HIPAA generally does not apply to school nurses when student health records are maintained by the school as part of its educational records, because such records are covered by the Family Educational Rights and Privacy Act (FERPA) rather than the HIPAA, unless the school nurse operates under a healthcare entity separate from the school that bills electronically for services. FERPA provides protections for any health information maintained by the school that is directly related to a student, ensuring that privacy requirements are followed. Under FERPA, parents and eligible students retain the right to access and control disclosures of these records.
HIPAA typically applies to covered entities, such as healthcare providers, health plans, and healthcare clearinghouses that transmit health information electronically for billing or other purposes. Since schools generally do not operate as healthcare providers in this capacity and do not engage in electronic health transactions, they are not considered covered entities under HIPAA. This distinction means that a school nurse’s documentation of student health information, when kept as part of a student’s education record, is regulated under FERPA, not HIPAA.
There are instances where HIPAA could apply to school nurses. If a school nurse operates under a healthcare entity separate from the school, such as a public health department or hospital that provides services to the school, and electronically bills for those services, the healthcare entity may be subject to HIPAA regulations. In such cases, the health records created by the school nurse for these specific purposes would be governed by HIPAA. This scenario, however, is uncommon and requires a clear distinction between records managed under FERPA and those covered by HIPAA.