HIPAA and FERPA

Background

In 1996, the U.S. Congress passed the Health Insurance Portability & Accountability Act (HIPAA).  The purpose of HIPAA is to improve the efficiency and effectiveness of the health care system by standardizing the electronic data interchange of certain administrative and financial transactions.  The U.S. Department of Health and Human Services issued regulations that focus on three areas:

Privacy Rule – Establishes privacy requirements for oral, written or electronic individually identifiable health care information.  Compliance Date -  April 13th, 2003.  The HIPAA Privacy Rule excludes from its provisions all education records covered by the Family Educational Right and Privacy Act (20USC 1232g), including individually identifiable student health information.

Security Rule – Establishes security requirements for electronic health care information.  Compliance Date - April 21, 2005

Transaction Rule – Standardizes formats for electronic health care claims and transactions.  Compliance Date - October 16, 2003.

NASN Resources

Data Privacy in School Nursing: Navigating the Complex Minefield of Privacy Laws

National Association of School Nurses. (2019). Electronic health records: An essential tool in keeping students healthy (Position Statement). Silver Spring, MD: Author.

Other Resources

Protecting Student Privacy
This site from the U.S. Department of Education, administrator of the Family Educational Rights and Privacy Act (FERPA), aims to assist stakeholders in protecting the privacy of students by providing official guidance on FERPA , technical best practices and the answers to Frequently Asked Questions. 

Public health and schools toolkit: Comparison of FERPA and HIPAA Privacy Rule for accessing student health data
From the Association of State and Territorial Health Officers (2015)

Family Educational Rights and Privacy Act (FERPA) and the Disclosure of Student Information Related to Emergencies and Disasters 
From the U.S. Department of Education (2010)

Joint guidance on the application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to student health records 
From the U.S. Department of Health and Human Services & U. S. Department of Education (2008)

FERPA Webinar for Elementary & Secondary School Officials
Hosted on October 24, 2012 by the Family Policy Compliance Office at the U.S. Department of Education.  Scroll down the page and find the webinar under the October 2012 heading

Page updated October 2020.