Privacy & Security Regulations and More! Compliance Help Now! Get The Right Help! It's The Law! click here for our Main RegulatoryPro.us page and to select specific regulations click for information about Tim McGuinness, Ph.D. and Associates click here for the RegulatoryPro.us master index and site map Professional compliance services helping you cope in a world of complex privacy and security regulatory compliance click here for information about Tim McGuinness, Ph.D. & Associates, based in the Tampa Bay Area, Florida - serving the world RegulatoryCompliance.us - Helping You Cope In A World Of Regulatory Compliance
FERPA

Subject Home

Family Education Rights & Privacy Act (FERPA)

FERPA is a federal law that applies to educational agencies and institutions that receive federal funds under any program administered by the Secretary of Education. Generally, FERPA prohibits the funding of an educational agency or institution that has a policy or practice of disclosing a student's "education record" without the consent of the parent or eligible student. The FERPA statute is found in 20 U.S.C. § 1232g and the regulations (not yet amended to reflect the most recent legislative changes) are found in 34 CFR Part 99.

FERPA defines education records as those records that contain information directly related to a student that are maintained by an education agency, institution or a person acting for the agency or institution. FERPA Education records do not include records of students who are 18 years or older, or are attending post-secondary educational institutions, that are:

  • made or maintained by a physician, psychiatrist, psychologist, or recognized professional or paraprofessional acting or assisting in that capacity,
  • made, maintained, or used only in connection with the provision of treatment to the student, and
  • not available to anyone, except a physician or appropriate professional reviewing the record as designated by the student.

FERPA & HIPAA?

In general, HIIPAA and FERPA do not intersect. While HIPAA safeguards “protected health information,” the Family Educational Rights and Privacy Act (FERPA) protects “education records” maintained in a central records repository.  This can means a central records room, a computer server, or at the school district headquarters.

 In developing the HIPAA regulations, the U.S. Department of Health and Human Services specifically exempted from its definition of “protected health information” FERPA’s education records.

HOWEVER:  Educational institutions that provide health care services to individuals other than students or that provide health care coverage to their employees need to be familiar with and may be subject to HIPAA. Educational institutions that do not receive federal funds that maintain any student medical records may also be subject to HIPAA requirements.

Additionally, there are many who now believe that ANY records maintained by a school nurse, or other entity that resides within the school facility could be subject to HIPAA - assuming they engaged in the electronic transactions.

FERPA & GLBA

As FERPA covers Educational Records, GLBA covers Consumer Financial Information.

There are some regulatory scholars who now believe that GLBA in fact covers information held or processed by schools both public and private (especially Private Schools).  In the Public School context, there are many activities that schools engage in that can be consider "Financial Activities" as defined under GLBA.  These include: Fund Raising, monies held in trust, grant and scholarship application processes, and more.  Additionally, many schools maintain extensive records about parents and families for supplemental assistance eligibility evaluation - such information, coupled with the delivery of financial assistance may be subject to the privacy and safeguard requirements of GLBA.

FERPA UPDATES

U.S. Supreme Court Ruling

On February 19, 2002, the U.S. Supreme Court ruled in Owasso ISD v. Falvo that peer grading does not violate FERPA. The Department is currently reviewing the Court's ruling and may issue additional guidance or regulations to further clarify the scope of the term "education records."

U. S. Supreme Court Ruling

On June 20, 2002, the U.S. Supreme Court ruled in Gonzaga University v. John Doe. In the Gonzaga case, a student brought litigation against the University for disclosing personally identifiable information, without his consent, in violation of FERPA. The Supreme Court ruled that students and parents may not sue for damages under 42 U.S.C. § 1983 to enforce provisions of the Family Educational Rights and Privacy Act (FERPA).

U.S. Court of Appeals for the Sixth Circuit

On June 27, 2002, the 6th Circuit Court of Appeals unanimously affirmed a lower court's ruling that university disciplinary records are "education records" under FERPA and that disclosing such records without students' consent constitutes a violation of FERPA. In 1998, the Department asked a federal district court in Ohio to enjoin Miami University and the Ohio State University from disclosing records containing the names of student victims and accused students as prohibited under FERPA. On March 20, 2000, the U.S. District Court for the Southern District of Ohio permanently enjoined the two Ohio universities from disclosing their on-campus disciplinary records to the public under the State's open records law.

In affirming the ruling, the circuit court concluded that continued release of student disciplinary records "will irreparably harm the United States" and the Department. This is important for three reasons: 1) the court agreed with the lower court that the Student Right-to-Know and Campus Security Act provides parents and students with statistical information about the type and amount of crimes on campus; 2) the court reaffirmed the Department's broad reading of the term "education records" and stated that Congress, in amending FERPA in 1998 to allow postsecondary institutions to disclose the final results of disciplinary proceedings, must have intended that disciplinary records be education records or this amendment would be "superfluous"; and 3) the court held that the Department was within its right in seeking an injunctive relief in this case because none of the administrative remedies authorized by FERPA would have stopped the violations. In effect, the court held that the Department can take preemptive actions in enforcing FERPA, rather than only after violations occur.

