Family Educational Rights and Privacy Act

Security and Confidentiality of

Information

H.I.P.A.A.Health Insurance Portability and Accountability Act

Certified Employees

F.E.R.P.A. isA Federal Law that protects the privacy of

student educational records. The law applies to all schools that receive funds under an applicable program of the U.S. Deypartment of Education. (School Lunch/Breakfast Program, I.D.E.A., Title Programs, etc.) Board Policy FL- Student Records

FERPA Gives Parents: Certain rights with respect to their children's education records.

These rights transfer to the student when he or she reaches the age of 18, or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students.“

Parents or eligible students have the right to inspect and review the student's education records maintained by the school.

Parents or eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.

Generally: schools must have written permission from the parent or eligible student

in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):School officials with legitimate educational interest;Other schools to which a student is transferring;Specified officials for audit or evaluation purposes;Appropriate parties in connection with financial aid to a

student;Organizations conducting certain studies for or on behalf of

the school;Accrediting organizations;To comply with a judicial order or lawfully issued subpoena; Appropriate officials in cases of health and safety

emergencies; andState and local authorities, within a juvenile justice system,

pursuant to specific State law.

Schools:May disclose, without consent, "directory" information such

as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them.

Schools must notify parents and eligible students annually of their rights under FERPA.

Braggs School District FERPA Statement The Family Educational Rights and Privacy Act (FERPA) is a federal law that requires

the school district, with certain exceptions, to obtain your written consent prior to the disclosure of personally identifiable information from a child’s educational records. However, the school may disclose some student information without written consent when the information is designated “Directory Information” unless the parent/guardian has advised the district to the contrary in accordance with district procedures.

The primary use for Directory Information by the District is to include this type of information in certain school publications. It is generally not considered harmful or an invasion of privacy if released. Examples of school publications are:

1. The student's name; 2. The student's class designation (i.e., first grade, tenth grade, etc.); 3. The student's extracurricular participation; 4. The student's achievement awards or honors; 5. The student's weight and height if a member of an athletic team; 6. The student's photograph; and

Upon request, the school district will publish the above list, or a revised list, of items of directory

information it proposes to designate as directory information. For students enrolling after the notice

is published, the list will be given to the student's parent or the eligible student at the time and

place of enrollment.

FERPA Statement (Continued)The educational records or school records include all materials directly related to a

studentthat a school maintains. Records and notes maintained by a teacher, administrator, schoolphysician, or school psychologist for his or her own use, and which are not available toothers are exempted from this definition. The school will require a prior written consent before information other than directory information may be divulged to third parties. An exception to this rule exists for schooldistrict employees who have legitimate interests in viewing the records, as well as officialsin other schools in which the student seeks to enroll. A school district in which a student isenrolled or is in the process of enrolling in may request the student's education recordsfrom any district in which the student was formerly enrolled to ascertain safety issues with incoming students and ensure full disclosure. The records, including the student'sdisciplinary records, will be forwarded to the requesting district within three (3) businessdays. Disciplinary records shall include but not be limited to all information that relates toa student assaulting, carrying weapons, possessing illegal drugs, including alcohol, and

anyincident that poses a potential dangerous threat to students or school personnel.

When schools transfer records to new educational institutions, the schools must notifyparents of the transfer, and of their right to review and contest the material. An exemptionexists for material under court order. Parents must be notified of such order prior torelease.

FERPA Statement (Continued)The district will release individual student records from the current or previous school yearto a school district where the student was previously enrolled if the release of such recordsis for the purpose of evaluating educational programs and school effectiveness.

The district may disclose personally identifiable information to third parties, without priorwritten consent, in order to conduct studies, audits, and evaluations of the educationalprograms of the school district. In such case, the district will take reasonable steps toensure that all authorized representatives of the third party are FERPA compliant with the information provided for the purposes of the study, audit, or evaluation of the educationalprogram. The district may disclose, without the consent or knowledge of the eligible student orparent, personally identifiable information in the educational records of a student to theAttorney General of the United States or his or her designee in response to an ex parteorder in connection with the investigation or prosecution of terrorism crimes. The districtis not required to record such disclosure of information and is protected from liability fordisclosing such information in good faith.

The superintendent is directed to establish procedures to ensure compliance with theFamily Educational and Privacy Act and other applicable acts and regulations.

