Skip to Content

FERPA vs. HIPPA (December 2012 School Leader Update)


In 2008, the U.S. Department of Education and the U.S. Department of Health and Human Services released guidance regarding the relationship between Family Educational Rights and Privacy Act (FERPA) and Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. As a general rule, the HIPAA Privacy Rule does not apply to an elementary or secondary school because the school either: 1) is not a HIPAA-covered entity, or 2) is a HIPAA-covered entity but maintains health information only on students in records that are by definition “education records” under FERPA and, therefore, is not subject to the HIPAA Privacy Rule. However, there are always exceptions to the general rule, and this joint guidance document addresses when FERPA and HIPAA intercept. Please see the guidance at the following ink:

Printed from the Iowa Department of Education website on May 20, 2018 at 10:17pm.