270 likes | 431 Views
Issue Brief National Association of School Nurses. Privacy Standards for Student Health Records. One of the Most Challenging Responsibilities For School Nurses is the…. generation maintenance protection, Disclosure, and
E N D
Issue Brief National Association of School Nurses Privacy Standards for Student Health Records
One of the Most Challenging Responsibilities For School Nurses is the….. • generation • maintenance • protection, • Disclosure, and • Destruction of students’ school health records. Privacy ethics, confidentiality and consent laws all factor into the mix of working with minor clients in the school setting.
Problems and Confusion • Conflicts arise becauseschool health records are, in most situations, considered to be educationrecords. • Although the underlying principles of these federal and state laws have common roots to ensure consumer privacy, they also have different standards, language and interpretation and hence, the confusion begins.
Such as….. • Which laws take precedence? Education Laws vs. Medical Laws or Federal vs. State Laws? • Legal standards in health differ from those in education (i.e. adolescents’ competence to give consent and to make decisions).
More frustration….. • School districts rarely have clear policies/procedures in place to ensure the appropriate sharing of student physical and mental health information. • School nurses are knowledgeable about health laws, but rarely have in-service opportunities that clarify education law as it relates to health records and health information.
So…..What is the HHS’ 1996 Health Insurance Portability and Accountability Act (HIPAA)? • also called the Privacy Rule • sets national standards for the privacy of individually identifiable health information • gives patients increased access to their medical records • applies to health information created or maintained by healthcare providers who engage in certain electronic transactions, health plans (insurance) and healthcare clearinghouses • compliance required by April 14, 2003
The HIPAA Privacy Rule • Consumer control over one’s records • Boundaries to limit disclosures to the “minimum” necessary • Accountability with federal penalties (both criminal and non-criminal) in place • Public responsibility that balances privacy protections with public health interests • Security ensured by requiring covered entities to establish policies to protect against deliberate or “accidental disclosures”
What’s the bottom line regarding HIPAA? • The initial ruling under the Health Insurance Portability and Accountability Act specifically included schools and universities as covered entities. • However, the more current Final Privacy Rule (HIPAA) specifically excluded as covered entities, schools and universities that are already covered by the Family Education Rights and Privacy Act of 1974 (FERPA). The intent of HIPAA was NOT to amend FERPA. • Sounds simple, yet…………………
It remains unclear…. • Whether schools that have SBHCs in their buildings, bill Medicaid for school health services, or do business with an entity covered by HIPAA, will be bound by HIPAA….. • Whether childhood immunizations are protected health information or are they exempt under this law? And is sharing of childhood immunizations between healthcare providers permitted only within the same state?
Other questions….. 3. Under HIPAA, the sale or dispensing of drugs is regulated with confidentiality requirements; is this also true for medication dispensed to students in schools? 4. If schools bill private insurance or Medicaid for reimbursement for health services (medical/nursing), is that billing considered to be a “HIPAA transaction,” and thereby bound by HIPAA privacy regulations?
Also in question….. 5. Are school nurses employed by school districts considered ‘healthcare providers’ and thereby bound to HIPAA regulations? 6. HIPAA does say however, that if school nurses or school districts engage in a “HIPAA transaction,” they are then bound by HIPAA regulations regarding that transaction. 7. A HIPAA TRANSACTION is defined as “the transmission of information between two parties to carry out financial or administrative activities related to health care.”
Are some schools regulated by HIPAA? • Schools that receive no federal funds and the healthcare professionals that work in them may or may not be subjected to this regulation, but….. • In any event, ALL schools should employ the same stringent standards as minimum criteria for practice (i.e. SAVE Legislation, AEDS, etc.) • Schools will need to mesh the privacy requirements of HIPAA with the existing FERPA regulations.
What about FERPA - What does it say? • Family Educational Rights and Privacy Act (1974) • It applies to any public/private entity that receives federal funds • Limits access to educational records by third parties • Parents have complete access to all their child’s ‘educational records’ • “Directory type information” is permitted with certain stipulations, and • In 2002, Congress approved the release of limited information to military recruiters
FERPA governs all student health records maintained by school employees or by contracted employees who provide “school health services” • FERPA has requirements for the protection and release of personally identifiable student information, including student health and educational records in public and private schools that receive any federal financial assistance information • FERPA does not govern records of School Based Health Centers (SBHCs), unless this service is fully governed by a school district
FERPA and Health Records • In the health community, health records are highly protected, not just by law, but by medical practice standards and ethical codes. • In school settings, these records are often not distinguished from other types of education records. • FERPA gives schools a basic framework for protecting & disclosing student records; however, schools are given discretion for interpretation & implementation (“legitimate educational interest”) • The conflicts begin….
#1: Federal Drug and Alcohol Confidentiality Regulations • Applies to Drug and Alcohol Treatment Programs within a school that involve treatment, counseling, assessment and referral services • Conflicts remain between confidential regulations, and FERPA’s parental access to health records
#2: State Minor Consent-to-Treatment Laws • Most states have laws giving “mature” minors the right to consent to healthcare for one or more types of health problems (drug & alcohol abuse, STDs, HIV/AIDS, reproductive and mental health)
In other words…… • Conflicts exist between state confidential regulations, and FERPA’s parental access to health records
FERPA says….. • That the student’s parents have access to all of their minor children’s healthcare records including all referrals and all discussions related to these referral. • It is still unclear whether federal regulations apply to the record of a student referred by a school nurse to an outside community agency for assessment and treatment of a drug or alcohol problem
Remember however, that.….. • States usually have laws in place for these situations. Also remember that FERPA & HIPAA were not created to preempt state laws.
Role of the School Health Nurse • In general, Privacy Laws at all levels are remarkably similar in that they compel those dealing with the public to put safeguards in place to ensure client/consumer privacy. • Although schools are generally not bound by HIPAA, this ruling sets a higher standard for privacy and security. It should be used to strengthen school district policies governing student health information that is oral, written, or electronic.
For Example….. HIPAA requires that… health office procedures, records (electronic and paper), and equipment safeguards are in place to provide adequate security and privacy of health records. This includes privacy for disclosures, phone conversations, etc. If “reasonable safeguards” are in place and an “accidental disclosure” should occur, according to HIPAA, this is not considered a violation of the law.
What Is our role in all of this? Leadership • Become educated about federal and state guidelines and laws • Provide staff training annually on the legal and ethical principles regarding the privacy of student health information
Use Functional Health Problems (Nursing Diagnoses) …….rather than medical diagnoses • Impaired Respiratory Function, rather than Asthma and….. • Use together with the Individualized Health Care Plan (IHP) to distribute to appropriate staff – instead of circulating a list of students with medical conditions
Collaboration In order to develop clear and specific policies and procedures based on law and ethics: • School districts need to: consult with their attorneys regarding the implications of HIPAA for school operations, policies and procedures. • School nurses must be members of committees that should include: school medical advisors, administrators, educators, staff, parents and experts in ethics, privacy of healthcare information and education records.
Closing Thoughts & Next Steps • What policy does your school district have in place for protection of student information? Do you know where to go to find this information? Who is in charge of your district’s privacy policy? • Find your district’s privacy policy and work from there!
Important Resources References and Web sites: • NASN www.nasn.org • FERPA: U.S. Dept. of Education Family Policy Compliance Office www.ed.gov/offices/OM/fpco • HIPAA: U.S. Health and Human Services Office for Civil Rights www.hhs.gov/ocr/hipaa • NYS Assembly & Public Health Law: www.assembly.state.ny.us • Health Privacy Project, Georgetown University: www.healthprivacy.org