1 / 146

201 5 Ea r l y Childhoo d Priva c y and Confidentialit y W o r kshop

201 5 Ea r l y Childhoo d Priva c y and Confidentialit y W o r kshop. F e b r ua r y 4 , 2015 Ba r o n R odrigu e z , P T A C Direc t or F r ank Mill e r , Deputy Direc t o r FP C O (DoED)

louvain
Download Presentation

201 5 Ea r l y Childhoo d Priva c y and Confidentialit y W o r kshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2015EarlyChildhoodPrivacyand ConfidentialityWorkshop February4,2015 BaronRodriguez,PTACDirectorFrankMiller, Deputy DirectorFPCO(DoED) JoycePopp,PTACSupportTeam SharonWalsh,DaSy Consultant RobinNelson,DaSy Consultant MissyCochenour,StateSupportTeam

  2. Objectivesfor theDay • Learn about FERPA & HIPAA implications for early childhoodintegrateddatasystems • Developdraftsofdatasharingagreementswithyourstate team • Learn why data mapping is an important aspect of ensuringprivacyandconfidentialityofyourdata • Review recent guidance on transparency and reflect/review your state’s approach to transparency of datasystems. • Discuss the implications of multi-agency data breaches throughindividualstatescenariobasedactivities.

  3. Introductions • As astate,discusswhatyouhopetolearntodayandhow eachofyoufitintothestatepicturearoundearly childhoodintegrateddatasystems,bothnowandinthe future

  4. EarlyChildhood DataOverview -Missy Cochenour,SST-

  5. KeyDataUsesinEarlyChildhood • WhatisdrivingtheworkinEarlyChildhood? • Criticalpolicyandprogramquestionsacrossagencies andprograms • Whoarethepotentialusers? • Policymakers,programadministrators,teachers, parents,andothers • Discussionquestion:Whatdoestheusehavetodowith Privacy?

  6. KeyDataUsesinEarlyChildhood

  7. KeyDataUsesinEarlyChildhood

  8. EarlyChildhoodEducation ProgramDefinition • Accordingto20USCS§1003(8),theterm“earlychildhood educationprogram”means– • “(A)aHeadStartprogramoranEarlyHeadStartprogram carriedoutundertheHeadStartAct (42U.S.C.9831et seq.),includingamigrantor seasonalHeadStart program,anIndianHeadStartprogram,or aHeadStart programor anEarlyHeadStartprogramthatalso receivesStatefunding; • (B)aStatelicensedor regulatedchildcareprogram;or

  9. EarlyChildhoodEducation ProgramDefinition • aprogramthat— • (i)serveschildrenfrombirththroughagesix that addressesthechildren'scognitive(including language,earlyliteracy,andearlymathematics), social,emotional,andphysicaldevelopment;and • (ii) is– • (I) a Statepre-kindergartenprogram; • (II) aprogramauthorizedundersection619or part CoftheIndividualswithDisabilitiesEducationAct [20USCS §1419or§§1431etseq.];or • (III)aprogramoperatedbyalocaleducational agency.”

  10. PrivacyConsiderationsinUsing EarlyChildhoodData • WhatlegalobligationdoEC educationalagenciesand institutionshavetoprotectPIIfrom studentsrecords? • Privacyofindividualstudentrecordsisprotectedunder FERPA • –OtherFederal,State,andlocallaws,suchasHIPAA andIDEA,mayalsoapply • Determinehow/whichinformationis goingtoflowbetween agenciestohelpassesswhichlawsmayapply • Developdatasharingagreementswhichensuredatais onlysharedforauthorizedpurposesandadequately protectedatalltimes

  11. FERPA/ IDEA Overview Frank Miller,DeputyDirectorFPCO BaronRodriguez,PTACDirector& RobinNelson,DaSyConsultant

  12. WhatIs Personally Identifiable Information (PII)? Address Mother’smaidenname Name SocialSecurityNumber Date of birth Placeofbirth Names ofparentor otherfamilymembers

  13. What isPersonally Identifiable Information(PII)?

  14. What Else Is Personally Identifiable Information (PII)? • FERPA-99.3(PII) • Info.that,aloneor incombination,is linkabletoaspecific studentthatwouldallowareasonablepersoninthe schoolcommunity,whodoesnothavepersonal knowledgeoftherelevantcircumstances,toidentifythe studentwithreasonablecertainty. • Info.requestedbyapersonwhotheeducationalagency or institutionreasonablybelievesknowstheidentityof thestudenttowhomtheeducationrecordrelates.

