• Education records refer to a broad range of data about a student that schools maintain. This information can be in any recorded form, such as handwriting, print, computer media, video, or audiotape.
  • FERPA applies to all public schools that receive Federal education funds.
  • If someone has breached your privacy, you can file a complaint in the Office for Civil Rights (OCR).
  • Privacy laws give the right to request the change of the educational records of the student.

What are Student electronic health records? 

Student electronic health records include all records, files, documents, and student details. Schools are responsible for maintaining these records. It contains all the information related to the student. The following consists of student’s record documents protected under FERPA:

  • Individualized education plans
  • Immunization records
  • School nurse records
  • Assessment results
  • Social security number
  • Attendance records
  • Disciplinary records and transcripts

Schools and colleges are providing students with more health care services. On-school campuses offer several types of healthcare services, including:

  • Health clinics
  • On-site counselors
  • The administration of prescription medicines
  • Immunizations

Several questions demand addressing as schools may have sensitive health information. Are there any laws that cover the privacy of electronic health records for school data? The answer is not simple because this information can fall under two different laws:

  • Family Educational Rights and Privacy Act (FERPA)
  • Health Information Portability and Accountability Act (HIPAA)

In some cases, there are no privacy laws that apply to medical records.

Protecting your Privacy and Security

There are two basic Privacy laws, i.e., HIPAA and FERPA. They help you protect your privacy and provide security for your electronic health record.

Privacy Rights

If someone violates your privacy, you can file a complaint in the Office for Civil Rights (OCR). Their staff will assist you in filing a complaint.
Healthcare professionals and organizations are responsible for handling your electronic health record. They must use passwords, encryption, and other security measures. It is to ensure that only the right person has access to your private data.

HIPAA or FERPA: Which Gives Better Rights to Students? 

FERPA is a federal law for protecting students’ data. They only allow parents to access and amend their children’s educational records. Educational institutions are not permitted to reveal students’ private information. They are only allowed to do so with parents’ written permission.

But, the Health Insurance Act (HIPAA) improves the efficiency of the health care system. This law has set national standards and requirements for handling electronic health records. According to HIPPA, healthcare providers must keep their patients’ health information confidential.

Elementary and secondary schools are not HIPAA-covered entities. So, it does not apply to them. Furthermore, if schools keep electronic health records, they should be protected by FERPA.

Rights Provided by FEFRA

The Family Educational Rights and Privacy Act (FERPA) provides parents and eligible students with the rights to:

  • Check and review the educational records of the students that the School maintains.
  • Request for amending the academic documents of the student.
  • Give written consent to disclose identifiable information from a student’s academic record. This happens under limited conditions specified by law.
  • The ability to register a complaint with the Family Policy Compliance Office (FPCO). The complaints might include an alleged violation under FERPA.


FERPA and HIPAA do not always integrate well. It sometimes may create convoluted exceptions. Here are some of the most important exceptions to be aware of:

Most private schools and colleges are not directed to FERPA as they do not get federal funds. In such a case, HIPAA may or may not apply. There is also the possibility that it does not come under any privacy law. Even where FERPA does not apply, HIPAA does not extend to every health record kept by schools. HIPAA only applies to specific organizations, referred to as “covered by law entities “. Hospitals, doctors, and other healthcare professionals are examples of covered entities for services. It is crucial to clear this point before a student gets health care treatment at a private school.


HIPAA, FERPA, or both may apply to some student electronic health records. For instance, consider a public health nurse providing immunization to students. She does not represent the School. So, FERPA does not consider the records created by that nurse as educational records. These records may be subject to HIPAA.

If a school gets records from the nurse, they come under FERFA private law. Parental authorization is a must between the nurse and the School. It is to fulfill either FERPA or HIPAA criteria for disclosures.

Students Aged 18 or Older

When a student is 18 years old or older, FERPA does not apply to treatment records. Such cases come under HIPAA. It becomes a FERPA record if the School discloses the information to anyone.

Thus, applying one law or the other depends on how the disclosure of that specific record happened.

It is the responsibility of educational institutions to protect the health records of students on a secure platform. It will keep students, faculty, and staff safe. Also, it will provide mental peace to parents.

Reach out to us and get a detailed overview on securing students’ electronic health records with our team of experts.

Request for a Free Consultation