HIPAA and FERPA - Privacy Rules for Both You Must Know; Do They Get Along?

Description

When working with health’s protected health information and educational information about students and employees, it is crucial to understand the boundaries between two major federal privacy laws:  the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA). 

Both laws protect sensitive information, but they apply in different contexts and to different types of records.  Knowing when each law applies (and when one takes precedence over the other!) helps schools, providers, and families ensure compliance while still facilitating appropriate communication for treatment and educational purposes.

HIPAA governs the privacy of health information created or maintained by covered entities (such as doctors, hospitals, and other health care providers) that transmit health information.  Under HIPAA, protected health information (PHI) may not be shared without the individual’s authorization, except in certain circumstances.  One key exception allows HIPAA-covered health care providers to disclose PHI to another provider (including a school nurse or physician) for treatment purposes without written authorization.  This enables a student’s primary care physician to communicate medical needs to a school nurse who is responsible for administering care.  It also allows disclosure of immunization records required by state or local law if a parent or guardian consents to the disclosure.

However, in the school setting, most student health records are not subject to HIPAA because those records are considered “education records” under FERPA, which generally governs student records held by schools that receive U.S. Department of Education funds. 

FERPA protects not only academic information, but also health records maintained by the school — including those held by school nurses or in a school health clinic — and requires parental consent (or consent from the eligible student) before those records can be shared outside the school.  When student health information is protected by FERPA, HIPAA specifically excludes that information from its coverage.

There are additional nuanced situations, such as records maintained by health providers not acting on behalf of the school, that may fall under HIPAA if the provider is a covered entity.  Another such nuanced scenario involves individuals who are both students and employees at a university. 

In short:  FERPA typically applies first to student records held by schools, and HIPAA applies when health information is maintained by a covered health care provider outside the FERPA context.  Understanding the distinctions is essential for compliance and for appropriately protecting individuals’ health and education information.

Areas Covered in the Session

• HIPAA Overview and summaries
• FERPA Overview and summaries
• How HIPAA and FERPA Interact and Intersect
• Special Situations to Address
• Practical implications When Health Care Records are in the Possession of an Educational Institution

Who will Benefit?
This webinar is perfect for healthcare workers practicing in a school or educational setting.

Why should you Attend?
By attending this webinar, healthcare workers practicing in school or other educational settings will learn how HIPAA interacts with FERPA and how to protect privacy no matter which law you’re dealing with.