Skip to main content
IT Service Status
IT Service Status

HIPAA Privacy & Security Awareness Training

The Health Information Portability and Accountability Act (HIPAA) was enacted by Congress in August 1996 with the primary purposes of:

  1. Protecting people from losing their health insurance if they change jobs or have pre-existing health conditions
  2. Reducing the costs and administrative burdens of healthcare by creating standard electronic formats for many administrative transactions that were carried out on paper, and
  3. Developing standards and requirements to protect the privacy and security of personal health information.

Policy Statement:


With the passage of HIPAA, the Department of Health and Human Services (DHHS) issued two separate regulations referred to as the Privacy Rule and the Security Rule.  These Rules require HIPAA-regulated organizations to adopt processes and procedures that specifically address the privacy and security of personal health information.  The processes include administrative, physical and technical safeguards to help ensure that medical information is stored, transmitted and received in a safe and secure manner.


The HIPAA Privacy and Security Rules dictate that all who may come into contact with protected health information undergo annual training on HIPAA policy, and that there is documentation to prove that the training has been completed.  The program offered by Northwestern IT’s Information Security Office (ISO) meets the compliance requirements as stated under HIPAA, and is specifically geared towards individuals who may be exposed to HIPAA-regulated data in performance of assigned duties (e.g., network & telecomm engineers, datacenter staff, desktop support, et al.). 


Members of the Northwestern community can receive HIPAA certification by completing one of two training modules.  Please see the IT Knowledge Base for further instructions

Additional Information:

Important Dates

Last Review Date:

  • December 2017

Original Issue Date:

  • April 2015