HIPAA vs FERPA: What’s the Difference?

What is HIPAA

HIPAA stands for Health Insurance Portability and Accountability Act of 1996. Under this federal law, patient health information is protected and kept secure unless the patient gives consent to disclose their information. The patient has control of who has access to their records.

It’s a national mandate to keep protected health information (PHI) secure. At its core, HIPAA regulates the privacy of health information on a national level.

PHI includes:

Your name
Your address
Your Social Security Number
Medical records
Any unique identifiers

For example, if parents of a college student call their child’s doctor for an after-visit summary, the office will not be able to disclose any information without the child’s consent.

Who has to follow HIPAA Rules?

Any entity that falls under the category of “covered entities,” must always enforce HIPAA law. These include:

Health care providers
Health Care Clearinghouses
Health Care Plans
Business Associates

Why is HIPAA important

HIPAA keeps personal information secure for patients. It helps build trust between the entity holding private medical information and the patient. Allowing patients the choice to disclose records to whoever they decide keeps sensitive information safe from landing in the wrong hands.

HIPAA Violations Examples

HIPAA violations breach patient confidentiality and can result in fines and penalties. Common violations include:

Cyber-attacks or breaches in security
Lack of data encryption
Sending the wrong PHI to a patient
Discussing PHI outside of work
Posting PHI on social media
Theft of equipment that has PHI
Incorrectly disposing of patient records

Learn more about Affordable Benefits, talk with one of our team members!

What is FERPA

FERPA stands for the Family Educational Rights and Privacy Act that was implemented in 1974. This law is another federally mandated law that regulates the privacy of student information on a national level. It protects the privacy of student school records that the education system holds.

Parents or legal guardians have access to the records and can have the records amended, and have the ability to disclose personally identifiable information from education records to their discretion until the student is 18 years old.

According to the CDC, FERPA serves these two main purposes:

“Gives parents or eligible students more control of their educational records.
Prohibits educational institutions from disclosing ‘personally identifiable information in education records’ without written consent.”

Who has to follow FERPA Rules?

Any of the following public and private education systems are required to follow FERPA policy when they receive federal funding:

Elementary schools
Secondary schools
Post-secondary schools
State and local education agencies

Why is FERPA important?

FERPA is important because it allows students, parents, and legal guardians the ability to review school records, request any corrections that need to be made, and control who has access to the student’s personal identification information.

The education system must request consent from the student, parent, or legal guardian before releasing any personally identifiable information to keep the student’s information safe from the wrong hands.

FERPA Violations Examples

The federal government will revoke federal funding to education systems that violate FERPA regulations. Common FERPA violations include:

The education system refuses to provide school records to the student, parents, or legal guardians.
School employees who, even unintentionally, disclose the academic standing of one student to other students.
Telling parents about other child’s academic standing that is not their own.
Posting student grades in public places with their names attached
Allowing a parent volunteer to grade the exams of other students

HIPAA vs FERPA

Both HIPAA and FERPA are nationally mandated laws that protect information. HIPAA keeps medical records secure while FERPA keeps education records private. Failure to comply with either results in fines, penalties, or revocation of funding.

Are you concerned with the HIPAA compliance of your virtual doctor’s appointment? Read about the HIPAA compliance standards that Zoom upholds to ensure your personally identifying information is kept safe in this article.