H.I.P.A.A. is

*The strongest federal confidentiality protection ever enacted. *Requires privacy safeguards for any PHI (Protected Health

Information), whether oral or recorded in any form or medium that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual. *Applies to both written and electronic health records. * Immunizations are NOT considered to be PHI.

CIVIL PENALTIES: $100 PER VIOLATION TO A MAXIMUM OF $25,000 PER PERSON FOR VIOLATONS IN A CALENDAR YEAR

CRIMINAL PENALTIES: $50,000 AND/OR IMPRISONMENT UP TO ONE YEAR.

SCHOOL HEALTH RECORDS ARE ALSO CONSIDERED PART OF THE STUDENT RECORD AND ARE THEREFORE PROTECTED UNDER FERPA. PHI can only be disclosed for: Treatment, payment, or health care operations. With signed parental authorization. For permitted public health or other legal purposes. When PHI is de-identified.

HEALTH INFORMATION IN SCHOOLS MAY BE SHARED WITH OTHER INDIVIDUALS ON A NEED-TO-KNOW BASIS.

Examples: First responders who may need to provide emergency

treatment Classroom teachers who must report symptoms Bus drivers who must respond in emergencies Principals’ designees

Nurses who must take call for emergencies or absences.

EMPLOYEES MAY NOT: Discuss the health concerns of students with friends, family, or

uninvolved school personnel. Discuss the payment source (e.g. Healthy Learners, Dillon

Smiles, Medicaid) of a student’s health care with friends, family, or uninvolved school personnel.

Discuss health emergencies, medications, or other treatments of students with friends, family, or uninvolved school personnel.

How Does This Have Anything To Do With Me?As a school employee you

must be careful not to discuss any educational program information relating to your students with anyone who does not have a need to know.

Do Not Discuss:

Educational Records of Students which are defined by F.E.R.P.A. as the

following:

Any information directly related to a student, specifically any information recorded in any way, including, but not limited to:

• verbal conversation • handwriting• print• computer media• video or audio tape• film • microfilm• microfiche

• Any information maintained by educational agencies or institutions, or by parties acting for the agency or institutions (e.g., special education schools, and health or social services institutions)

Information should not be disclosed (verbal or written) which could identify a student as one who receives special services outside the scope of those who need to know in order to provide such services. This includes but is not limited to such examples as:

1. Conversations with family and friends2. Conversations with staff members without

“need to know”3. Newsletters4. Memos to staff5. Faculty bulletin boards6. Newspaper articles and/or photos

Examples:Mrs. Johnson, in attempt to publish student work, posted

on the wall the top 3 projects in her class including their grades.

Is this a violation of F.E.R.P.A.?

POSTING GRADESThe public posting of grades by the student's

name, student identification number, or social security number is a violation of FERPA.  Even without the name, using a student I.D. number or any part of a social security number violates FERPA, as the information may be personally identifiable to the student.

Mr. Smith passed out his student’s tests with grades on them, row by row.

Miss Jones asked the student helper of the day to pass out students graded homework.

Is this a violation of F.E.R.P.A.?

RETURNING ASSIGNMENTSAssignments and papers that contain "personally

identifiable" information should not be distributed to the student in a way that would allow other students to view the information.  Graded papers should not be left unattended in an office or classroom for students to sort through or returned to students via another student.  Both of these examples are a violation of FERPA. 

A female student reported that her teacher held her picture up in front of the class as an example of information available in a new class list system. The student was upset about the public display of her picture, and also was concerned about other possible inappropriate uses of her picture.

The student ID picture is defined as confidential and should not be used or displayed in any public setting without the student's permission.

Mr. Jones has just had a horrible day with his students, John Brown was absolutely horrible. Mr. Jones was so frustrated that he went to the teacher’s lounge and discussed this student with other teachers in the lounge.

Is this a violation of F.E.R.P.A.?

At a church gathering, Jane Doe who teaches at the local school is sitting next to a long-time friend, Sally Smith. Sally asks Jane if she knows the new family in town, the Brown’s. Jane said she does and that the children go to her school and that one of them is in her class. Sally asks Jane if there is anything strange about the family – the children are up at all hours and causing trouble in the neighborhood. Jane tells Sally that one of the children has some serious problems and is receiving special classes and counseling.

