Here you’ll be able to review the considerations and recommendations to reduce legal liability when storing school-wide universal screening results. And a summary of relevant laws.

Data Collection. Data Storage.

All screening materials may be kept separate or within student file.

Screeners may not store any student data.

If screeners use an electronic device all screening data must be wiped from their devices.

Ensure that whatever documents and screening results that contains student information is stored in accordance with both HIPAA and FERPA.

HIPAA and FERPA are two important laws in the United States that address the privacy and security of personal information in specific contexts.

Here's an overview of each law:

  1. HIPAA (Health Insurance Portability and Accountability Act): HIPAA is a federal law enacted in 1996 that focuses on the privacy and security of health information. Its main purpose is to protect individuals' medical records and other personal health information from unauthorized access, use, or disclosure. HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates who handle health information on their behalf.

HIPAA has several key provisions, including:

  • Privacy Rule: Sets standards for safeguarding individuals' protected health information (PHI) and outlines patients' rights concerning their health data.

  • Security Rule: Establishes standards for protecting electronic PHI (ePHI) by implementing administrative, physical, and technical safeguards.

  • Breach Notification Rule: Requires covered entities to notify affected individuals and relevant authorities in the event of a breach of unsecured PHI.

  • Enforcement Rule: Specifies the penalties and enforcement procedures for non-compliance with HIPAA regulations.

  1. FERPA (Family Educational Rights and Privacy Act): FERPA is a federal law passed in 1974 that protects the privacy of students' education records. It applies to educational institutions that receive federal funding, including schools and universities. FERPA grants certain rights to eligible students (those who are 18 years or older or attending a postsecondary institution) and their parents regarding the access, amendment, and disclosure of student records.

Key aspects of FERPA include:

  • Right to Access: Allows eligible students and their parents to review and request copies of their education records held by educational institutions.

  • Consent Requirement: Requires written consent from the student or parent for the disclosure of personally identifiable information (PII) in education records, with some exceptions.

  • Directory Information: Schools may disclose certain information (e.g., student's name, address, phone number) without consent, but students have the right to opt-out of such disclosures.

  • Enforcement and Compliance: FERPA compliance is overseen by the Family Policy Compliance Office (FPCO), which investigates complaints and ensures educational institutions adhere to the law.

It's important to note that both HIPAA and FERPA have additional nuances and provisions beyond what's covered in this summary. If you have specific concerns or questions regarding these laws, it's advisable to consult legal counsel or refer to the official regulations and guidance provided by the relevant authorities.

Data Collection Strategies