Welcome Guest
Last Login Unknown
Membership Expires Not Applicable

Tools & ResourcesDocumentation in School HealthHIPAA and FERPA    November 30, 2015



In 1996, the U.S. Congress passed the Health Insurance Portability & Accountability Act (HIPAA).  The purpose of HIPAA is to improve the efficiency and effectiveness of the health care system by standardizing the electronic data interchange of certain administrative and financial transactions.  The U.S. Department of Health and Human Services issued regulations that focus on three areas:

  • Privacy Rule – Establishes privacy requirements for oral, written or electronic individually identifiable health care information.  Compliance Date -  April 13th, 2003.  The HIPAA Privacy Rule excludes from its provisions all education records covered by the Family Educational Right and Privacy Act (20USC 1232g), including individually identifiable student health information.

  • Security Rule – Establishes security requirements for electronic health care information.  Compliance Date - April 21, 2005

  • Transaction Rule – Standardizes formats for electronic health care claims and transactions.  Compliance Date - October 16, 2003.

Since the arrival of HIPAA in April 2003, confusion surrounding changes in health information sharing has hindered health care in schools.  Physicians, hospitals and other HIPAA Covered Entities have over interpreted restrictions on sharing health information required for school entrance and for treatment of students who receive IDEA mandated services.


Sharing Information to Update Immunization Records

Modifications to the HIPAA rule occurred in January 2013.  These modifications enable healthcare providers who are HIPAA covered entities to share immunization information to schools with verbal/email parent permission.  
Read a summary of this modification.
Refer to page 5617 of the Federal Register to learn more.

FERPA Webinar for Elementary & Secondary School Officials

An archived Webinar dated October 24, 2012
Hosted by the Family Policy Compliance Office at the U.S. Department of Education.
Go to the U.S. Department of Education website and look for the link in "Featured Resources."

Confident about Confidentiality? HIPAA/FERPA Made Easy

An NASN Radio broadcast delivered by Martha Bergren
June 2009
Go to the NASN Radio page and play from the list of archives.

National Association of School Nurses(2014). Position Statement. School NurseRole in Electronic School Health Records. Silver Spring, MD: Author.

Protecting and Disclosing Student Health Information
How to Develop School Health Policies and Procedures

ASHA, NASN, & NASSNC: Guidelines that could assist school administrators, health professionals, and educators in developing appropriate policies and procedures that ensure that confidential student health information is appropriately protected. National Task Force on Confidential Student Health Information; a Project of American School Health Association in Collaboration with National Association of School Nurses and National Association of State School Nurse Consultants. 2005 (6" x 9", 67 pages) 
Visit the NASN Bookstore for more information  

Privacy Protections for Medical Records of Non-Covered Entities

A transcript from the National Committee on Vital and Health Statistics (NCVHS) Hearing of the Subcommittee on Privacy and Confidentiality dated September 15, 2007
From the U.S. Department of Health and Human Services
Access this document 

Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records 

From U.S. Department of HHS and U.S. Department of Education
Download document    

Richard Campanelli, Director of the Office of Civil Rights, DHHS - Letter of Response

Attached is a letter from Richard Campanelli, Director of the Office of Civil Rights, from the Department of Health and Human Services, received July 23, 2004, in response to the August 20, 2003 letter from the National Association of School Nurses (NASN), National Association of State School Nurse Consultants (NASSNC) and the National Assembly on School-Based Health Care (NASBHC) requesting guidance on this issue.  This letter clarifies the Department's interpretation of the HIPAA Privacy Rule as it applies to the sharing of child immunization and health assessment data by physicians with schools when the immunizations and examinations are mandated by state law for entry or reentry into school.  As the USDHHS is the federal authority on the HIPAA Privacy Rule, this indicates that states must pass a specific law to require such physician release to schools, for example the law passed in Connecticut (CT Public Act No. 03-211, Sec. 9(b), 2003), or else physicians must obtain parental authorization for such releases, even if it delays student entry into school. 
Download document    

National Conference on the HIPAA Privacy Rule. (2003). NASN Newsletter

This article is a review of information from the national conference on the HIPAA Privacy Rule sponsored by the U.S. Department of Health and Human Services (HHS) in Chicago on March 2, 2003.  The faculty for the conference were senior privacy policy staff at the Office for Civil Rights (OCR) of HHS.  The article describes a summary of the comments related to school nurse issues, including: HIPAA covered entities, exemptions to the Privacy Rules, student health records,  fax machines, business associates, minimum necessary, and disclosure of psychotherapy notes. 
Document courtesy of the NASNewsletter 
Download document

Page Last Updated August 2013

 © 2014 NASN • 1100 Wayne Ave #925 • Silver Spring, MD 20910 • 240-821-1130 • nasn@nasn.org •   Terms Of Use  Privacy Statement