FERPA & HIPAA Information
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a federal law that was enacted in 1974. FERPA protects the privacy of student education records. All educational institutions that receive federal funding (including Antioch University) must comply with FERPA.
FERPA Information for Employees
Antioch University is dedicated to protecting student privacy. All employees with access to student education records are obligated to comply with FERPA and to protect those records according to the law. The disclosure of student information to any unauthorized person could subject an employee to criminal and civil penalties imposed by law and could be cause for disciplinary action, including termination of employment. When accessing AU systems, view only the information needed to complete an assigned or authorized task. Communicate the information only to other parties with a legitimate educational interest in the information in accordance with FERPA.
All AU employees with access to student records must agree to the terms of the Model Notification regarding FERPA. This agreement is acknowledged as part of the initial sign-on process for AUDirect.
If you have any questions about whether you have a legitimate educational interest in any student information, please contact [email protected].
FERPA Information for Students
FERPA General Guidance for Students provides information regarding how Antioch defines directory information (information about you that can be released without your authorization), how you can withhold that information if desired, and the implications of doing so. Please contact the Registrar’s Office with any questions.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that an individual’s health information is properly protected while allowing the flow of health information needed to provide and promote high-quality healthcare and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing.
The CDC HIPAA Information page provides excellent additional HIPAA-related content.