HIPAA/ISO Information Security Guidance
Any and all Northwestern University schools, departments and business units subject to regulatory compliance as required by the Health Information Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act.
The HIPAA/ISO Information Security Guidance document describes the Standards and Implementation Specifications required by HIPAA/HITECH and corresponding controls of the Information Standards Organization’s (ISO) Security Standards (27001/2). HIPAA requires compliance with Administrative Safeguards 164.308, Physical Safeguards 164.310, and Technical Safeguards 164.312. In response, the University adopted the ISO standards and created this guidance to identify the actions that, when executed, help to meet the HIPAA/HITECH requirements.
This HIPAA/ISO information Security Guidance provides the required direction for an information security plan for any University school, department or business unit where operations are subject to HIPAA/HITECH regulations.
- HIPAA Privacy & Security Awareness Training
- Information Security Management
- Information Security Management System (ISMS)
- Information Systems Security Plan/Practices (ISSP/P)
- HIPAA/ISO Information Security Guidance
Last Review Date:
- December 2016
Original Issue Date:
- August 2014
- November 2014