In healthcare, we have the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which, as you know, helps remind us of our legal responsibility to protect patient information. There is an equivalent to this federal law in education. It is the Family Educational Rights and Privacy Act of 1974 or FERPA. This law protects the privacy of student educational records for any school that receives federal funding. Educational records include files, documents, grades, transcripts, disciplinary records, advising notes, contact and family information, and other materials which contain information directly related to a student. FERPA is there to remind us as educators of our legal responsibility to protect and ensure the privacy of student information. This privacy applies to a student’s program and academic file and especially examination or performance scores and disciplinary action. Just as with patients, we cannot discuss anything about a student’s academic performance with anyone other than the student unless he or she gives us explicit permission (written release) to do so. This is true even for parents. Once a student enters higher education, parents no longer have the right to inspect, review, or receive information about the student’s educational record.1 It is not uncommon for a parent or even a spouse to call the program to ask about how their son, daughter, wife, or husband are doing in the program. I’m sure you can imagine their surprise to learn we cannot disclose any information. We are legally bound as teachers by FERPA and cannot share this information without consent from the student or permission from the institution. Sometimes, it is best to directly state our legal obligation when dealing with a parent, spouse, family member, or significant other (U.S. Department of Education, 2007, 2013, 2017, 2018).
Ways to avoid some of the most common FERPA violations.
BE MINDFUL!
One of the most common FERPA violations occurs as a result of a teacher leaving student information such as advising notes, examinations, grading sheets, etc., out on his or her desk or table. This includes having the computer screen on and open with student data displayed.
Here’s how it happens.
A faculty member was grading exam papers. She had them on her desk and her computer on with the spreadsheet open with all the students’ names and their grades. She stepped out of her office, walking two doors down to talk with one of her colleagues about a student’s response to one of the exam questions. She wasn’t concerned about leaving her office because the students were in class, so she left her office door open. Unbeknownst to her, a student left class to come and talk to her about his exam. He walked into her open office and saw all the tests on her desk and her computer screen with the grades. Not finding her, he returned to class. Two hours later, another student comes to talk to this same faculty member, and she is in tears. The student tells the faculty member that she has been told by one of her classmates that he saw her failing exam score on your desk and now the whole class knows.
In this situation, the teacher failed to protect student privacy. It is never safe or ok to leave student documents on your desk or open on your computer. If you are working on things and need to leave the office – turn them over, turn off your computer screen and lock your office door. When you leave your office at night, all student documents should be placed in a locked drawer, close all open documents on your computer, and lock your office door. I know some teachers prefer not to keep their office door locked, but securing the door is critical. Experience has taught me that even when a faculty office door is closed and the faculty member is not present, students try the door handle and if unlocked, some will enter.
Although it was common practice in the past, teachers cannot post test scores on a bulletin board or ask another student to distribute graded papers to the class. Graded work, such as term papers, quizzes, or H&P write-ups, cannot be placed in a student’s “mailbox” unless it is locked and only the student has access.
THINK BEFORE YOU SHARE OR TELL
Never discuss, reveal, or compare one student’s performance with another student in the class. I know this may sound obvious, but here is how this one usually happens.
Two students who are best friends score very differently on an exam even though they studied together. Student A is talking to you because she barely passed, but she knows her friend (Student B) scored a 90. Student A is sure there must be a mistake and wants to see how the scores could be so different. BEWARE. It is easy to fall into talking about Student B here, but you cannot. It’s best to start by telling Student A you are happy to talk about her grade, but you cannot speak about Student B. If needed, you could choose to let her know you are legally bound to protect each student’s information and therefore you can only discuss her performance.
As mentioned previously, this situation could and does occur when you receive a phone call from a parent, family member, or spouse inquiring about their child’s or family member’s performance in the program. Unless the student has given explicit written consent that you may discuss their educational record with this individual, you are legally required to protect the student’s privacy.
TIP
If you do or don’t share information - DOCUMENT! DOCUMENT! DOCUMENT! I know this sounds familiar from a clinical perspective. However, documentation is also critical in education. If you ask permission of a student to share their information, you must obtain consent and I would strongly encourage this be in writing, such as the completion of a standardized form or a student encounter note that the student signs. It is also important to document those encounters when you inform individuals that you cannot release information.
WATCH WHAT YOU THROW IN THE TRASH!
Most of us don’t think about what we toss in the trash can. After all – it’s trash. However, as teachers, sometimes we make hard copies of student examinations, papers, projects, or grading rosters to review or file them. Therefore, what we toss in our waste paper basket could be a FERPA violation. Discarding any documents that contain personal student information should be shredded. If you don’t have time to shred it, it would be better to place it in a locked file or drawer until you can.