Is this a violation of F.E.R.P.A.?

A bomb threat is called in to one of the schools. Susan, the school secretary calls one of her friends, Carol, in another school to tell her about the incident. Carol asks Susan what happened and did she need to come and get her child. Susan tells Carol, no John Brown’s son Jimmy, called in the bomb threat.

Is this a violation of F.E.R.P.A.?

A student complained that I left my grade book open on my desk and he could see not only his own grades, but grades for the whole class. Isn't that getting a little picky?

A: No, actually, it's not. Everyone who deals with protected student information needs to be cautious about "passive" and unintended releases of information. This includes leaving information visible on your desk or walking away from a computer screen that displays student information. We even need to be alert to where monitors are placed, so that they are not visible through a window or doorway.

A bus driver had to break up a fight on the school bus. The driver is very frustrated and tells the other bus drivers that Suzy Smith is a terror and that she started a fight on the school bus today.

Is this a violation of F.E.R.P.A.?

YES!!!The other drivers do not have a need to know

this information.

A housekeeping or maintenance staff member has to go to a school and clean up a break-in. As they talk to other housekeeping or maintenance staff, they tell them that those Jones boys are trouble – they had to clean up from a break-in that those boys did at the school over the weekend.

Is this a violation of F.E.R.P.A.?

YES!!!There was not a need to know this

information about these children.

A cell phone has been confiscated and handed to you. You scroll through the contacts and then read the text messages logged into the phone. You decide to call someone from this phone to identify the owner of the cell phone.

Is this a violation of F.E.R.P.A.?

YES!!!You do not have a need to know the private

contents of the cell phone.

John Brown is creating a disturbance in a classroom. You use the walkie talkie and tell the School Resource Officer or an administrator that John Brown is in Mrs. Johnson’s classroom creating chaos.

Suzy Smith is disrupting the cafeteria. You call on the intercom for the School Resource Office to get Suzy Smith from the cafeteria.

Is this a violation of F.E.R.P.A.?

You should ask the School Resource Officer to call you on a secure land line or to come to the office and discuss in private.

Mrs. Jones will be the interim teacher for Mrs. Smith who will soon be away on maternity leave. Mrs. Smith asked the school nurse if she might share with Mrs. Jones the emergency plans and Individualized Health Plans of her students with chronic health conditions. What should the nurse’s response be?

As interim teacher, Mrs. Jones has a need to know the health conditions of the children for whom she will be responsible. However, the importance of confidentiality and privacy laws should be explained to Mrs. Jones prior to disclosing the information.

The principal of a middle school has asked the school nurse to present an in-service training program about asthma. He has asked the nurse to provide in the training a list of names of all students in the building who have asthma. How should the nurse reply?

Although the asthma training session will be beneficial to all staff, names of affected students can only be shared on a need to know basis. The nurse should notify each teacher privately of only the students in his/her class who have asthma or any other chronic health condition.

Susie Q is transferring from a school district in a neighboring state. The school nurse is attempting to secure the appropriate immunization records and called the previous school. She was told by a secretary that due to privacy laws, written consent for release of information must be signed by the parent before this information can be released. The nurse responded by stating that immunization records are not considered PHI (Protected Health Information) and can be shared without consent for the purpose of enrolling the student. Who is correct?

The school nurse is correct. Immunizations are not considered PHI.

You have a jump/flash drive saving information to transport to another computer or home. Are you liable for all of this information?

The person and the District are liable. If you are using a jump/flash drive and you lose it or it is stolen, you must report it immediately to the Director of Technology.

Technology Information and F.E.R.P.A.When you use a district purchased/owned

computer, you are responsible for all activities that occur with that computer at any time of the day.

Your login and password are confidential. If you login into the computer, you are responsible for all activity on that computer. This is why you should never leave your computer unattended or let anyone use your computer while it is logged in under your name.

If you take a district computer home, you are responsible for all activity that occurs on that machine. It is monitored and retrieved.

Who Has A Need To Know Student Information?

The teacher or teachers that work with the particular students.

The principal or other administrative personnel. (This does not include secretaries, custodians, or other support staff that does not directly work with the individual student.)

What Can Happen To Me If I Don’t Pay Attention to F.E.R.P.A. or H.I.P.A.A.?

