In addition to HIPAA, PIC is also governed by Family Educational Rights and Privacy Act (FERPA). As a result, PIC is held to a higher standard than if operating under HIPAA alone. In practice, this most often affects the handling of medical records and release of information (ROI). Unlike under HIPAA, FERPA does not allow us to share information with referring providers without a signed ROI on file.
Purpose and Practice
What is FERPA?
FERPA is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records.
Key points:
- FERPA is more restrictive than HIPAA, health records are considered education records, so we cannot release those records without an ROI, even to the referring doctor.
- We can’t make a referral without an ROI, due to releasing Personally Identifiable Information (PII), covered under FERPA. PII is considered any identifying information that makes the child easily recognizable by itself or in combination, for example:
- Child Name
- Parent Name
- DOB
- Age
- Address
See pages 3-5 on the following document for more details:
https://acrobat.adobe.com/id/urn:aaid:sc:US:9f7b8a5e-8a3c-4334-a8d1-7abdad763b03
Practical Application:
Check patient file for ROI or Release of Information for the establishment or doctor in question, and if there is not an ROI state or email the following:
“Due to FERPA I can only confirm/deny that we are in communication with this mutual patient until we have a completed ROI on file, would you like me to send over our Release of Information paperwork for the Parent or guardian to fill out?”
- If ROI is on file, provide information requested.
Secondary Release under FERPA
Secondary release of information, including all medical and educational records, is not allowed under FERPA.