Protecting student data from unauthorized access is mandatory under the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act Regulations (FERPA). The acts are designed to protect the privacy and security of patients’ health information and parents’ and students’ educational records. The U.S. Department of Health and Human Services and the U.S. Department of Education issued a joint guidance on the application of FERPA and HIPAA to student health records.1
The Guide to Privacy and Security of Electronic Health Information is a useful resource that school-based dental sealant program coordinators and staff can consult to ensure that their programs are in compliance with federal health information privacy and security requirements. This guide provides information about the Medicare and Medicaid Electronic Record Incentive Program’s privacy and security requirements as well as about HIPAA’s privacy, security, and breach-notification rules. HealthIT.gov also offers a number of resources that program coordinators can use to effectively manage and secure student information and program data.
In addition to complying with HIPAA and FERPA, school-based dental sealant programs need to follow state medical records privacy laws. The FindLaw® State Medical Records Laws webpage provides links to state-specific laws on privacy of health records, including information on who may access records, what conditions must be reported by health professionals, and the conditions under which a patient may waive his or her right to the privacy of health records.