Criminal charges may be filed against: You The Superintendent The Board of Education

General Security and Privacy Issues RemindersPersonnel Information (Board Policy DABB Teacher

Records Investigation)An employee’s personnel file includes records and

documents concerning the employee.

Access to the file is limited to: Employee’s school principal/immediate supervisor Superintendent School officials involved in the evaluation process School Board if involved in promotion, demotion, suspension or

dismissal

Payroll information is placed in a separate file and this information is limited to persons involved in payroll. (Employees may not discuss specific personnel and payroll

information with any other school or district personnel as well as with anyone outside of the school district. Any questions concerning these matters should be directed to the immediate supervisor.)

Staff Conduct (Standards of Performance and Conduct

(Board Policy DBD- Conflict of Interest)May not use or disclose confidential information in the

course of employmentAll staff members have a responsibility to make themselves

familiar with, and abide by, federal and state laws as they affect their work.

Use of Computers- Faculty and Staff Acceptable Use Policy)

Only expect limited privacy of contents of any personal filesDo not provide your password to another personDo not provide access to district computer systems to

anyone, especially non-employeesEmail should be primarily used for school-related businessDo not send spam, chain letters, jokes, etc.District does not monitor email, but monitors the system.

However, email may be requested in eDiscovery or FOIA requests.

Electronic Mail Retention Procedures (Article 9 General Retention Schedules for School Districts)

Email may be accessible to the public and some should not depending on the content of the record as determined by FOIA, FERPA, and HIPAA.

Email is archived and retained for 7 yearsEmail signatures should contain:

User name Title School/Office name School/Office address School/Office phone number School/Office fax number

No other messages may be added to the signature

Policy GBEBD Employee Use of Electronic Communication

An employee will not use an electronic communication device, including a cellular phone or other mobile communications device, while on duty. This includes, but is not limited to, receiving or placing calls, text messages, surfing the Internet, checking phone messages or receiving or responding to email. Cell phones should be turned off at all times.

An employee will not allow a student to use the employee’s cell phone for any purpose.

Policy GBEBDAEmployee Use of Electronic Communication

with Students

Dillon School District Four prohibits any type of personal relationship between a school employee and a student that may be reasonably perceived as unprofessional.

Students will not be contacted using personal employee cell phones through calls, photos or texting.

Employees will use land line phones to contact students, if approved by the building administrator.

Employees will not use social networking sites to communicate with students.

Employee Use of Electronic CommunicationEmployees may post information for students such as

homework, practice schedules, etc. on district sponsored websites.

Employees will not post any student or group photographs on any website that is not the official school district website(s).

Employees may not contact students using a student’s personal email accounts (such as yahoo.com, etc.).

Employees may not use their personal email accounts to contact students (such as bellsouth.net, etc.).

All email between employee and student must be through the district email system.

Employee Use of Electronic CommunicationEmployees are encouraged to block students from

viewing personal websites or online networking profiles.

If an employee creates and/or posts inappropriate content on a website or profile and it has a negative impact on the employee’s ability to perform his/her job as it relates to working with students, the employee will be subject to discipline up to and including dismissal.

Employees will not use text messaging to contact students. This includes, but is not limited to: coaches, club sponsors, band and cheerleaders. Formal district communication systems will be used.

Employee Use of Electronic CommunicationEmployees may use the school district calling

system to contact parents/legal guardians and provide information regarding practice schedules, club activities, etc.

www.schoolconnect.usMailing lists created from www.braggs.k12.ok.us website

What Do I Do If I Slip?Inform your

Superintendent or Principal

Inform your school Attorney

Inform your insurance company if a formal complaint is made

What should I do to protect myself? When in doubt – don’t give it out. Refer requests for student academic information to the

school office. Information on a computer should be treated with the

same confidentiality as a paper copy. Do not leave confidential information displayed on an

unattended computer. Cover or put away papers that contain confidential

information if you are going to step away from your desk.

Do not provide anyone with student schedules or assist anyone in trying to locate a student on campus that is not part of the school staff. Refer them to the school office.

Do not discuss any student information with anyone that does not have a “need to know”

Never discuss student information with anyone outside of the school.

Thank You And Remember:Never say

anything bad about a child with whom you are working!

If it isn’t positive, don’t say it!

Treat all students as you would like to be treated!