How does Student Data Privacy affect school health services? The Health Insurance Portability and Accountability Act is a separate federal law that dictates how health records are to be handled. A school is subject to HIPPAA only if it provides medical care and electronically transmits health information as part of a “covered transaction” (e.g. billing).
For most schools, HIPAA will only be an issue when communicating with a student’s medical provider. While school health records are not regulated by HIPAA, almost all medical practitioners are covered by HIPAA. "Treatment purposes” is one of the exceptions: a practitioner may relay or clarify treatment orders to individuals involved in the treatment of that patient, such as to the school nurse without obtaining authorization of the student or parent.
Best practice, however, is that the parent/guardian signs a release of information allowing communication between provider and the school. Protection of personally identifiable health information contained in medical or treatment reports from an outside provider is the responsibility of the requester. Ideally the school nurse summarizes the educationally relevant information from the outside record source into the student’s cumulative health record and then destroys the outside record.