Protection of Pupil's Rights Act of 1978, No Child Left Behind Act of 2001, Every Student Succeeds Act of 2015 and FERPA vs HIPAA

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 2 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Is Chris, and I'm cyber instructor
00:00
>> for US information privacy course.
00:00
>> In Lesson 8.2, we're going to continue
00:00
>> our discussion on
00:00
>> those important educational privacy related laws.
00:00
It's in Lesson 8.2 that we're going to discuss
00:00
the provisions of the Protection of
00:00
Pupil's Rights Act of 1978.
00:00
Their privacy provisions of the
00:00
No Child Left Behind Act of 2001,
00:00
we'll conclude with a discussion on
00:00
the Every Student Succeeds Act of 2015,
00:00
as well as the discussion on FERPA
00:00
and HIPAA as they apply to student educational records.
00:00
We have several learning objectives.
00:00
We're going to look at the PPRA's provisions.
00:00
We're going to look at the NCLBA's privacy provisions
00:00
as they amend the PPRA.
00:00
We're going to talk about
00:00
>> the Every Student Succeeds Act,
00:00
>> privacy provisions as stated in Section 8037.
00:00
Then we'll have a brief discussion
00:00
on the relevancy of FERPA versus HIPAA when they
00:00
apply in the case of
00:00
student educational records and health records
00:00
maintained by educational institutions and agencies.
00:00
Congress enacted the protection of
00:00
Pupil Rights Amendment Act 24, because, again,
00:00
HIPAA was concerned that
00:00
those educational agencies and
00:00
institutions that had to comply with
00:00
FERPA were still sharing student data
00:00
with other entities for commercial and other purposes.
00:00
Credit card companies, finance companies, the military.
00:00
It placed this law in place to give
00:00
greater protections to legal guardians
00:00
and the parents of minor students, students K-12.
00:00
What the PPRA does it says that, no,
00:00
these educational institutions and
00:00
agencies can't use surveys,
00:00
analysis or evaluations funded
00:00
by the Department of Education to collect
00:00
sensitive information from minor students and then
00:00
share that information without
00:00
parental or legal guardian consent.
00:00
What do we mean when we talk
00:00
>> about sensitive information?
00:00
>> We're talking about information like
00:00
political affiliations,
00:00
mental and psychological problems that might
00:00
embarrass a student or his or her family,
00:00
a student's sex behavior or
00:00
attitudes, a student's illegal,
00:00
anti-social or
00:00
anti-self-incriminating and demeaning behavior.
00:00
Those critical appraisals of other individuals
00:00
with whom respondents have a close family relationship,
00:00
any legally recognized privilege,
00:00
relationships like those that exist with lawyers,
00:00
physicians, and ministers,
00:00
the religious practices,
00:00
affiliations or beliefs of the students or
00:00
the students family or
00:00
information as it relates to income.
00:00
Other than any information required by
00:00
law that's used to determine
00:00
a student's eligibility for its participation in
00:00
programs or for receiving financial assistance.
00:00
It was in 2001,
00:00
that the Bush administration
00:00
enacted the No Child Left Behind in 2001,
00:00
and it had privacy provisions.
00:00
It amends the PPRA because, again,
00:00
these educational institutions and
00:00
ESSA were still sharing
00:00
minor children's personal identifiable information with
00:00
third parties for marketing purposes
00:00
and for certain non-emergency medical examinations.
00:00
What this provision in the No Child Left
00:00
Behind Act does is it requires at
00:00
before an educational agency or
00:00
institution can use surveys,
00:00
analysis or evaluations to collect information on
00:00
minor students that it had
00:00
to have parental or legal guardian consent.
00:00
The school had to notify that parent or
00:00
legal guardian of when those surveys were taking place,
00:00
the type of information being collected,
00:00
what was being disclosed,
00:00
and to whom and for what purpose.
00:00
Then if it was for marketing purpose in
00:00
those other non-emergency medical examinations
00:00
covered under the NCLBA,
00:00
then the parent or legal guardian had to write
00:00
opt outing of having that information share for
00:00
commercial purposes, like marketing purposes.
00:00
There are always questions about
00:00
the Every Student Succeeds Act of
00:00
2015 that replaces the NCLBA.
00:00
Its Section 8037 entitled,
00:00
a sense of congress
00:00
respecting student privacy really provides guidance to
00:00
the Department of Education and to
00:00
those educational institutions and
00:00
agencies that
00:00
collect personal identifiable
00:00
>> information from students.
