While student clinics within colleges are primarily governed by the Family Educational Rights and Privacy Act (FERPA), there are scenarios where HIPAA takes center stage. FERPA safeguards the privacy of student's educational records, including those related to healthcare services provided at the student clinic.
Does HIPAA apply to student clinics?
An American College Health Association training module provides, “FERPA has actually covered college student health and counseling records for several years, but the regulations were not “operationalized”. FERPA applies to colleges/universities that
receive funds that are administered by the U.S. Department of Education (so most everybody).”
However, when student clinics extend their services to nonstudents, such as staff members, spouses of students, or the broader community, HIPAA steps in.
In these situations, HIPAA assumes jurisdiction over the medical records, as they no longer fall under FERPA's scope. As a result, healthcare providers at the student clinic must adhere to HIPAA guidelines to secure protected health information (PHI) and guarantee patients access to their healthcare records.
The concerns around the safety of students' PHI
College student clinics often walk a precarious line when it comes to protecting the privacy of their student's health information. Governed by FERPA rather than HIPAA, which is stricter, these clinics treat medical records similarly to academic ones. This less rigorous privacy standard can lead to various unsettling scenarios where students' sensitive health details might be accessed or shared without their explicit consent.
For example, imagine a student, like Jane Doe from the University of Oregon, who seeks help at her campus clinic after experiencing a traumatic event. Her expectation of confidentiality is shattered when her therapy notes are accessed by university attorneys during legal disputes, without her permission.
Such breaches can deepen the emotional wounds, students might feel violated all over again, knowing their private struggles could be exposed or discussed among administrative staff. This not only damages trust in the campus healthcare system but can also discourage students from seeking help at a time when they most need support.
Why HIPAA compliant email should be used to share student health information
Using HIPAA compliant email may seem counterintuitive, but it assists in providing confidentiality and security for sensitive student data. HIPAA compliant email creates an added layer of protection, encrypting messages and attachments to prevent unauthorized access. This safeguard is vital, as student health information can be just as sensitive as medical records, and unauthorized disclosure can have severe consequences.
Information like a student's mental health diagnosis or medication regimen falling into the wrong hands has the potential for embarrassment, stigma, or even discrimination is immense. This becomes a situation where using HIPAA compliant email is not just about compliance; it's about respecting students' trust and safeguarding their well being.
See also: Top HIPAA compliant email services
FAQs
What kind of services do student health services provide?
Student health services typically provide medical care, counseling, and health education to students, including routine check-ups, treatment for illnesses and injuries, and mental health support.
What is the difference between HIPAA compliant email and regular email?
HIPAA compliant email is designed to meet the specific security and privacy standards set by HIPAA, which includes features such as encryption, secure authentication, and logging, whereas regular email services do not necessarily meet these standards.
How does FERPA govern the way student medical data is transmitted?
FERPA governs the transmission of student medical data by protecting the privacy of student's education records, including those related to healthcare services provided at student clinics, and ensuring that these records are not disclosed without the student's consent
Kirsten Peremore
