Skip to main content

HIPAA Privacy & Security Awareness Training

The Health Information Portability and Accountability Act (HIPAA) was enacted by Congress in August 1996 with the primary purposes of:

  1. Protecting people from losing their health insurance if they change jobs or have pre-existing health conditions
  2. Reducing the costs and administrative burdens of healthcare by creating standard electronic formats for many administrative transactions that were carried out on paper, and
  3. Developing standards and requirements to protect the privacy and security of personal health information.

Policy Statement:

Regulations

With the passage of HIPAA, the Department of Health and Human Services (DHHS) issued two separate regulations referred to as the Privacy Rule and the Security Rule.  These Rules require HIPAA-regulated organizations to adopt processes and procedures that specifically address the privacy and security of personal health information.  The processes include administrative, physical and technical safeguards to help ensure that medical information is stored, transmitted and received in a safe and secure manner.

Compliance

The HIPAA Privacy and Security Rules dictate that all who may come into contact with protected health information undergo annual training on HIPAA policy, and that there is documentation to prove that the training has been completed.  The program offered by NUIT’s Information and Systems Security/Compliance (ISSC) meets the compliance requirements as stated under HIPAA, and is specifically geared towards individuals who may be exposed to HIPAA-regulated data in performance of assigned duties (e.g., network & telecomm engineers, datacenter staff, desktop support, et al.). 

Training

The awareness training consists of a video presentation, followed by a written test, and can be delivered by ISSC to an individual or within a group setting.  Attending the training session, viewing the video and passing the test meets the compliance requirement; issuing a certificate of training completes the process.   

For details on the awareness training or to schedule a session, contact ISS/C at security@northwestern.edu.

Last Review Date:

December 2016

Original Issue Date:

April 2015

Additional Information:
Back to top