  15. What Else Is Personally Identifiable Information (PII)? IDEAPartB-300.29 Listofpersonal characteristicsorotherinformationthat wouldmakeit possibletoidentify thechildwithreasonable certainty IDEAPartC-303.32 PIIdefinitionrefersto FERPAPIIdefinition Except-- student=child school=EISprovider

  16. WhatIs DirectoryInformation? • PIIthat isnotgenerallyconsideredharmful oraninvasionofprivacyif disclosed • Not a student’sSocialSecurityNumberand generallynotastudentIDnumber • May includeastudentIDnumberdisplayed onastudentIDbadge 16

  17. Whatrecordsarecovered?

  18. Whatrecordsarecovered? IDEAPartC EarlyIntervention Records IDEAPartB EducationRecords FERPA EducationRecords The typeof records covered under the definitionof “education records”inFERPA. Recordsthatare– Directly related to student; and Maintainedby an educationalagencyor institutionor byaparty acting for the agency or institution 99.3 Allrecordsregardinga childthatare requiredto be collected,maintained, or used under PartC. Records that are collected,maintained,or used 300.611(b) 303.403(b)

  19. Whomustcomply?

  20. Whomustcomply? • IDEAPartC Participatingagency • Anyindividual,agency,entity,or institutionthat collects,maintains,or usespersonallyidentifiable information to implement the requirementsin part C. • Includesanyindividualor entitythat providesanypart Cservices. • Doesnot includeprimary referralsourcesor public agencies or privateentitiesthat act solelyasfunding sourcesforPartCservices.

  21. Whomustcomply? • IDEAPartB Participatingagency • Anyagencyorinstitutionthatcollects, maintains,orusespersonallyidentifiable information,orfromwhichinformationis obtainedunderPartB.

  22. Whomustcomply? • FERPA • Educational agency or institution • Anypublicor privateagencyor institutionthatprovides educationalservicesand/orinstructionto students;or is authorizedtodirectandcontrolpublicelementaryor secondary,or postsecondaryeducationalinstitutions; and • to whichfundshavebeenmadeavailableunderany programadministeredbytheSecretary

  23. Whendotheconfidentiality provisionsapply?

  24. Whendotheconfidentiality provisions apply? IDEAPartC When the child is referredforearly interventionservices... Untilthelaterofwhentheparticipating agencyisnolongerrequiredtomaintain ornolongermaintainsthatinformation under applicable Federal and Statelaws 303.401(c)(2)

  25. Whendotheconfidentiality provisions apply? IDEAPartBconfidentialityprovisions Applytorecordsthatarecollected, maintained,orused 300.610through300.626

  26. Whendotheconfidentiality provisions apply? FERPA Whenthestudentis“in attendanceatan educationalagencyorinstitution” 99.3(Definitionofstudent)

  27. Whoserecordsarecovered?

  28. Whoserecordsarecovered? IDEAPartC Child=Anindividualundertheageof6 andmayincludeaninfantortoddler with a disability 303.6

  29. Whoserecordsarecovered? IDEAPartB Childwithadisability: Childrendeterminedeligibleunder oneof13disabilitycategories&needsspecialeducation andrelatedservicesasaresultofdisability. 300.8 “Recordsrelatingto… childrenthatarecollected, maintainedor used…” 300.610

  30. Whoserecordsarecovered? FERPA Student=Anyindividual whoisorhas beeninattendanceataneducationalagency orinstitutionandregardingwhomthe agencyorinstitutionmaintainseducation records. 99.3

