Posted on Jun 12, 2021
Prom attendees' hands are marked according to COVID-19 vaccination status — and parents, students...
2.77K
34
22
5
5
0
Posted >1 y ago
Responses: 6
What's HIPPA?
HIPAA only applies to healthcare providers, hospitals and insurance companies from providing patient info without their consent.
An individual can't violate their own privacy. You either give it up or you don't.
HIPAA only applies to healthcare providers, hospitals and insurance companies from providing patient info without their consent.
An individual can't violate their own privacy. You either give it up or you don't.
(6)
(0)
CPT (Join to see)
You make a good point and I will hit the regulations. If I am incorrect, it wouldn't be the first time. Irrespective, why did it take almost 7 weeks for you to bring this up?
(0)
(0)
CPT (Join to see)
Okay. Quick perusal of HHS Regulations indicate that I am more incorrect than correct. However, there are situations where the rules are subject to interpretation (in other words they are contradictory and confusing). For anyone who doesn't care enough to read the following information, this case requires litigation in a federal court. Irrespective of the finer points of the current regulations, there is also evidence of real damage done by the idiot "advisor" which could (and should IMHO), litigated. The litigation arising from this school's behavior is valuable if for no other reason than an object lesson to those schools and faculty which would recklessly disclose potentially damaging information.
NOTE: The very last entry is the .pdf of guidance for school administrators. If you read this document you will notice that the guidance is VERY specific about how and how not to handle this type of information. Most of the emphasized sections deal with advice for school administrators on how not to become liable under HIPAA or FERPA guidelines. There would be no necessity for this degree of legal specificity if it was a a forgone conclusion that HIPAA & FERPA didn't apply. Irrespective, neither the school system nor principal showed any caution or judgement when he implemented the (I'll show you) marking plan.
IV. Where FERPA and HIPAA May Intersect
In a few limited circumstances, an educational agency or institution subject to FERPA can also be subject to HIPAA. For instance, a school that provides health care to students in the normal course of business, such as through its health clinic, is also a “health care provider” under HIPAA. If a school that is a “health care provider” transmits any PHI electronically in connection with a transaction for which HHS has adopted a transaction standard, it is then a covered entity under HIPAA. As a covered entity, the school’s health care transactions must comply with the HIPAA Transactions and Code Sets Rule (or Transactions Rule). However, many schools that meet the definition of a HIPAA covered entity do not have to comply with the requirements of the HIPAA Rules because the school’s only health records are considered “education records” or “treatment records” under FERPA. See 45 CFR § 160.103 (definition of “protected health information” ¶¶ (2)(i), (ii)). The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by FERPA by excluding such records from the definition of “protected health information.”
----------
Does FERPA or HIPAA apply to student health records maintained by a health care
provider acting for a FERPA-covered elementary or secondary school that is not
employed by the school?
Health records that directly relate to students and are maintained by a health care provider, such as a third party contractor, acting for a FERPA-covered elementary or secondary school, would qualify as education records subject to FERPA regardless of whether the health care provider is employed by the school. Conversely, student health records that are maintained by a health care provider that provides services directly to students and that is not acting for a FERPA-covered educational agency or institution do not constitute FERPA-protected education records. For example, the records created and maintained by a public health nurse who provides immunizations to students on a FERPA-covered elementary or secondary school’s grounds, but who is not acting for the school,
would not qualify as “education records” under FERPA. (Note: If the school wishes to disclose PII from student education records that it maintains to the public health nurse, the school would have to comply with FERPA and obtain prior written parent or eligible student consent or satisfy an exception to FERPA’s general consent requirement.) HIPAA would apply to student records maintained by a health care provider that are not subject
to FERPA only if the provider transmits any PHI electronically in connection with a transaction for which HHS has adopted a transaction standard, e.g., health care claims, and the records contain PHI.
https://studentprivacycompass.org/covid-19faqs/
https://studentprivacycompass.org/wp-content/uploads/2020/03/COVID-19-Student-Privacy-FAQs-03-20-2020-1.pdf
NOTE: The very last entry is the .pdf of guidance for school administrators. If you read this document you will notice that the guidance is VERY specific about how and how not to handle this type of information. Most of the emphasized sections deal with advice for school administrators on how not to become liable under HIPAA or FERPA guidelines. There would be no necessity for this degree of legal specificity if it was a a forgone conclusion that HIPAA & FERPA didn't apply. Irrespective, neither the school system nor principal showed any caution or judgement when he implemented the (I'll show you) marking plan.
