Stephanie Carroll reports:
The Churchill County School District denied that student records are being disposed illegally, an allegation made recently by information protection professional Tom Considine during his radio show “Who Complys.”
Considine said CCSD employees contacted him last year asking about proper disposal of student records, claiming the district dumps special education and psychological files. Considine said this could be an extremely risky procedure because schools are targeted five times more for identify theft because students may not learn about it until years later.
He added there have been cases beyond Churchill County where dumped records were blown into a town after a wind storm. Plus, he said it is illegal.
“It is my belief these records fall under the Health Insurance Portability and Accountability Act (HIPAA),” Considine said. “Because these records may be covered under HIPAA, the fines for illegal dumping are $1.5 million per incident. All other forms of student records are also protected under various state and federal laws. Either way, should the school district suffer a breach of security, the costs involved with correcting the situation are immense.”
Read more in Lahontan Valley News.
Thanks to the reader who sent in this link.
With all due respect to Tom, I don’t think the records are covered under HIPAA as FERPA applies to health-related records maintained by a public school that is subject to FERPA and HIPAA only applies to HIPAA covered entities. A psychological report on a student is an education record. If the psychological file is the psychologist’s records of treatment sessions provided to the student in school, then it is a treatment record, and not an education record, but that doesn’t put it under HIPAA if the school isn’t a HIPAA covered entity as defined by HIPAA. For more on the intersection of FERPA and HIPAA, see the joint guidance (pdf) published by the Department of Education and Health and Human Services.