FERPA & HIPAA: Maintaining Student Confidentiality
This presentation is a compilation of information and resources from The Department of Health and Human Services, The U.S. Department of Education and others. This presentation does not replace a complete course.
FERPA FERPA (Family Educational Rights and Privacy Act) Protects the privacy of student educational records. Records directly related to a student and maintained by an educational agency Student health records Nurse documentation Special Education records Applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
FERPA FERPA gives parents, legal guardians and eligible students the following rights regarding educational records: Inspect and review education records – 45 Days Challenge and seek amendments of education records Require written consent prior to the disclosure of personally identifiable information
FERPA FERPA applies to students’ education records, including health records maintained by the school or a party acting for the school. Schools must annually notify parents and eligible students of their rights under FERPA.
FERPA Directory Information Schools may disclose, without consent, "directory" information student's name address telephone number date and place of birth honors and awards dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them.
FERPA Non-Directory Information Non-directory information cannot be release to anyone without prior written consent of the student or parent. Faculty and staff can access this information only if they have a legitimate academic need to do so. Do not need written consent: Health and safety of the student is an issue Judicial order/subpoena Disciplinary hearing Transfers
Confidential Data Elements May include, but not limited to: Social Security Number Student health information Gender Transcripts/Grades Discipline information (infractions, outcomes, etc.) State-assigned student ID Lunch status (free or reduced) Socioeconomic status Title I status
Confidential Data Elements May Include, but not limited to: IEP status and details Exceptionality Race, ethnicity, and/or nationality Individual assessment results and course grades Migrant status, homeless status Medicaid status Student Identification Number Other data elements parents may request to exclude from directory Additional information
HIPAA HIPAA (Health Insurance Portability and Accountability Act) Created to improve health insurance portability, prevent health care fraud and misuse, simplify health care administration, and protect the privacy of an individual’s health information. Educational records protected by FERPA are exempt from the HIPAA privacy rule.
FERPA & HIPAA in Schools HIPAA Privacy Rule excludes information considered to be education records under FERPA from HIPAA requirements. School nurse or other health records maintained on students receiving services under the IDEA are considered to be education records and are also subject to FERPA School systems that provide health care services to students may quality as covered entities under HIPAA
FERPA & HIPAA in Schools School nurse is subject to HIPAA if the school nurse or school engage in a HIPAA transaction Transmission of information between two parties to carry out financial or administrative activities related to health care Submitting claims Must still be secured under FERPA before records are disclosed
Maintain Confidentiality Avoid creating reports in which confidential information is implicit within the aggregate numbers. Establish data release procedures and protocols Implement procedures for responding to a data breach Identify parents opt-out choices and establish procedures to communicate and implement those choices.
Maintain Confidentiality Do Use computer passwords Use physical security of data Hand students graded work directly to the student Make sure grades are not visible when returning work Be on guard with educational information Keep all documentation private Be aware of classroom visitors Post grades by using unique numbers, letters or other symbols only the teacher and individual student know
Maintain Confidentiality Don’t Don’t post students grade by name Don’t use full or part of student’s identification number or social security number when posting grades Don’t leave graded student work in public places Don’t distribute a group of papers back in class so students have to search through the pile to find their own work Don’t ask students in class to return graded work for other students. Don’t leave confidential papers lying around Don’t leave computers on while unattended Don’t discuss students unless you are in a meeting regarding their legitimate education interest
Confidentiality Best Practice Obtain written consent
References Joint Guide on the Application of the Family Educational Rights and Privacy Act and the Health Insurance Portability and Accountability Act of 1996 to Student Health Records. Retrieved at FERPA/HIPAA Data Quality Course. Retrieved at FERPA and HIPAA. Retrieved at HIPAA and FERPA An Update on Privacy Issues in Schools. Center of Health and Health Care in Schools. Retrieved at Understanding the Privacy Rights of HIPAA & FERPA in Schools. The National Law Review. Retrieved at Student Confidentiality: HIPAA and FERPA in the School Setting. Retrieved at Memorandum HIPAA and FERPA. Retrieved at Family Educational Rights and Privacy Act. Retrieved at www2.ed.gov