HIPAA and FERPA
In 1996, the U.S. Congress passed the Health Insurance Portability & Accountability Act (HIPAA). The purpose of HIPAA is to improve the efficiency and effectiveness of the health care system by standardizing the electronic data interchange of certain administrative and financial transactions. The U.S. Department of Health and Human Services issued regulations that focus on three areas:
Privacy Rule – Establishes privacy requirements for oral, written or electronic individually identifiable health care information. Compliance Date - April 13th, 2003. The HIPAA Privacy Rule excludes from its provisions all education records covered by the Family Educational Right and Privacy Act (20USC 1232g), including individually identifiable student health information.
Security Rule – Establishes security requirements for electronic health care information. Compliance Date - April 21, 2005
Transaction Rule – Standardizes formats for electronic health care claims and transactions. Compliance Date - October 16, 2003.
National Association of School Nurses. (2014). School Nurse Role in Electronic School Health Records (Position Statement). Silver Spring, MD: Author.
Archived NASN webinar: Let's Talk Documentation! HIPAA and FERPA
NASN Radio Broadcast: Being Confident about Confidentiality: Part II - HIPAA/FERPA Made Easy
Public health and schools toolkit: Comparison of FERPA and HIPAA Privacy Rule for accessing student health data
From the Association of State and Territorial Health Officers (2015)
Family Educational Rights and Privacy Act (FERPA) and the Disclosure of Student Information Related to Emergencies and Disasters
From the U.S. Department of Education (2010)
Joint guidance on the application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to student health records
From the U.S. Department of Health and Human Services & U. S. Department of Education (2008)
Sharing Information to Update Immunization Records
Modifications to the HIPAA rule occurred in January 2013. These modifications enable healthcare providers who are HIPAA covered entities to share immunization information to schools with verbal/email parent permission.
Read a summary of this modification.
Refer to page 5617 of the Federal Register to learn more.
FERPA Webinar for Elementary & Secondary School Officials
Hosted on October 24, 2012 by the Family Policy Compliance Office at the U.S. Department of Education. Scroll down the page and find the webinar under the October 2012 heading.
Page Last Updated January 2016