HIPAA Compliance and Security for School-based Telehealth
When healthcare providers and schools work together, both sets of privacy rules need to be observed.
HIPAA protects a patient’s information from being shared while FERPA protects a student’s personal information. HIPAA is concerned with protecting diagnosis, dates of service, medication lists, etc. FERPA is concerned with grades, attendance, discipline and more.
This paper from the Association of State and Territorial Health Officials compares the two sets of guidelines
The Privacy & Confidentiality Agreement attached here is an example of a way to communicate between school staff and agency staff about what information is shared and how.
Privacy in a school setting can be hard to come by. Consider covering the window set in the door, sound proofing, and making sure that a closed door will not be opened accidentally during a healthcare appointment.
Unfortunately, there is no government seal of approval to verify HIPAA security of a vendor, and a software alone cannot make a school-based telehealth provider HIPAA compliant by using their software or hardware. Technically speaking, no vendor can be “HIPAA-compliant” because software vendors do not meet the criteria of a Covered Entity (for whom HIPAA applies).
It is good practice to include a statement about HIPAA and FERPA on enrollment or registration forms.
Information Relevant to HIPAA Security