The purpose of this guidance is to explain the relationship between the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, and to address apparent confusion on the part of school administrators, health care professionals, and others as to how these two laws apply to records maintained on students. It also addresses certain disclosures that are allowed without consent or authorization under both laws, especially those related to health and safety emergency situations. While this guidance seeks to answer many questions that school officials and others have had about the intersection of these federal laws, ongoing discussions may cause more issues to emerge. Contact
information for submitting additional questions or suggestions for purposes of informing future guidance is provided at the end of this document. The Departments of Education and Health and Human Services are committed to a continuing dialogue with school officials and other professionals on these important matters affecting the safety and security of our nation’s schools.
From Guidance [pdf, November 2008]
hat-tip, AACRAO