Presentation on theme: "HIPAA and FERPA (or, Is Your HIPAA Eating Your FERPA?) C.W. Goldsmith University of Alabama at Birmingham"— Presentation transcript:
HIPAA and FERPA (or, Is Your HIPAA Eating Your FERPA?) C.W. Goldsmith University of Alabama at Birmingham net@edu
Comparison of FERPA and HIPAA History of FERPA and HIPAA Administrative Rule versus Law What’s Covered? What are the Penalties? Similarities Coping Strategies Who’s Not Covered? Opportunity
History Why FERPA? 1960s Berkeley Free Speech Loss of loco parentis 1974 FERPA (Buckley) in Response to Abuse Why HIPAA? 1996 Failure to Leverage Technology to Reduce Costs
Difference Between Administrative Rule and Law Rule Offers More Less Formal Steps to Discover Problems/Answers to Resolve Issues/Complaints Before Going to Court HIPAA is Both Enforcement Through the Office of Civil Rights FERPA is Both
What are the Penalties? FERPA Penalties Institutional Sanctions Loss of Federal Funding HIPAA Penalties Security: A Maximum of $25,000 Privacy: Intent: up to $50,000, one year in jail False pretenses: $100,000, five years in jail Commercial or personal gain: $250,000, ten years in jail
What are the Penalties? FERPA Penalties No right of personal action, Civil Rights Cause of Action May Exist Against Public Institutions HIPAA Penalties Transactions/codes /identifiers: $100 per incident/up to $25,000 per year per standard
Any Similarities? FERPA Directory Information opt out HIPAA Directory Information opt in
What does HIPAA say about FERPA? HIPAA says FERPA is to be followed for student medical record FERPA says student medical record not covered HIPAA says medical records seen by other than physician/nurse is an education record and must be handled accordingly
Coping Strategies FERPA Culture and education History HIPAA Use HIPAA to Refresh Campus Understanding of FERPA Compliance and Federal Sentencing Guidelines Encourage Training Everyone(!) UAB Committee Structure
UAB HIPAA Steering Committee Advisory Staff J Hicks; J Piazza, JD; T Tatum, JD Technical Advisory Don Fast; Landy Manderson EDI Privacy Security Identifiers UAB Clinics Tusc / Hunstville Clinics Allen Bolton EDI Privacy Security Identifiers Employees Roger McCullough Training/Insurance All Campus and Hunstville Tusc EDI Privacy Security Identifiers Research All UAB Campus and affiliated William Grizzle, MD, PhD EDI Privacy Security Identifiers HSIS / Children's Viva / VA Amanda Dorsey EDI Privacy Security Identifiers Students William Fulcher, MD Hunstville / Tusc? Clair Goldsmith, PhD Lucy Hicks, JD Joan Lorden, PhD Michael R. Waldrum, MD
Communities Not Covered by FERPA and HIPAA Human Research Subjects in Other Disciplines Psychology, Education IRB Responsibility/Waiver What is Done With Personally Identifiable Research Information when Investigator Leaves the Institution?
Conclusion FERPA and HIPAA Are Great Platforms for the Exercise of Leadership in Protecting Privacy of Individuals
But… Why hasn’t Higher Education Taken a Stronger Role in the use of Technology to Protect Privacy?