00:00
>> It puts some requirements that says that
00:00
any school that's collecting
00:00
information cannot share that information
00:00
outside of this legitimate use of that information.
00:00
It also requires that these schools themselves have
00:00
greater privacy protections in place to protect
00:00
the personally identifiable
00:00
information of these students.
00:00
It holds the secretary of
00:00
Department of Education responsible for insurance that
00:00
the enforcement of this Act itself to compel
00:00
those educational agencies and
00:00
institutions to comply with this Act.
00:00
Now lots of times there are lots of questions about,
00:00
when does FERPA apply and when does HIPAA apply
00:00
as it applies to a student's educational records?
00:00
I have used a great reference
00:00
entitled the Joint Guidance on
00:00
the Application of FERPA
00:00
and HIPAA to Student Health Records.
00:00
It was jointly published and
00:00
>> updated in December of 2019,
00:00
>> jointly by the Department of Education
00:00
and the Department of Health and Human Services.
00:00
It seeks to clarify for entities themselves,
00:00
when does FERPA apply?
00:00
When does HIPAA apply?
00:00
As we said, if you are an educational institution or
00:00
agency that has complied with FERPA
00:00
and you maintain the student educational records.
00:00
In those records, you're
00:00
storing information that might be health information,
00:00
then it's FERPA that applies.
00:00
If a secondary or elementary school funds
00:00
a school nurse that's funded
00:00
by monies received from Department of Education,
00:00
then any information you stored by
00:00
that nurse in educational records
00:00
is protected under FERPA.
00:00
Now for medical treatments
00:00
provided to other entities like employees,
00:00
then it would be HIPAA's privacy rule
00:00
that was applicable in that case.
00:00
If you had a post-secondary school that had
00:00
its own health clinic that was
00:00
identified as a covered entity or business associate,
00:00
then it would have to comply with HIPAA.
00:00
Now, if that institution or ESSA was
00:00
providing medical treatment or services
00:00
to students and this information was being
00:00
retained or stored in their educational records,
00:00
then FERPA would apply.
00:00
But if that same health clinic
00:00
for that post-secondary school was
00:00
providing medical services to
00:00
other entities like alumni,
00:00
school staff, employees, then
00:00
it would be HIPAA's privacy rule that was applicable.
00:00
Question 1, really deals
00:00
with the PPRA in his requirements that schools
00:00
obtain written consent from
00:00
parents or legal guardians before they
00:00
use US Department of Education funded surveys,
00:00
analyses, and
00:00
evaluations to collect sensitive information.
00:00
What types of information are
00:00
we talking about that's been
00:00
classified sensitive under PPRA?
00:00
Your choices are A, B, C,
00:00
and D. As we discussed throughout the lesson itself,
00:00
there are also other identifiers
00:00
that would be considered as sensitive information.
00:00
Question 2 ask, how does
00:00
the NCLBA's privacy provisions, amend the PPRA?
00:00
The appropriate answer is A.
00:00
Question 3 really ask a question about
00:00
the Every Student Succeeds Act of 2015.
00:00
What does the Congress's Sense of Privacy
00:00
say about the obligations placed both on
00:00
the Department of Education and then
00:00
those educational agencies and
00:00
institutions that must comply with the ESSA?
00:00
The correct answers are A, B, C,
00:00
and D. In summary,
00:00
we looked at the PPRA,
00:00
we looked at the No Child
00:00
Left Behind's privacy provisions.
00:00
We looked at the Every Student Succeeds Act
00:00
and his privacy provisions.
00:00
We said that FERPA is a federal law that
00:00
protects the privacy of student education records,
00:00
establishes the rights of legal guardians,
00:00
eligible students, and parents.
00:00
For those private and public educational institutions
00:00
and agencies that must comply with FERPA.
00:00
We said the PPRA immense
00:00
FERPA by requiring that these schools have
00:00
written consent from a parent or
00:00
legal guardian before they use surveys funded by
00:00
the Department of Education to collect
00:00
sensitive information and then to share
00:00
that information with
00:00
other entities for commercial purposes.
00:00
We said the NCLBA amends to PPRA by
00:00
requiring that these same schools also
00:00
require written consent from parents or legal guardians
00:00
before they collect information
00:00
and share for commercial purposes.
00:00
We talked about the privacy provisions of the ESSA.
Up Next