The Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act of 1974 (FERPA)1 protects the privacy of information maintained in student education records. It applies to all education agencies and institutions that receive federal funds including public elementary and secondary schools and both public and private colleges, universities, and professional schools. Private and religious elementary and secondary schools are largely exempt from FERPA.
FERPA defines “education records” as “records, files documents, and other materials” that “contain information directly related to a student; and are maintained by an education agency or institution” or their agent.2 Consequently, this definition includes student health records, immunization records, and records maintained by school nurses.3
HIPAA and FERPA
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule4 regulates the use and disclosure of “protected health information” (PHI) by health providers, health insurers, and other designated “covered entities.” The Privacy Rule broadly defines PHI as including information about an individual’s health status and receipt of care, but expressly excludes information maintained in records subject to FERPA regulation. The Departments of Health and Human Services and Education have issued a joint guidance to clarify the regulatory relationship between HIPAA and FERPA.5
Enter the password to open this PDF file:
Footnotes
- 1. 20 U.S.C. § 1232g.
- 2. 20 U.S.C. § 1232g(a)(4).
- 3. U.S. Dept. of Health and Human Services & U.S. Dept. of Education, Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to Student Health Records 1 (2008).
- 4. Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. No. 104-191, 110 Stat. 139 (1996) (codified as amended in scattered sections of 42 U.S.C.); 45 C.F.R. §§ 160.101- 552 (2012); 45 C.F.R. §§ 164.102-106; 45 C.F.R. §§ 164.500-534.
- 5. Joint Guidance on the Application of the FERPA and HIPAA to Student Health Records, pgs. 4-5 (November 2008) available at www.ed.gov/policy/gen/guid/fpco/doc/ferpa-hippa-guidance.pdf (accessed on February 17, 2013).