1. Home
  2. Parents & Families
  3. Caring for Your Child & Family
  4. Family Support
  5. Legal Issues
  6. Laws to Know
  7. HIPAA/FERPA

HIPAA/FERPA

On this Page

Sharing your child's health information with and between health providers is an important part of the medical home concept, especially when several specialists are caring for your child. With access to all information, your doctors can make the best decisions, avoid duplication of tests and services, and minimize the risks. Other providers can be sure that their services are consistent with the overall plan and can work with your medical home to make sure your child gets the best care possible.

You, as a health care consumer and a parent, have the right to control where your child’s health information goes, and the responsibility to make sure it is available to those who need it. In general, you should also try to limit access to your child's medical information to only those people who need it to provide care, to work with your providers (e.g., schools), or to provide funding/payment (e.g., insurance companies, Social Security, etc.). It is important to be careful about how the information is shared—sending records by fax or email may not be the safest way unless you are sure the fax will only be seen by the right people or that the email is appropriately encrypted. Federal legislation (HIPAA) has mandated certain protections for health information.

What is HIPAA? And why is it important?

The Health Information Portability and Accountability Act (HIPAA) was established by the U.S. Department of Health and Human Services (HSS) in 1996. This national set of privacy regulations limits the ways that health plans, pharmacies, hospitals, doctors, and other "covered entities" can use patients' personal medical information. The regulations govern sharing of any information about health status, provision of health care, or payment for health care that can be linked to an individual—"protected health information."

Listed below are some frequently asked questions about children's health care needs. Answers have been summarized from the Health and Human Services web site. For more detailed information, see Health Information Privacy (HHS) or HIPAA Frequently Asked Quesions: Personal Representatives and Minors.

How does HIPAA affect the confidentiality of my child's medical records?

The privacy regulations prevent personal medical information from being given, without your permission, to an outside entity for purposes unrelated to your child's health care, such as a life insurer, a bank, or a marketing firm.

Do my child's doctors need my permission to share information with each other?

No, but the HIPAA Privacy Rule permits a health care provider to disclose protected health information about an individual, without the individual's authorization, to another health care provider for treatment of the individual. Health care providers are required by HIPAA to take all needed precautions in sharing information in a confidential manner. But it can be very helpful to providers when parents are proactive in granting written permission to communicate with other providers and, particularly, with schools and mental health providers. Many people (including providers and their staff) don't fully understand HIPAA and may not be willing to communicate without permission from you, even when it would be perfectly legal and in your child's best interest.

Are parents entitled to copies of their child's medical records?

Patients and their parents should be able to get copies of their medical records and ask for corrections if they find errors and mistakes. Health plans, doctors, hospitals, clinics, nursing homes and other covered entities generally should provide access to these records within 30 days of request and may charge patients for the cost of copying and sending the records.

What happens when I sign information release forms?

Most doctors and other providers will ask you to sign a "release form" giving them permission to share information with other providers, facilities, schools, etc. Examples of such forms can be found below under "Tools." These forms usually allow you to specify details about when, where, how much and how long your medical records may be shared.

Can I fax or email medical information?

Yes, but it is a good idea to ask if these methods are protected for confidentiality.

What about communicating with my child's school personnel

Sharing health information with and from schools and school personnel is governed by yet another law, the Family Educational Rights and Privacy Act (FERPA), which is even more restrictive than HIPAA. Special forms will be needed to grant school personnel permission to share information. See Family Educational Rights and Privacy Act (FERPA) (USDOE), the Portal's School Types and Options section, and the Medical Home - School Information Release Form (PDF Document 49 KB).

What is FERPA and why is it important?

Family Educational Rights and Privacy Act (FERPA) (USDOE) is a Federal law that protects the privacy of public school student education records. The FERPA law does not apply to private schools. FERPA gives parents or guardians rights about their children’s education records. These rights become the student’s rights when the student:

  • Turns age 18
  • Starts school beyond the high school level, like college, even if the student is under age 18.
A student who has FERPA rights is called an eligible student. Generally, schools can’t release any information from a student’s education record without written consent from the parent or eligible student. However, because school nurses are providers under HIPAA, they can share information with other providers without consent.

FERPA gives parents and eligible students the right to:

  • Look at all the student's education records kept by the school
  • Ask that the school correct records if something isn't accurate

Health Information in Education Records: HIPAA or FERPA?

Health information contained in a medical record is protected by HIPAA. Health information given to anyone in the school goes into the student’s education record. Once it’s in the education record, it’s protected by FERPA, not HIPAA. Information should be kept in a secure place and only shared on a need-to-know basis.

Resources

Information & Support

For Parents and Patients

Health Information Privacy (HHS)
Overview and links to detail about HIPAA, for Consumers and for Covered Entities (physicians and health organizations); from the U.S. Department of Health and Human Services.

HIPAA Frequently Asked Quesions: Personal Representatives and Minors
Search for information about HIPAA, personal representatives, and minors on the U.S. Department Health and Human Services site.

Family Educational Rights and Privacy Act (FERPA) (USDOE)
A description of FERPA; United States Department of Education

Tools

Medical Home - School Information Release Form (PDF Document 49 KB)
Sample form for a child's parent/guardian to authorize two-way communication between the health care provider and school team.

Release of Information Form (Medical) (Word Document 28 KB)
This sample form may be used to share information between designated providers. Check with your Medical Home for more information.

Authors & Reviewers

Initial publication: June 2008; last update/revision: December 2020
Current Authors and Reviewers:
Author: Chuck Norlin, MD
Contributing Authors: Mindy Tueller, MS, MCHES
Gina Pola-Money
Reviewer: Tina Persels
Authoring history
2020: first version: Alfred N. Romeo, RN, PhDCA
AAuthor; CAContributing Author; SASenior Author; RReviewer