HIPAA, the Health Insurance Portability and Affordability Act of 1996 and its regulations contain a Privacy Rule that requires covered health care providers to keep health information confidential. The Family Educational Rights and Privacy Act (FERPA) covers students enrolled in elementary, secondary and postsecondary schools that receive federal funding. It requires school districts to keep confidential students' personally identifiable information other than directory information. Many people are confused about how these two laws work and exactly what information is required to be kept confidential. The US Department of Education and the US Department of Health and Human Services has issued a joint guidance statement to assist educators and others in applying the two laws. For Ohio's public K-12 schools, the instances where HIPAA applies are very limited, since most student records, including health records, are education records or treatment records, to which FERPA, not HIPAA, applies. This means that such medical information should be treated in the same way as other student records (kept confidential and not disclosed without consent or meeting an exception to the consent rule). The HHS/DoEd Joint Statement contains a FAQ that helps clarify these federal obligations.  The guidance can be found here.

Posted by OSBA Legal Ledger on 2/25/2009