190 likes | 378 Views
CIPA, FERPA, HIPAA and the School Information Security Plan. Introduction. Today’s Schools face: Numerous State and Federal Regulations Reduced Technology Funding More Stringent Guidelines for Technology Use. Key Terms.
E N D
Introduction Today’s Schools face: • Numerous State and Federal Regulations • Reduced Technology Funding • More Stringent Guidelines for Technology Use
Key Terms The following key terms were taken from Protecting The Privacy of Student Records (1997): • Educational Record • Confidentiality • Privacy • Security • Disclosure • Protection Principle
Educational Record A compilation of records, files, documents, and other materials that contain information directly related to a student and maintained by educational agencies and institutions, or by individuals acting on behalf of the agencies.
Confidentiality An obligation not to disclose or transmit information to unauthorized persons.
Privacy A uniquely personal right that reflects an individual’s freedom from intrusion.
Disclosure Permitting access to, revealing, releasing, transferring, disseminating, or otherwise communicating all or part of any individual record orally, in writing, or by electronic or any other means to any person or entity.
Security Technical procedures that ensure only that only authorized and intended parties have access to data.
Protection Principle This principle states that: Information users should use appropriate technical and managerial controls to protect the confidentiality and integrity of personal information.
The Children’s Internet Protection Act A federal law enacted by Congress to address concerns about access to offensive content over the Internet on school and library computers (CIPA, 2001).
The Federal Rights and Privacy Act A federal law that protects the privacy of student educational records.
The Health Insurance Portability and Accountability Act For purposes of this presentation: A federal law that governs how school health services may share student information with other parts of the school community.
Student Record Protection • Responsibility of all school administrators and personnel. • Access granted only with written permission from parents or “eligible students.” • Pertains to paper and electronic records as well as data transmitted via wireless devices.
Disclosure Exceptions The following information may be disclosed without written permission however; notification of the record holder is required. • Student name • Student home address • Student home telephone number • Student date and place of birth • Student earned honors or awards • Student dates of attendance.
Intent to Release Notice While schools are not required to have written permission to release this information, they are required to give notice in a “reasonable amount of time to allow the student or parent to request that the information not be released” (FERPA, 1974)
Role of Educational Technology Leader • Work in concert with school and district administrators, teachers and medical staff to make certain that all educational records housed in an electronic format and, the transmission of these records, meet the standards of the CIPA, FERPA and when applicable HIPAA regulations. • Create an Information Security Policy that clearly addresses these regulations as well as the repercussions of violating these regulations.
References • Lehtinen, R., Russel, D. & Gangemi Sr., G. T. (2006). Computer Security Basics. Sebastopol, California: O’Reilly Media, Inc. • National Association of School Nurses. (2004). School Health Nurse’s Role in Education: Privacy Standards for Student Health Records. Retrieved from http://www.nasn.org/Default.aspx?tabid=277 • National Center for Educational Statistics, National Forum on Educational Statistics. (1997). Protecting The Privacy of Student Records. Retrieved from http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=97527 • Schneier, B. (2000). Secrets & Lies: Digital Security in a Networked World. Indianapolis, Indiana: Wile Publishing, Inc. • The Children’s Internet Protection Act of 2001, Pub. L. 106-554 Sec. 1732. found at http://www.fcc.gov/cgb/consumerfacts/cipa.html • The Family Educational Rights and Privacy Act of 1974 20 U.S.C. 1232; 34 CFR Part 99. found at http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html • The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191 guidelines found at http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hipaaferpajointguide.pdf.