Everything You've Always Wanted To Know About HIPAA
And FERPA
Consider this question. Say the mother of a 22-year old student
that you have treated requests to see her daughter’s medical
records. The Bursar’s office confirms that the student is listed as
a dependent for tax purposes. There seems to be no urgent
reason for such a release and the student does not wish to give
her mother access. How would you protect the privacy of her
information?
Situations such as this one that require knowledge of privacy
laws to resolve successfully are all too common in the average
student health center, yet the acronyms HIPAA and FERPA tend
to strike fear into the hearts of the staunchest of college health
professionals. So much has been written anecdotally on the
subject of how complicated and unspecific these laws are that
some may be surprised to find that according to legal
professionals, the intersections between the laws are generally
clear-cut. This article aims to explain which laws apply to you
and what you can do to avoid the headaches that ensue from a
conflict between your principles as a care provider and the law.
Six golden rules of privacy law
* FERPA never applies to non-students
* FERPA only applies when the student’s medical records are
released
* HIPAA doesn’t apply to records covered by FERPA or to
student “treatment records”
* Even if you treat non-students, you’re not bound by HIPAA
unless you perform electronic transactions.
* Student health and counseling centers that do perform
electronic transactions for non-students only have to abide by
HIPAA for those transactions.
* State laws are applicable whether or not other federal laws
apply
This is how these rules break down.
RULE 1: FERPA never applies to non-students
RULE 2: FERPA only applies when the student’s medical
records are released
The Family Educational Rights and Privacy Act (FERPA) is the
older of the two federal privacy laws. Enacted in 1974, one
aspect of its governance is the privacy