  31. FPCOLettertoEdmunds(2012) • “Earlyinterventionrecords”is thesameas “educationrecords”forpurposes ofthe confidentialityprotectionsunderIDEAPartC andFERPA • If earlyinterventionrecordsarecoveredunder FERPAandIDEAPart C, thoserecords are exemptasPHIundertheHIPAAPrivacyRule

  32. HowFERPATermsApplyto IDEAPartC • IDEAPart C,in§ 303.414(b)(2),includesthe following translationprovisionsforFERPAterms: • Educationrecord=Early interventionrecord • Education=Earlyintervention • Educationalagencyorinstitution=Participating agency • Schoolofficial=QualifiedEISpersonnel/Service Coordinator • State educationalauthority=Leadagency • Student= Child under IDEAPartC

  33. PrimaryRightsofParentsunder FERPA • Righttoinspectandrevieweducationrecords (§ 99.10); • Righttoseektoamendeducationrecords(§§ 99.20,99.21,and99.22);and • Righttoconsenttothedisclosureof personallyidentifiableinformationfrom educationrecords,exceptasprovidedbylaw (§§99.30and99.31).

  34. AnnuallyNotifiedofRights § 99.7 Schoolsmustannuallynotify parentsofstudents andeligiblestudents inattendanceof theirrightsunder FERPA. FERPA RIGHTS

  35. RighttoConsenttoDisclosures • Exceptforspecificexceptions,aparent or eligiblestudentshallprovideasignedand datedwrittenconsentbeforeaschoolmay discloseeducationrecords. • Theconsentmust: • specifyrecordsthat may bedisclosed; • statepurposeof disclosure;and • identifyparty or classof parties to whom disclosuremaybe made. § 99.30 35

  36. So,whenis prior consent NOTrequiredbefore disclosing PIIin education records?

  37. WhatAretheExceptionsto GeneralConsent? § 99.31 • Toschoolofficialswithlegitimateeducationalinterests (definedinannualnotification); • Toschoolsinwhichastudentseeksorintendstoenroll; • ToStateandlocalofficialspursuanttoaStatestatutein connectionwithservingthestudentunderthejuvenile justicesystem; • Tocomplywithajudicialorderorsubpoena(reasonable efforttonotifyparentorstudentatlastknownaddress); • Toaccreditingorganizations;

  38. WhatAretheExceptionsto GeneralConsent? • Toparentsofadependentstudent; • ToauthorizedrepresentativesofFederal,State,andlocal educationalauthoritiesconductinganaudit,evaluation,or enforcementofeducationprograms; • Toorganizationsconductingstudiesforspecificpurposes onbehalfofschools; • Inahealthorsafetyemergency; • ToStateandcountysocialserviceagenciesorchild welfareagencies(new);and • Directoryinformation.

  39. UninterruptedScholarsAct (USA) • NewexceptiontothegeneralconsentruleunderFERPAenactedonJanuary14, 2013: • PermitsdisclosureofPIIfromeducationrecordsof childreninfostercareto:“agencycaseworkerorother representative”ofaStateor localchildwelfareagency (CWA) whohastherighttoaccessastudent’scaseplan underStateor triballaw • Disclosurepermittedwhen:theCWAis “legally responsible…forthecareandprotectionofthestudent” • Provisionsfortribalorganizationsaswell

  40. AdditionalExceptiontoConsent • Uninterrupted ScholarsAct amendedthenotification requirementinFERPA’s subpoenaor judicialorder exception(§ 99.31(a)(9))whentheparentis apartytoa courtproceedinginvolvingchildabuse,neglect,or dependencyandthecourtorderisissuedinthecontextof thatcourtproceeding

  41. The exceptionstoconsentare permissible,NOTrequired

  42. WhataretheRecordkeeping Requirements? • Aneducationalagencyor institutionmustmaintaina recordofeachrequestforaccesstoandeachdisclosure fromaneducationrecord,aswellasthenamesofState andlocaleducationalauthoritiesandFederalofficialsand agencieslistedin§99.31(a)(3)thatmaymakefurther disclosuresofpersonallyidentifiableinformationfromthe student’seducationrecordswithoutconsentunder • §99.33.