No Child Left Behind Act of 2001

  • Sec. 4155 Transfer of School Disciplinary Records.

    FERPA currently permits schools to transfer any and all education records, including disciplinary records, on a student who is transferring to another school. See § 99.31(a)(2) and § 99.34 of the FERPA regulations. This new provision requires States that receive funds under the Elementary and Secondary Education Act (ESEA), within two (2) years, to provide an assurance to the Secretary that the State "has a procedure in place to facilitate the transfer of disciplinary records, with respect to a suspension or expulsion, by local educational agencies to any private or public elementary school or secondary school for any student who is enrolled or seeks, intends, or is instructed to enroll, on a full- or part-time basis, in the school." 
     
  • Sec. 9528 Armed Forces Recruiter Access to Students and Student Recruiting Information.

    FERPA currently allows schools to designate and disclose without consent certain items of information as "directory information." The FERPA regulations define "directory information" under § 99.3 of the regulations and set forth the requirements for implementing a "directory information" policy under § 99.37 of FERPA. Generally, "directory information" may be disclosed by a school to any party, provided the requirements of FERPA are followed.

    Congress passed a provision in the No Child Left Behind Act that addresses the disclosure of directory-type information (students' names, addresses, and telephone listings) to military recruiters. Congress also included similar language in the National Defense Authorization Act for Fiscal Year 2002. Both laws, with some exceptions, require schools to provide directory-type information to military recruiters who request it. Typically, recruiters are requesting names, addresses, and telephone listings on junior and senior high school students that will be used for recruiting purposes and college scholarships offered by the military.

    The Department of Education, in consultation with the Department of Defense, has developed guidance on the provisions contained in these two laws. The guidance has been posted on the Department of Education Web site: http://www.ed.gov/offices/OM/fpco/hottopics/ht10-09-02.html.
     

 

Please contact us for more information about how we can help you comply with the complex and confusing Act.

Call Us Today! +1-347-412-0574


Legal Notice:  
 We recognize that SOX (Sarbanes Oxley), GCP (Good Clinical Practice), HIPAA, CLIA, GLBA (Gramm Leach Bliley), DITSCAP, COPPA and other regulations and statutes are law, and that all interpretation of law should involve licensed attorneys in good standing with their local Bar Association.  No matter which services firm you select, be sure that their work is performed under the requirements of your state, in conformance with the law, and reviewed by your own attorney for your protection.  It is the covered entity subject to the jurisdiction of the regulation(s) that bears ALL liability for compliance with these laws.  We do strongly recommend the services of an independent validator/certifier to review your compliance prior to the appropriate deadline if appropriate or completion of the regulated project.

The above believed to be accurate and factual; please notify us immediately of any errors or omissions.  The above is intended for introductory and educational purposes only, and is not intended to be complete or comprehensive.  Neither can we be responsible for the accuracy of the information since it is (in whole or in part) derived from multiple sources.  Please refer to source governmental sources as appropriate.  The reader assumes all risk in the use of any information displayed or presented through this website,

This website, webpage, or linked documents do not constitute legal advice and is for educational purposes only.  The provider (Regulatory Compliance Associates and their staff) accepts no responsibility for its accuracy, review, distribution, or use in any way.  This website, webpage, and or linked documents are based on currently understood HIPAA, ASCA, and/or Federal, State, and Local Statutes, rules, regulations, standards, and/or implementation guides and is subject to change without notice, as changes in HIPAA/ASCA rules and regulations or subsequent interpretative guidance by courts or other bodies.  You assume responsibility for understanding this material and its applicability and/or use. This website, webpage, and/or linked document is designed to conform with GLBA, GCP, CLIA, HIPAA/ASCA, or other rules and regulations, as understood, and may need to be interpreted by your attorney as needed to conform with state law where that state law is more stringent than the federal rules or other state - you’re use of this information must always be reviewed and approved by your own attorney prior to use. Please refer to our Terms and Conditions page for additional limitations and restrictions.  Click here for additional Terms & Conditions for Use of this Website

Privacy Policy:  This website collects minimal personal information at this time.  We do not engage in mass mails or disclosure your information to third-parties unless requested.  Email links are provided as a convenience for professional communications only, and are beyond the responsibility of the website operator.  The user accepts all responsibility when using any and all links provided on this site, and it is acknowledged that different website may have different privacy policies.  The user should review the privacy policies of each website visited.  This website is not intended for children, and children should not use it.  This website does not use cookies.  Blocking cookies will not affect your use of this website.  Click here for our full Privacy Policy

Site Meter

Vendors and 3rd parties listed are not affiliated  in any way unless indicated, and are listed, displayed or linked for the convenience of the visitor for informational purposes only.   3rd party trademarks &  registered trademarks acknowledged

The term "Help Now!" when used in context with regulatory compliance, as example "HIPAA Help Now", is and are trademark(s), all rights reserved.  Click Here for our trademark and copyright information

Please note:  RegulatoryPro.us & RegulatoryCompliance.us and all variations are Trademarks regardless of domain registration.


Verified Website Operator