[EMAIL PROTECTED] writes: >Don’t know if this will help or not, but I sat in on meeting with >Dickinson County Sheriff’s Office and HIPAA – they were mostly concerned >about who had access to medical information and how secure that access >was.
For what it's worth... Yesterday I received a fax from a hospital with sensitive student info. Definitely a bad situation for the sender and patient both - just the thing for which HIPAA is intending to avoid, I figure. Our Special Ed Director says that in the short term, we only need to be a bit more vigilant about faxing and emailing until we hear definitively from someone in authority (DOE?). The rumors, however, are saying much more. To get better information, I have emailed Rick Maehl, AEA8, John O'Connell, IA DOE, but have received no response. I think they're beginning to search, from what I can tell. (Rick, have you heard anything yet?) Last week I was forwarded a Superintendents' Newsletter where an attorney wrote about public records. E-mailing her to ask about HIPAA, I received this information in response ... (Note particularly the blurb below her signature.) 1. Email: Don't change your current procedures regarding retention of emails. [auto-delete mail after 20 days from the server] Just because emails are general public records doesn't mean that the district must maintain them for a specified period of time. It is just a matter of being aware that, if not deleted, a copy of an email must be provided upon request by a member of the public. 2. HIPAA: This is an emerging area for which we do not have definitive answers yet. Regarding the records of both students and district employees, if those records include health information, assume that HIPAA applies. This means that these records are NOT public records. This also means that they may not be disseminated without written permission of the employee or the student (student's parent/guardian) unless a HIPAA exception applies. A typical exception would be to a health insurer, e.g., but this is not universally true. Carol Greta, Legal Consultant Iowa Department of Education NOTICE TO RECIPIENT: THIS E-MAIL IS MEANT FOR ONLY THE INTENDED RECIPIENT OF THE TRANSMISSION, AND MAY BE A COMMUNICATION PRIVILEGED BY LAW. PLEASE NOTIFY US IMMEDIATELY IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, AND PLEASE DELETE THIS MESSAGE FROM YOUR SYSTEM. THANK YOU IN ADVANCE FOR YOUR COOPERATION. [Permission to pass this on granted by Ms. Greta.] ------------- Ms. Greta says that if we comply with FERPA we're fine with HIPAA, that "A healthy dose of common sense goes a long way." http://www.ed.gov/offices/OM/fpco/ferpa/ So if anything, we as techies ought to bone up on FERPA, it appears. Steve Scarbrough, Technology Coordinator Storm Lake Community School District 419 Lake Avenue Storm Lake, IA 50588 712.732.8100 fax:8101 [EMAIL PROTECTED] http://mail.storm-lake.k12.ia.us/~sscarbrough/ --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/[EMAIL PROTECTED]/ ---------------------------------------------------------
