• E-mail
• Print
• RSS

NSBA spells out HIPAA requirements for school districts

HIPAA Weekly Advisor, July 19, 2004

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

A school district must meet all applicable HIPAA privacy rule requirements if "it has a self-insured health plan, operates as a healthcare clearinghouse, or is a healthcare provider that transmits health information electronically in connection with any HIPAA transaction," according to draft guidance published in June by the National School Boards Association (NSBA).

The NSBA draft also provides guidance on the following:

• Requirements a school district considered a covered entity must meet
• Interactions with parents
• Regulations for health records of students employed by the school district
• Application of HIPAA to school nurses, campus health clinics, and drug and alcohol test results

In addition, the recommendations discuss exceptions for student information covered by the Family Educational Rights and Privacy Act (FERPA). Any educational agency or institution that receives federal funds is subject to FERPA. Student information contained in an education record is protected by FERPA and not subject to HIPAA regulations.

The Department of Health and Human Services will work with rather than punish a school district found in violation of HIPAA, according to the guidance. "Financial and even criminal penalties are permitted under the regulations, but they are unlikely unless the privacy violations are considered egregious."

Go to NSBA's Web site for more information on the NSBA guidance.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive