Policies & Regulations

Why You Need to Secure Your Information

Stanford's data protection policies are here to help you: they're in place in order to comply with various federal and state regulations. In the case of an unauthorized data breach, not only the University but you personally can be held liable, and are therefore subject to the responsibilities and penalties at all levels:

Governmental Regulations

University and School of Medicine Policies

Potential Penalties

Additional Recommendations

Risk Classifications and Minimum Security Standards

Stanford's Risk Classifications for its information resources provides a framework to determine the risk of information resources.  Based on these risk categories, Minimum Security Standards have been established for:

  • Endpoints
  • Servers
  • Applications
  • Software-as-a-Service, Platform-as-a-Service
  • Infrastructure-as-a-Service & Containerized Solutions


Be aware of the 18 HIPAA Identifiers so you can be sure you can know whether your data is de-identified.

Learn more about anonymizing research data so that it meets HIPAA regulations.

University Information Privacy & Security Quick Reference Guide


If you have questions or need assistance, call 650-725-8000 (M-F 7a-6p) or submit a help ticket at tdshelp.stanford.edu.