Northern Illinois University (NIU) is committed to an effective privacy compliance program. The privacy program, located within NIU’s Ethics and Compliance Office (ECO), provides strategic leadership, oversight, and coordination to ensure campuswide compliance with applicable laws and regulations.
The ECO collaborates with academic and administrative departments on campus, such as Information Security, Internal Audit, the College of Health and Human Sciences, and the Office of General Counsel.
We are a resource to campus departments to answer your privacy questions and help you update policies and practices on protecting the privacy of the information that you receive, create, use, and share. It is through our combined efforts that we will reduce risks to the university and individuals while advancing campus departments’ goals.
For questions about our privacy program, please email the director of privacy and record retention at khsu1@niu.edu.
We provide services to NIU to support the elements of an effective privacy compliance program by:
Here are some NIU notices and policies that are related to our privacy program’s work:
NIU provides health care services through some of its units’ licensed health care practitioners. When an NIU student receives health care services from an NIU unit, the student’s health and billing records are protected under the Family Educational Rights and Privacy Act (FERPA). While there are some nuances to FERPA’s application, this is the general rule.
However, when the NIU unit provides health care services to a community member who is not an NIU student and when the NIU unit makes certain electronic transactions related to those health care services, the person’s health care information is protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its regulations.
NIU has designated itself as a HIPAA hybrid entity. This means that HIPAA does not apply to the entire university. HIPAA applies to those units within NIU that provide health care services to non-students and electronically perform certain transactions related to those health care services.
Representatives from those NIU units serve on a HIPAA Steering Committee. The committee meets regularly to discuss topics such as changes to HIPAA’s privacy and security regulations, HIPAA training, updates to NIU’s HIPAA Security and Privacy Compliance Policy, and business associate agreements.
NIU receives federal financial aid under Title IV of the Higher Education Act. The Gramm-Leach-Bliley Act (GLBA) applies to universities that receive such federal financial aid. The GLBA has rules regarding data privacy and security. A university complies with GLBA’s privacy rules by complying with the Family Educational Rights and Privacy Act (FERPA). To comply with GLBA’s security rules, a university follows the security provisions set out in the Federal Trade Commission’s GLBA Safeguards Rule.
Representatives from NIU units serve on a GLBA committee. The committee meets regularly to discuss topics such as changes to GLBA’s regulations, updates to NIU’s GLBA Information Security Plan, and oversight of contracts and service providers who access data protected by GLBA.
The ECO works collaboratively with NIU’s Procurement Services/Contract Management team and NIU’s Office of General Counsel’s contracts team to review contracts and agreements from a privacy perspective. The privacy officer serves as the subject matter expert on data use, data breach notification, and other privacy-related terms in contracts.