The Family Educational Rights and Privacy Act (FERPA) affords parents and students who are 18 years of age or older ("eligible students") certain rights with respect to the student's education records. These rights are:
Parents or eligible students who wish to inspect their child’s or their education records should submit to the school principal [or appropriate school official] a written request that identifies the records they wish to inspect. The school official will make arrangements for access and notify the parent or eligible student of the time and place where the records may be inspected.
Parents or eligible students who wish to ask the [School] to amend their child’s or their education record should write the school principal [or appropriate school official], clearly identify the part of the record they want changed, and specify why it should be changed. If the school decides not to amend the record as requested by the parent or eligible student, the school will notify the parent or eligible student of the decision and of their right to a hearing regarding the request for amendment. Additional information regarding the hearing procedures will be provided to the parent or eligible student when notified of the right to a hearing.
One exception, which permits disclosure without consent, is disclosure to school officials with legitimate educational interests. The criteria for determining who constitutes a school official and what constitutes a legitimate educational interest must be set forth in the school’s or school district’s annual notification for FERPA rights. A school official typically includes a person employed by the school or school district as an administrator, supervisor, instructor, or support staff member (including health or medical staff and law enforcement unit personnel) or a person serving on the school board. A school official also may include a volunteer, contractor, or consultant who, while not employed by the school, performs an institutional service or function for which the school would otherwise use its own employees and who is under the direct control of the school with respect to the use and maintenance of PII from education records, such as an attorney, auditor, medical consultant, or therapist; a parent or student volunteering to serve on an official committee, such as a disciplinary or grievance committee; or a parent, student, or other volunteer assisting another school official in performing his or her tasks. A school official typically has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility.
Student Privacy Policy Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202
or by email to FERPA.Complaints@ed.gov
FERPA permits the disclosure of PII from students’ education records, without consent of the parent or eligible student, if the disclosure meets certain conditions found in § 99.31 of the FERPA regulations. Except for disclosures to school officials, disclosures related to some judicial orders or lawfully issued subpoenas, disclosures of directory information, and disclosures to the parent or eligible student, § 99.32 of the FERPA regulations requires the school to record the disclosure. Parents and eligible students have a right to inspect and review the record of disclosures. A school may disclose PII from the education records of a student without obtaining prior written consent of the parents or the eligible student –
ACCESS TO STUDENT RECORDS
The Federal Family Educational Rights and Privacy Act (FERPA) protects the privacy of student-education records, and gives parents and students age 18 or older certain rights with respect to these records. Parents/guardians have the right to inspect and review official educational records directly related to their children. Copies of records may be obtained for a fee. If parents believe that any record is incorrect or misleading, they have the right to an opportunity for a hearing to challenge the contents. For additional information about the policy and regulations, parents can contact Business Administrator Staci SanSoucie at 248-6308 or through email.
Email Staci SanSoucie
DIRECTORY INFORMATION
Under FERPA, certain categories of student information have also been designated as directory information. This information includes a student’s name, major course of study, participation in school activities or sports, weight and height if a member of an athletic team, degrees and awards received, photograph and class roster. Directory information may be used in the following ways: sports programs, newspapers, other media, college recruiters, college admission offices, college coaches, etc. Parents and eligible students may request, in writing, that the school not disclose directory information. Send the request to the Superintendent’s Office, 222 Woodbine Ave. East Rochester, NY 14445.
HIPAA AND FERPA COMPLIANCE
The Health Insurance Portability and Accountability Act of 1996 requires standards to be adopted in two areas:
• Electronic health-care transactions (include standardizing the manner in which health services are claimed by any entity for any person in receipt of such a service)
• Privacy (confidentiality) of all health-related services provided. This involves protection of health information for anyone in receipt of such services.
Electronic health-care transactions: Since the Central New York Regional Information Center submits all Medicaid claim data to the electronic Medicaid system in NYS (eMedNY) for processing, it is a covered entity under this act. The electronic transmission of Medicaid data is now HIPAA-compliant. Privacy: The Family Educational Rights and Privacy Act – Buckley Amendment (FERPA, aka Buckley Amendment) is more restrictive than HIPAA with respect to the protection of privacy and security of all healthrelated services. Since all school districts (and any other educational entities that have access to student data) are obligated to be in compliance with FERPA, they are also HIPAA- compliant.
In order to assure compliance with FERPA (and thus with HIPAA), the following minimum procedures must be in place:
• All student data files and information must be protected (i.e. student files are locked or accessible only by appropriate personnel).
• Any student information/files transmitted to other appropriate recipients must also be protected. Information files must be encrypted and password- protected.
• Student information/files may be faxed to appropriate personnel, but only to secure sites. Parental consent is required for the release of any personally identifiable information, other than those specifically excluded in the FERPA Fact Sheet.
See Procedures for Transmission of Student-Specific Information for all communications between school districts and SED/DOH pertaining to student-specific information.
You can also read Annual Notices from the US Department of Education on their website.