Friday, 23 October 2015

Conflicts In Patient Privacy Laws Often Leave Student Health Records Vulnerable

(George)

When a college student seeks medical treatment at a campus healthcare facility, they probably expect they will be afforded the same discretion as all consumer are under HIPAA (the Health Insurance Portability and Accountability Act). But thanks to a separate, often conflicting federal law, that isn’t always the case.

Much like HIPAA’s goal is to provide patient privacy, the Family Educational Rights and Privacy Act (FERPA) was intended to protect the privacy of student education records. However, a new report from ProPublica highlights how HIPAA and FERPA often leave patient privacy vulnerable when students seek treatment at their on-campus health centers.

That was the case for a Yale University graduate who shared her story with ProPublica.

Just weeks before graduation, the student found herself struggling with depression and anxiety and seeking help from the on-campus facility. Eventually, she was hospitalized against her will at the Yale-New Haven Hospital, which is off campus.

Although she was 21 at the time, the University contacted her parents to let them know of the situation. Soon after, the woman says she flew back home with her parents where they refused to accept her situation or allow her to see a psychiatrist or therapist.

Under normal circumstances, a 21-year-old’s medical history wouldn’t have been shared with others – even her parents – without her consent. But, as ProPublica goes on to explore, because she happened to be a student, her information was subject not to HIPAA, but to FERPA.

The issue goes back several decades when the government enacted FERPA in 1974 as a way to give students and parents access to their education records. The law also dictates when and how universities can obtain or share information that identifies individual students.

For example, if a student is under 18 or is claimed as a dependent for tax purposes, the law allows colleges to share their education information with parents, even without the students’ consent.

Additionally, the law provides a health-and-safety exemption, that states if a student is seen to be in danger, or to be putting others in danger, health information can be shared with “appropriate parties,” such as parents.

The story is different off-campus, though, according to ProPublica. In those cases, HIPAA applies, not FERPA, meaning the student has near full discretion on who their records can be shared with.

But the water is further muddied when a student is transferred to an off-campus facility from an on-campus one, as was the case for the Yale student. While she was eventually seen at the Yale-New Haven Hospital, a private institution – a stay that was covered by HIPAA – the information from the health clinicians that first helped her at Yale was only covered by FERPA.

And for the most part, it’s up to the college to determine when and how to use FERPA’s health-and-safety exception.

While Yale says it informs parents they can’t access their child’s health information without a signed written consent form, the student says she doesn’t remember signing such a document. And when she asked about its existence, she was told there wasn’t one for her case.

“Most of what happened while I was in the hospital happened without my knowing it,” she said. “I got an update every day or two about where my life was going.”

According to ProPublica, the woman’s story depicts the fine line universities walk when providing needed medical treatment for students: if they share too little they’re liable to be blamed if something happens, but if they share too much they’ll be accused of invading one’s privacy.

“There’s no doubt in my mind that the schools are trying to strike the right balance,” Paul Lannon, a Boston lawyer who advises colleges on legal issues, tells ProPublica. “They care for the students. They want the students to do well. They want the students to be healthy.”

Although the issue of student privacy may seem straight forward, it’s been cause for controversy in the past, particularly in the cases of high-profile campus shootings and sexual assault cases.

In an attempt to better guide schools on their responsibilities, while protecting students’ privacy, the Department of Education issued proposed guidelines over the summer concerning student counseling records, ProPublica reports.

Under the proposal [PDF], the Dept. directs university lawyers to only view counseling records if the treatment itself is at issue in a legal case, if they have permission, or if a judge’s order gives them access.

“Institutions of higher education have a strong interest in ensuring that students have uncompromised access to the support they need, without fear that the information they share will be disclosed inappropriately,” the Dept. wrote in a blog post on the issue.

The Dept. sought consumer input on the issue until Oct. 2; it’s unclear what the next steps will be.

When Students Become Patients, Privacy Suffers [ProPublica]


by Ashlee Kieler via Consumerist

No comments:

Post a Comment