Skip to main content
All CollectionsPrivacy & Security
Is KIT HIPPA and FERPA compliant?
Is KIT HIPPA and FERPA compliant?
Updated over 6 months ago

This article describes how HIPAA and FERPA compliance intersect and which standard (or both) you should be concerned with.

Kit deals with student data and educational records, which falls under FERPA (even if some of those records are medical in nature). However, if your organization is a covered entity under HIPAA (like a clinic for adult patients), then a solution for you is coming too! See what we're building here.

Medical data (HIPAA) and educational records (FERPA) are two different types of personal information that require privacy protection. This article will arm you with some information and resources to help answer your questions about these often confusing standards.

Medical Data Privacy

Medical data includes any information related to an individual's health, including medical history, diagnoses, treatments, and medications. This information is typically shared among healthcare providers to ensure continuity of care. The privacy of medical data is protected by various laws, including the Health Insurance Portability and Accountability Act (HIPAA) in the United States.

Educational Records Privacy

Educational records refer to any information about a student's educational background, including grades, transcripts, and disciplinary records. This information is usually shared among educational institutions to ensure academic continuity. The privacy of educational records is protected by various laws, including the Family Educational Rights and Privacy Act (FERPA) in the United States.

Where they intersect

Under certain circumstances, educational institutions subject to FERPA may also be subject to HIPAA. For example, they may provide health care to students through their health clinic. If a school transmits protected health information (PHI) electronically in connection with a transaction that HHS has adopted a standard for, it becomes a covered entity under HIPAA and must comply with the Transactions Rule. However, many schools meeting the HIPAA covered entity definition do not need to follow the HIPAA Rules since their health records are considered education or treatment records under FERPA. The HIPAA Privacy Rule excludes FERPA-protected records from the definition of "protected health information."

Resources

For more information and the official joint guidance for HIPAA/FERPA, go here:
https://studentprivacy.ed.gov/joint-guidance-application-ferpa-and-hipaa-student-health-records

For all the HIPAA info you could ever want to read, go here:
https://www.hhs.gov/hipaa/index.html

For all the official information about FERPA, go here:
https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.htmlst

Did this answer your question?