IV. Where FERPA and HIPAA May Intersect
In a few limited circumstances, an educational agency or institution subject to FERPA can also be subject to HIPAA. For instance, a school that provides health care to students in the normal course of business, such as through its health clinic, is also a “health care provider” under HIPAA. If a school that is a “health care provider” transmits any PHI electronically in connection with a transaction for which HHS has adopted a transaction standard, it is then a covered entity under HIPAA. As a covered entity, the school’s health care transactions must comply with the HIPAA Transactions and Code Sets Rule (or Transactions Rule). However, many schools that meet the definition of a HIPAA covered entity do not have to comply with the requirements of the HIPAA Rules because the school’s only health records are considered “education records” or “treatment records” under FERPA. See 45 CFR § 160.103 (definition of “protected health information” ¶¶ (2)(i), (ii)). The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by FERPA by excluding such records from the definition of “protected health information.”
----------
Does FERPA or HIPAA apply to student health records maintained by a health care
provider acting for a FERPA-covered elementary or secondary school that is not
employed by the school?
Health records that directly relate to students and are maintained by a health care provider, such as a third party contractor, acting for a FERPA-covered elementary or secondary school, would qualify as education records subject to FERPA regardless of whether the health care provider is employed by the school. Conversely, student health records that are maintained by a health care provider that provides services directly to students and that is not acting for a FERPA-covered educational agency or institution do not constitute FERPA-protected education records. For example, the records created and maintained by a public health nurse who provides immunizations to students on a FERPA-covered elementary or secondary school’s grounds, but who is not acting for the school,
would not qualify as “education records” under FERPA. (Note: If the school wishes to disclose PII from student education records that it maintains to the public health nurse, the school would have to comply with FERPA and obtain prior written parent or eligible student consent or satisfy an exception to FERPA’s general consent requirement.) HIPAA would apply to student records maintained by a health care provider that are not subject
to FERPA only if the provider transmits any PHI electronically in connection with a transaction for which HHS has adopted a transaction standard, e.g., health care claims, and the records contain PHI.
https://studentprivacycompass.org/covid-19faqs/
https://studentprivacycompass.org/wp-content/uploads/2020/03/COVID-19-Student-Privacy-FAQs-03-20-2020-1.pdf
FAQs: Disclosing Student Health Information During the COVID-19 Pandemic - Student Privacy...
Our new FAQs describe how K-12 and higher education administrators and educators can protect student privacy during the COVID-19 pandemic.
(1)
(0)
CPT (Join to see)
SGT (Join to see) - Which people? Honestly, I don't know which side of this argument you are on if either. Thanks
(0)
(0)
Vaccination information is classified as PHI, and is covered by HIIPA rules. However, HIIPA only applies to HIIPA covered entities. The only issue I see hear is the list for privacy concerns. This seems no different then what the Army is doing by regulating gym hours, leave opportunities etc. by forcing you to prove your vaccinated.
(4)
(0)
MAJ Byron Oyler
CPT (Join to see) - HIPAA is a challenging subject for many in healthcare and when someone comments of late about it and gets the acronym wrong, often it is because they really do not know much about it. Maybe you are an outlier but reading your original post I do not think so.
(0)
(0)
CPT (Join to see)
MAJ Byron Oyler - No sir, I am an outlier who is far too prone to intemperate commentary. During my last FT employment with DOD I was (I am embarrassed now to admit) the HIPAA/PHI GS officer for the Dental Command. I was also an inactive Combat Arms officer at the same time. Great solving tactical problems, but I never found a hill upon which I was unwilling to die. Too aggressive, too much time downrange, and the US now appears to be circling the drain = stress. I am too far distant from that training to be making definitive comments on this topic.
(0)
(0)
I think it's idiotic that the school did this, but, I'm pretty sure that HIPAA doesn't apply here.
https://www.hipaaexams.com/blog/hipaa-answers-who-does-hipaa-apply-to/
https://www.hipaaexams.com/blog/hipaa-answers-who-does-hipaa-apply-to/
HIPAA Answers: Who Does HIPAA Apply To? | HIPAA Exams
Are you wondering if HIPAA applies to you or a loved one? Find out this and many more HIPAA answers right here in this ultimate guide!
(2)
(0)
MAJ Byron Oyler
Voluntarily marking yourself that you have received the vaccine is your choice and not a violation. The tricky part is how are they marking those without? If everyone that voluntarily shows a card is marked and those who do not receive no marking then you have potentially indicated their status against their wishes. A good counter argument is they came and chose to stay without the marking.
(2)
(0)
Read This Next