USE CAUTION WITH STUDENT DIRECTORY INFORMATION
Student directory information includes items such as name, address, phone number, and e-mail. Although this type of data can be released without consent under FERPA, universities and colleges must offer students the option to opt-out. Upon entry into an institution of higher education, students are informed about their directory information and are allowed to withhold consent, meaning they do not give their permission for this information being released (U.S Department of Education, 2013, 2018). However, this information may not reach individual teachers or faculty within a particular program. Therefore, it is better to always check with the student first.
One way this commonly happens is that a current student, such as the class president or other class officer asks you for the contact information of the new class of students, such as name, phone numbers or e-mails. The class president is requesting this information so they can send a welcome note and invite the new students to a luncheon. While it seems harmless enough, as the teacher, you should not release this information because you do not know if anyone in the class has not given consent for this “directory” information to be released. It is better to find an alternative and make it a simple rule that you do not disclose any student information. Alternative options could be suggesting that the new students be informed either through an in-class announcement or through a signup process if they are interested. This way, the decision to provide such information rests with each student, rather than you disclosing it.
SOCIAL MEDIA AND EMAIL – CHECK BEFORE YOU SEND
In today’s internet world where sharing is commonplace, teachers sometimes forget to think about FERPA. It is not that you can’t post or share, but you need to stop and be mindful of what you post and how you post it and make sure it does not contain any student private or protected information. This is especially true around emails, as they can also pose a problem. Sometimes, we want to send off a quick e-mail reply to a student’s question about this exam before we leave the office for the day. But we didn’t notice that this student copied other students in his e-mail, and so our reply has now gone to other students. I know all of us have hit the send button and then realize we sent it to the entire class. Of course, the content of the e-mail would determine whether this could be a FERPA violation. The point here is just to check before you click send.
KEY POINT
In general, use common sense and your best judgment to comply with the FERPA rules. It is our responsibility to protect each student’s information. Other than directory information, everything else, referred to as non-directory information must remain private until student consent is obtained.
REACH OUT FOR HELP OR SUPPORT – LEARN MORE
Although it is imperative you know about FERPA and how to ensure you comply, it is a federal law and thus has several exceptions and special considerations. Each University usually has at least one person who is a FERPA expert and responsible for ensuring the University and all faculty are following its requirements. If you have not received any training as part of your onboarding, you may want to reach out and meet with this person to learn more. As with any law, ignorance does not protect us should we violate it. Thus, consider stopping to ask for help before releasing information.
Violation of this law can result in disciplinary and legal actions taken against the teacher as well as the potential loss of federal funding for the institution. Violations are a serious matter so if in doubt – ASK first before releasing information
TIP
Keep the name and phone number of the office or individual who is the FERPA officer for the University close at hand should you need to refer someone to them. Sometimes, parents can become distraught when we are unable to give them the information they seek.
For more information about FERPA, please contact your Human Resources or Legal department or go to the US Department of Education webpage https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
Footnote
1There are specific circumstances when parents can obtain access to their college child’s educational record. They include if the student is claimed as a dependent for tax purposes, for emergency health or safety issues or if the student is under the age of 21 and have violated any law or policy related to the use or possession of alcohol or controlled substances (U.S. Department of Education, 2007).
References
FERPA/SHERPA: The Education Privacy Resource Center. Retrieved from https://ferpasherpa.org/
Nazarian, T (2018, September 12). The Unintentional Ways Schools Might Be Violating FERPA, and How They Can Stay Vigilant. EdSurge. Retrieved from https://www.edsurge.com/news/2018-09-12-the-unintentional-ways-schools-might-be-violating-ferpa-and-how-they-can-stay-vigilant
U.S. Department of Education. (2007, October). Parents’ Guide to the Family Educational Rights and Privacy Act: Rights Regarding Children’s Education Records. Retrieved from https://www2.ed.gov/policy/gen /guid/fpco/brochures/parents.html
U.S. Department of Education. (2013, November 7). Student Privacy 101: Student Privacy at the U.S. Department of Education. Retrieved from https://studentprivacy.ed.gov/?src=fpco
U.S. Department of Education. (2017, March). FERPA General Guidance for Parents. Retrieved from https://studentprivacy.ed.gov/resources/ferpa-general-guidance-parents
U.S. Department of Education. (2018, March 1). Family Educational Rights and Privacy Act (FERPA). Retrieved from https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
50% Complete
Watch for the newsletter in your e-mail.