Policies & Regulations
Why You Need to Secure Your Information
Stanford's data protection policies are here to help you: they're in place in order to comply with various federal and state regulations. In the case of an unauthorized data breach, not only the University but you personally can be held liable, and are therefore subject to the responsibilities and penalties at all levels:
The University Privacy Office maintains current information on governmental and regulatory policies, including HIPAA, FERPA, GDPR, PCI and other State of California regulations.
University and School of Medicine Policies
Risk Classifications and Minimum Security Standards
Stanford's Risk Classifications for its information resources provides a framework to determine the risk of information resources. Based on these risk categories, Minimum Security Standards have been established for:
- Software-as-a-Service, Platform-as-a-Service
- Infrastructure-as-a-Service & Containerized Solutions
Be aware of the 18 HIPAA Identifiers so you can be sure you can know whether your data is de-identified.
Learn more about anonymizing research data so that it meets HIPAA regulations.
University Information Privacy & Security Quick Reference Guide
If you have questions or need assistance, call 650-725-8000 (M-F 7a-6p) or submit a help ticket at tdshelp.stanford.edu.