KTVZ reports:
Sen. Ron Wyden, D- Ore., asked Thursday for details about the thoroughness of privacy protections on health information for students who use on-campus medical facilities at colleges and universities nationwide.
In a letter to Education Secretary Arne Duncan, Wyden expressed concern that the rules protecting medical information collected by campus health facilities are less understood by patients than the privacy standards applied to off-campus health providers.
Read more on KTVZ.
Interested readers may wish to read this document published by the U.S. Education Department in 2008 that clarifies the relationship between FERPA and HIPAA. See, in particular, Question 7, which I think is relevant to this case. As I’ve commented before, what the university did was legal, but in my opinion, university mental health clinics and such services should be covered under HIPAA and not FERPA. Congress can – and should – fix that to afford greater protection to treatment records than FERPA accords.