Skip to content Menu

The Department of Education is currently seeking public input on guidance that clarifies students' privacy rights as they relate to medical records. The "Dear Colleague Letter" from Chief Privacy Officer Kathleen Styles explains ED's views on the subject.

Under the Family Educational Rights and Privacy Act (FERPA), there are instances when colleges and universities can release a student's information without his or her consent, according to ED.

The letter clarifies "that in cases where litigation occurs between the institution and a student, FERPA's school official exception to consent should be construed to offer protections that are similar to those provided to medical records in the context of litigation between a covered health care provider ... and a patient under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)."

This means that "without a court order or written consent, institutions that are involved in litigation with a student should not share student medical records with the institution's attorneys or courts unless the litigation in question relates directly to the medical treatment itself or the payment for that treatment, and even then disclose only those records that are relevant and necessary to the litigation."

The department is providing this guidance to ensure students trust campus medical and counseling professionals and feel comfortable using their services, Styles wrote.

ED is seeking input on the following issues:

  • Could the guidance create any unintended consequences? For example, would the guidance in any way restrict the work of threat assessment teams?
  • Is there a way to mitigate the burden to institutions caused by this guidance—without lessening the protections given to students?
  • Should the guidance be extended outside the postsecondary context to include K-12 and early childhood education?

Comments can be sent to  The comment period closes Friday, Oct. 2.


Bryan Dickson

Director, Student Financial Services and Educational Programs


Related Content

What Did I Miss in Washington? July 10-August 1, 2018

In this edition: NACUBO guidance on closing out Perkins Loan programs, an update on borrower defense, a new tax bill on Capitol Hill, and more.

What Did I Miss in Washington? April 30-May 13, 2019

In this edition: House appropriators approve increased FY20 funding for ED, the IRS announces retirement and deferred compensation plan audits, and more.

New OMB Policy Requires Title IV Privacy and Data Security Audit Checks

The long-awaited Office of Management and Budget 2019 Compliance Supplement has been released and features a new privacy and data security audit objective for Title IV program audits.