HIPAA and FERPA Privacy and Security Rules
When healthcare providers and schools work together, both sets of privacy rules need to be observed.
HIPAA protects a patient’s information from being shared while FERPA protects a student’s personal information. HIPAA is concerned with protecting diagnosis, dates of service, medication lists, etc. FERPA is concerned with grades, attendance, discipline and more.
- This paper from the Association of State and Territorial Health Officials compares the two sets of guidelines
This Privacy & Confidentiality Agreement is an example of a way to communicate between school staff and agency staff about what information is shared and how.
Privacy in a school setting can be hard to come by. Consider covering the window set in the door, sound proofing, and making sure that a closed door will not be opened accidentally during a healthcare appointment.
Unfortunately, there is no government seal of approval to verify HIPAA security of a vendor, and a software alone cannot make a school-based telehealth provider HIPAA compliant by using their software or hardware. Technically speaking, no vendor can be “HIPAA-compliant” because software vendors do not meet the criteria of a Covered Entity (for whom HIPAA applies).
It is good practice to include a statement about HIPAA and FERPA on enrollment or registration forms.