CIPA, FERPA, HIPAA and the School Information Security Plan

Today’s Schools face: Numerous State and Federal Regulations Reduced Technology Funding More Stringent Guidelines for Technology

Use

The following key terms were taken from Protecting The Privacy of Student Records (1997):

Educational Record Confidentiality Privacy Security Disclosure Protection Principle

A compilation of records, files, documents, and other materials that contain information directly related to a student and maintained by educational agencies and institutions, or by individuals acting on behalf of the agencies.

An obligation not to disclose or transmit information to unauthorized persons.

A uniquely personal right that reflects an individual’s freedom from intrusion.

Permitting access to, revealing, releasing, transferring, disseminating, or otherwise communicating all or part of any individual record orally, in writing, or by electronic or any other means to any person or entity.

Technical procedures that ensure only that only authorized and intended parties have access to data.

This principle states that:Information users should use appropriate

technical and managerial controls to protect the confidentiality and integrity of personal information.

A federal law enacted by Congress to address concerns about access to offensive content over the Internet on school and library computers (CIPA, 2001).

A federal law that protects the privacy of student educational records.

For purposes of this presentation:A federal law that governs how school

health services may share student information with other parts of the school community.

Responsibility of all school administrators and personnel.

Access granted only with written permission from parents or “eligible students.”

Pertains to paper and electronic records as well as data transmitted via wireless devices.

The following information may be disclosed without written permission however; notification of the record holder is required.

Student name Student home address Student home telephone number Student date and place of birth Student earned honors or awards Student dates of attendance.

While schools are not required to have written permission to release this information, they are required to give notice in a “reasonable amount of time to allow the student or parent to request that the information not be released”

(FERPA, 1974)

Work in concert with school and district administrators, teachers and medical staff to make certain that all educational records housed in an electronic format and, the transmission of these records, meet the standards of the CIPA, FERPA and when applicable HIPAA regulations.

Create an Information Security Policy that clearly addresses these regulations as well as the repercussions of violating these regulations.

Lehtinen, R., Russel, D. & Gangemi Sr., G. T. (2006). Computer Security Basics. Sebastopol, California: O’Reilly Media, Inc.

National Association of School Nurses. (2004). School Health Nurse’s Role in Education: Privacy Standards for Student Health Records. Retrieved from http://www.nasn.org/Default.aspx?tabid=277

National Center for Educational Statistics, National Forum on Educational Statistics. (1997). Protecting The Privacy of Student Records. Retrieved from http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=97527

Schneier, B. (2000). Secrets & Lies: Digital Security in a Networked World. Indianapolis, Indiana: Wile Publishing, Inc.

The Children’s Internet Protection Act of 2001, Pub. L. 106-554 Sec. 1732. found at http://www.fcc.gov/cgb/consumerfacts/cipa.html

The Family Educational Rights and Privacy Act of 1974 20 U.S.C. 1232; 34 CFR Part 99. found at http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191 guidelines found at http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hipaaferpajointguide.pdf.