{"id":84,"date":"2022-02-22T00:29:08","date_gmt":"2022-02-22T00:29:08","guid":{"rendered":"https:\/\/blogs.oregonstate.edu\/piperde\/?p=84"},"modified":"2022-02-24T15:38:43","modified_gmt":"2022-02-24T15:38:43","slug":"complying-with-hipaa-in-the-world-of-education","status":"publish","type":"post","link":"https:\/\/blogs.oregonstate.edu\/piperde\/2022\/02\/22\/complying-with-hipaa-in-the-world-of-education\/","title":{"rendered":"Complying With HIPAA In The World Of Education"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/8kWK4YpBz7s1T1vTphl4X91ToHea8gPLby0CiJsp0BoRVoywwJFchA_lNtPiO-XpWHJlnKVt-VBXW51ZIn6wI9vYNkMA34_BdUHIlTo__g9Ch6eWkBULH5yBr0dTH_Cgyzv9EHmX\" alt=\"\" \/><\/figure>\n\n\n\n<p><em>Photo by<\/em><a href=\"https:\/\/unsplash.com\/@hush52?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText\"><em> <\/em><em>Hush Naidoo Jade Photography<\/em><\/a><em> on<\/em><a href=\"https:\/\/unsplash.com\/s\/photos\/healthcare?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText\"><em> <\/em><em>Unsplash<\/em><\/a><\/p>\n\n\n\n<p>When it comes to healthcare, it\u2019s important as a student or parent to understand your right to privacy.&nbsp;<\/p>\n\n\n\n<p>While the Health Insurance Portability and Accountability Act (HIPAA) does not directly apply to educational institutions, there is a level of security that is covered by the Family Educational Rights and Privacy Act (FERPA).<\/p>\n\n\n\n<p>We\u2019ll take a look at the difference between the two acts along with how your family is protected when it comes to <a href=\"https:\/\/blog.box.com\/what-is-hipaa-compliance\">HIPAA-compliant data sharing<\/a> in education.<\/p>\n\n\n\n<p><strong>What Is HIPAA?<\/strong><\/p>\n\n\n\n<p>HIPAA was originally put into law in 1996. However, there were several changes made over the next two decades. Due to advances in technology, a new amendment was made which covered the transferring of digital medical records, financial data, and personal information.<\/p>\n\n\n\n<p>Hospitals, health care providers, clearinghouses, and business associates must adhere to HIPAA policies. However, schools are not required to follow these guidelines unless they specifically have a healthcare provider who conducts transactions digitally.<\/p>\n\n\n\n<p>For example, if an outsourced physician comes to the school to provide vaccinations but is not technically employed by the school, they\u2019d need to adhere as a healthcare professional by the laws of HIPAA.<\/p>\n\n\n\n<p>Typical nurses or psychologists will conduct matters in-house and do not end up making any transactions of data digitally, hence why the rules don\u2019t apply. That doesn\u2019t mean your information isn\u2019t protected, though.&nbsp;<\/p>\n\n\n\n<p>Overall, HIPAA compliance in education can be tricky as the language is rather vague for who it covers, as well as what constitutes a violation.<\/p>\n\n\n\n<p><strong>WHAT Is FERPA?<\/strong><\/p>\n\n\n\n<p>FERPA is a federal law that provides every parent the right to access their children\u2019s educational records and covers who is allowed to access these records, along with other personally identifying data.<\/p>\n\n\n\n<p>Parents and eligible students who aren\u2019t minors must provide written consent if any educational or medical data is to be disclosed.<\/p>\n\n\n\n<p>In terms of a student\u2019s medical information, all medical and healthcare records stored by the educational institution are protected under FERPA. However, this is only if the healthcare information is listed under \u201ceducational records.\u201d This act applies to any institutions that receive direct funding from the Department of Education.<\/p>\n\n\n\n<p>Because private schools don\u2019t receive this type of funding, students aren\u2019t typically covered by FERPA. However, this means they may be covered by HIPAA if they conduct any electronic transfers. And again, each state has its own set of laws on top of HIPAA and FERPA which all educational intuitions are required to abide by.<\/p>\n\n\n\n<p>For instance, the higher education institution of <a href=\"https:\/\/studenthealth.oregonstate.edu\/policies-and-guidelines\/privacy-and-confidentiality#:~:text=Under%20Oregon%20state%20law%2C%20release,Oregon%20Revised%20Statutes%20H.B.%202305.&amp;text=Students%20can%20sign%20a%20release,their%20electronic%20health%20information%20form.\">Oregon State University<\/a> receives government funding as it is a public institution. The state has additional laws which prohibit the release of any medical or personal information without having proper consent from the student.<\/p>\n\n\n\n<p><strong>Concerns With Security<\/strong><\/p>\n\n\n\n<p>With many professionals having worked from home over the last two years, there were several concerns about the lack of security measures being taken by education professionals.<\/p>\n\n\n\n<p>Unsecure wifi connections, for example, led to ample security breaches, primarily in higher education. Now, education is focusing more of their attention and allocating more funds towards their IT departments.<\/p>\n\n\n\n<p><strong>How To Maintain HIPAA Or FERPA Compliance<\/strong><\/p>\n\n\n\n<p>All educational facilities have some type of privacy standard based on federal or state law. There are several action steps they can take for an institution to be compliant.<\/p>\n\n\n\n<p>First, it\u2019s important to work with a data storage company that provides proper data security for all personal identifying information, regardless of whether the details are stored or transferred. A safe platform will restrict who has access to what information, as well as perform regular audits.<\/p>\n\n\n\n<p>As an institution, it\u2019s their responsibility to provide regular training and education for either <a href=\"https:\/\/www.hipaajournal.com\/does-hipaa-apply-to-schools\/\">HIPAA or FERPA compliance<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Photo by Hush Naidoo Jade Photography on Unsplash When it comes to healthcare, it\u2019s important as a student or parent to understand your right to privacy.&nbsp; While the Health Insurance Portability and Accountability Act (HIPAA) does not directly apply to educational institutions, there is a level of security that is covered by the Family Educational [&hellip;]<\/p>\n","protected":false},"author":11778,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-84","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/posts\/84","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/users\/11778"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/comments?post=84"}],"version-history":[{"count":1,"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/posts\/84\/revisions"}],"predecessor-version":[{"id":85,"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/posts\/84\/revisions\/85"}],"wp:attachment":[{"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/media?parent=84"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/categories?post=84"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/piperde\/wp-json\/wp\/v2\/tags?post=84"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}