Skip to main content

Policy Compliance

To assist Feinberg faculty, staff and students in being compliant with policy, Feinberg IT has developed a brief overview of the need-to-know policy information for various applications, hardware and data. Links to additional detail is included when available.

  • Encryption:

    All laptops, handheld devices and portable storage devices of all types must be encrypted. Feinberg IT will encrypt these devices prior to delivery to the end user.

    Mobile devices like iPhones, iPads, Android and Windows phones are compliant if encrypted. This happens automatically with most devices when a pin is used.  

  • Storage:

  • Email:

    Auto-forwarding outside Northwestern University and its affiliates is not permitted. If you have previously forwarded to sites such as, or, you will be contacted by Feinberg IT about how to move your emails to university servers and how to stop forwarding your emails.

  • Smartphones/Tablets:

    You may use a smartphone or tablet for work purposes only if the device requires that you enter a PIN to unlock it. This PIN also encrypts the device. For Android devices, encryption must also be enabled in addition to having a PIN. Please contact Feinberg IT for more information.

  • Purchasing Computers and Devices:

    All devices with a hard-drive must be purchased, onboarded and deployed by Feinberg IT. These devices include laptops, desktops, tablets, flash drives (thumb drives) and external drives. We are happy to complete your order by including the purchase of accessories such as mice, connectors and keyboards, but these items can also be purchased through your department/unit personnel.

    Please create a ticket with Feinberg IT for your order.

    View Feinberg IT standard machines and accessories.

  • Electronic Health Information:

    Access to the electronic medical data for research purposes is governed by the Research Use of EDW data policy. Commonly asked questions and answers about this policy can be found on the EDW FAQ page.

  • Thumb/Flash Drives:

    Thumb drives must be encrypted. Please contact Feinberg IT if you require assistance. 

  • Is My Machine Managed?

    If you are concerned that your device is not managed (no purple Feinberg Help shield), contact Feinberg IT.

  • De-identified Data Definition:

    Data are not de-identified until all 18 HIPAA identifiers are removed. They are:

    1. Names
    2. Geographic subdivisions smaller than a state
    3. All elements of dates (except year)
    4. Telephone numbers
    5. Fax numbers
    6. Electronic mail addresses
    7. Social security numbers
    8. Medical record numbers
    9. Health plan beneficiary numbers
    10. Account numbers
    11. Certificate/license numbers
    12. Vehicle identifiers and serial numbers
    13. Device identifiers and serial numbers
    14. Web Universal Resource Locators (URLs)
    15. Internet Protocol (IP) address numbers
    16. Biometric identifiers
    17. Full face photographic images
    18. Any other unique identifying number

  • Student Email:

    Remember that, and is not secure for PHI or PII. Please use addresses if you are involved with research, patient, student or other secure data.