Content area
Full text
The Family Educational Rights and Privacy Act (FERPA) was established in 1974 to protect the privacy of student educational records. The Health Insurance Portability and Accountability Act (HIPAA) had its first part implemented in 2002 with the goal of protecting the privacy of patient health information. But what happens when the student is a patient? Does one follow FERPA or HIPAA or both? This article examines that question and guides schools through the HIPAA/FERPA intersection. Schools need to consider their individual situations, as there is not a "one size fits all." In addition, one word in the HIPAA or FERPA law can make a difference. What also has to be taken into account is individual state law where the school or patient is located. It is hoped that in the future the language of the laws will be ameliorated such that the focus can be on the students and patients and not deciphering what law to follow. J Allied Health 2010; 39:e161-e165.
IN OCTOBER 2002, when the Health Insurance Portability and Accountability Act's (HIPAA) first of eleven rules, Transactions and Code Sets, was implemented, college health centers determined if they were a HIPAA covered entity (CE). If they were not a CE they remained under the Federal Education Rights and PrivacyAct (FERPA) and state law. If it was determined they were a CE, then HIPAA was a third regulation with which they needed to ensure compliance. It is this 'troika' of laws that many college health centers struggle with to decipher their intersection, interpretation, and applicability in daily operations. It is therefore paramount that college health services and the university level committees that support their operations be knowledgeable on this issue. Misuse of the laws, by either acts of omission or commission can result in Federal civil and criminal penalties, not to mention negative publicity and more so student disservice. All levels of personnel who interact with students, faculty, staff, and their personnel health information must be aware of state laws, HIPAA and FERPA and what applies in various situations in their particular health service setting. One must also be educated on interacting with another health care entity that is under a different set of standards. For example, a college health service under FERPA...