Skip to main content
IT Service Status
IT Service Status

HIPAA/ISO Information Security Guidance


Any and all Northwestern University schools, departments and business units subject to regulatory compliance as required by the Health Information Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act.


The HIPAA/ISO Information Security Guidance  document describes the Standards and Implementation Specifications required by HIPAA/HITECH and corresponding controls of the Information Standards Organization’s (ISO) Security Standards (27001/2). HIPAA requires compliance with Administrative Safeguards 164.308, Physical Safeguards 164.310, and Technical Safeguards 164.312. In response, the University adopted the ISO standards and created this guidance to identify the actions that, when executed, help to meet the HIPAA/HITECH requirements.

Policy Statement:

This HIPAA/ISO information Security Guidance provides the required direction for an information security plan for any University school, department or business unit where operations are subject to HIPAA/HITECH regulations.  

Additional Information:

Important Dates

Last Review Date:

  • December 2016

Original Issue Date:

  • August 2014

Revision Dates:

  • November 2014