your email with an encryption software helps to save your companies reputation in the event that the email is sent to the incorrect person, thrid party vendor working on either the recipents computer or the senders computer or if the email should be intercepted by hackers.

Take the steps to prevent this from happening to you as well as helping you to pass your compliance audits.

Call us today to see how we can help. ( You will be surprised how little the cost can be for maintaining good PR and doing the right thing for your clients and your practice )

JND Consulting Group LLC.
561-705-2905