Washington, DC - As part of the Obama Administration's commitment to protect students' privacy and ensure that all higher education institutions help promote a safe and healthy campus for students, the Department of Education's Chief Privacy Officer is reaching out to members of the higher education community for input on protecting student medical records from inappropriate disclosures.
The Chief Privacy Officer oversees the administration of the Family Educational Rights and Privacy Act (FERPA) and strives to provide helpful and meaningful guidance on student privacy issues and challenges that the field faces.
"Institutions of higher education have a strong interest in ensuring that students have uncompromised access to the support they need, without fear that the information they share will be disclosed inappropriately," said Department of Education Chief Privacy Officer Kathleen Styles. "Protecting the privacy of student education records has never been more important to the Department, which is why we are seeking the input from students and members of the higher education community on this important but technically complex issue."
Although FERPA provides privacy protections for certain student records maintained by institutions, it does not supplant or preempt state laws that provide greater privacy protections—and under FERPA there are certain instances when schools can release a student's records without their consent, e.g., to school officials where the institution determines that these officials have a legitimate educational interest in the records.
This draft guidance sets the expectation that, with respect to litigation between institutions of higher education and their students, institutions generally should not share student medical records with school attorneys or courts without a court order or written consent (unless the litigation relates to the treatment or payment therefor). The Department is offering this guidance because FERPA's school official exception to consent should be construed to offer protections that are similar to those accorded by the Health Insurance Portability and Accountability Act (HIPAA) for protected health information in the context of litigation between a covered health care provider and a patient. In addition, the Department believes the benefits of on campus medical and counseling services cannot be realized where trust between students and the institution is undermined.
Considering the complexity and novelty of the issues raised in the guidance, the Department is seeking public input to improve the draft guidance. In particular, the Department is seeking input on the following issues:
- Whether this guidance would create any unintended consequences. For example, would this guidance in any way restrict the work of threat assessment teams?
- Is there a way to mitigate the burden to institutions caused by this guidance—without lessening the protections given to students?
- Whether this guidance should be extended outside the postsecondary context to include K-12 and early childhood?
The public comment period starts today and will end on Oct. 2.
For more information on the guidance please see the Dear Colleague Letter to School Officials at Institutions of Higher Education.
For more information on today's announcement, and instructions on how to comment, please read here: http://www.ed.gov/blog/2015/08/seeking-your-input-on-protecting-student-medical-records/.