  43. WhataretheEnforcement Provisions? • TheFamilyPolicyComplianceOffice (FPCO)investigatescomplaintsand violationsunderFERPA • Parentsandeligiblestudentsmayfile timelycomplaints(180 days)withFPCO • Ifan SEAor anotherentitythatreceives DepartmentfundsviolatesFERPA, FPCOmaybringanenforcementaction againstthatentity • Enforcementactionsincludethe5-year ruleaswellaswithholdingpayment, ceaseand desistorders,and complianceagreements

  44. Guidance Documents& FERPA Regulations • AddressingEmergencieson Campushttp://www2.ed.gov/policy/gen/guid/fpco/pdf/emergency-guidance.pdf • Joint FERPA-HIPAAGuidancehttp://www2.ed.gov/policy/gen/guid/fpco/doc/ferpa-hipaa-guidance.pdf • FERPA&DisclosuresRelatedtoEmergencies&Disastershttp://www2.ed.gov/policy/gen/guid/fpco/pdf/ferpa-disaster-guidance.pdf • Balancing Student Privacy&SchoolSafetyhttp://www2.ed.gov/policy/gen/guid/fpco/brochures/elsec.html • CurrentFERPARegulationshttp://www2.ed.gov/policy/gen/reg/ferpa/index.html • NewAmendments to FERPARegulations (Effective 1/3/12) • http://www.gpo.gov/fdsys/pkg/FR-2011-12-02/pdf/2011-30683.pdf • NewModel Notifications • LEAs:http://www2.ed.gov/policy/gen/guid/fpco/ferpa/lea-officials.html

  45. HIPAA Overview

  46. WhatisHIPAA? • HealthInsurancePortabilityandAccountabilityAct of 1996 • EstablishedCertainInsuranceProtections • CoveragePortability • Limitedexclusionsforhealthconditions • Prohibiteddiscriminationbasedonhealthstatus • Guaranteedrenewability

  47. WhatisHIPAA? • RequiredStandardsfortheExchangeofElectronicInformation • DirectedtheDepartmentofHealthandHumanServicesto: • Setstandardsforthecontentofelectronictransactions andfortheformatoftransmission • Establish“CodeSets”foruseasdescriptorsofdiagnosis andtreatment • Establish“UniqueIdentifiers”foremployersandproviders • TheCentersforMedicareandMedicaidServices(CMS)sets electronicstandardsthroughformalnoticeandcomment • rule-making

  48. Whatabout HIPAA Privacyand Security? Statutesetsoutaprocessforestablishingprivacy protections(SEC. 264) HHS directedtomakerecommendationscovering“atleast” whatrightsanindividualhasregardinghis/herhealth information procedurestoexercisethoserights appropriateusesanddisclosuresforindividually identifiableinformation

  49. HIPAA Privacyand Security Protectionsand Requirements • HIPAAAdministrativeSimplificationRegulations • SuiteofregulationscoveringHIPAAprovisions • 45CFRParts160,162,and164 • PrivacyRuleandSecurityRuleimplementedand enforcedbytheOfficeofCivil RightsintheDepartmentof HealthandHumanServices

  50. HIPAA Privacyand Security Protectionsand Requirements • Privacy Rule- 45CFRPart160andSubpartsAandEof Part 164 • Establishesnationalstandardstoprotectindividuals’ medicalrecords/personalhealthinformation • FinalRule-August14,2002 • AccountingforDisclosure- provisionwithin PrivacyRule • Coveredentitiesmust provide, on request, account of disclosuresofprotectedinformation • Modificationsproposed-May31,2011-toimplement HITECHActprovisions/otherupdates • FinalRulestillpending

More Related