Privacy / Student Records

Enactment of federal legislation, such as the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA), has significantly changed how colleges and universities maintain and release student records. These laws, in combination with state laws, establish who controls disclosure of records, the right to inspect and review them and regulates the ability to amend the records by students, parents or others. University administrators must balance federal and state laws in order to protect student privacy and prevent potential litigation issues.

• U.S. Laws & Regulations

• 20 U.S.C. 1232 - FERPA

  -34 C.F.R 99 – FERPA Regulations

  -34 C.F.R. 99 – FERPA Final Regulations (with commentary)

• HIPAA

  -45 C.F.R. 160 – HIPAA Privacy Rule

• Resource Pages

• NACUA FERPA Resource Page 

  NACUA

• NACUA HIPAA Resource Page 

  NACUA

• Privacy & Information Access Professional Interest Page

  CASE

• EDUCAUSE Resource Page on FERPA

  EDUCAUSE

• EDUCAUSE Resource Page on Gramm-Leach-Bliley Act

  EDUCAUSE

• EDUCAUSE Resource Page on HIPAA

  EDUCAUSE

• EDUCAUSE Resource Page on Data Breach Notification

  EDUCAUSE

• EDUCAUSE Resource Page on Identity Theft Red Flags

  EDUCAUSE

• EDUCAUSE Resource Page on Identity Management Policy

  EDUCAUSE

• EDUCAUSE Resource Page on Identity Theft

  EDUCAUSE

• EDUCAUSE Resource Page on Privacy

  EDUCAUSE

• U.S. Dept. of Health and Human Services HIPAA Resource Page

• CUPA-HR Genetic Information Nondiscrimination Act (GINA) Toolkit  

  CUPA-HR
• Publications

• CRS Report: The Family Educational Rights and Privacy Act (FERPA): A Legal Overview

  Congressional Research Service, Jody Feder, May 1, 2013

• Growing Demands for Public Records: How Should Boards Respond? 

  Rachel Levinson-Waldman, Robert O'Neil, 2012, AGB

• The Fundamentals of Fundamental FERPA

  Steven J. McDonald, 2011, NACUA

  - FERPA – 34 CFR Part 99
  - Model Notification of Rights Under FERPA for Postsecondary Institutions
  - Model Form for Disclosure to Parents of Dependent Students and Consent Form for Disclosure to Parents
  - FERPA: What Faculty and Staff Should Know
  - The Family Educational Rights and Privacy Act: 7 Myths – and the Truth

• Fighting Phishing, Pharming, and Other Cyber-Attacks: Coverage for High Tech Liabilities 

  Cherylyn J. Briggs, Jerold Oshinsky, Kenneth K. Lee, Lorelie S. Masters, 2010, URMIA

• FERPA Then and Now: Tipping the Balance in Favor of Disclosure of Mental Health Information Under the Health and Safety Emergency Exception

  Allison B. Newhart, Barbara F. Lovelace, 2009, URMIA

• New Privacy and Security Laws Found in Unlikely Places 

  Pamela J. Bernard, 2009, AGB

• Do Emergency Planners Know When and How to Share Confidential Student Records 

  Pamela J. Bernard, 2008, AGB

• Data Privacy Issues – Know Your Rights and Responsibilities

  Arthur McCombs, John L. Nicholson, Vadim Schick, 2008, NACUA

• Life with HIPAA: A Primer for Higher Education

  Marilyn McMillan, Norma Kenigsberg, Pietrina Scaraglino, Toby Sitko, 2003, EDUCAUSE

• The Privacy Argument

  Chris Kyriakakis, Sabrina Serafin, May 7, 2012, ACUA

• ACUTA Alert: Red Flag Requirements Will Help Fight Identity Theft

  2008, ACUTA

• ACUTA Alert: Federal Rules Governing Destruction of Electronically Stored Information

  December 2006, ACUTA