Minnesota School Steps in Without Parental Consent, Violating HIPAA, Student Lands in Hospital.
MACC is outraged with the illegalities of adopting the Common Core Standards in Minnesota and around the nation. Parents and Citizens have taken great offense to a one-size-fits-all curriculum and over testing. We want to make it clear however that MACC is equally concerned with data flowing unregulated from state agency to agency and between schools and medical facilities. This is an instance where a parent’s right to make medical decisions for their own child has been crossed. Thanks to JMLmom!
The Consequences of Unregulated Data
When we send our children to school we all have this private notion that our children are safe. For the most part this may be true, however things are changing. FERPA (Family Education Rights Protection Act) used to protect our children and families personally identifiable information. The US Department of Education unilaterally changed that to where anyone with an educational interest can now access our children’s and our family’s information.
So what happens when we have to share our student’s medical records with the schools? The following words are from a parent who knows firsthand the devastation of what can happen when your child’s medical records are compromised due to their school’s maltreatment of the child’s information. Mind you this comes from a family with special needs children in a Minnesota School District, as many of us do.
“Many people aren’t concerned about it until they’re burned. Most people are still under the false impression that schools follow HIPAA (Health Information Portability and Accountability Act). They do not. The only part of a school that *may* follow HIPAA is the medical biller, if filed electronically. All other records fall under FERPA and have no enforcement for violations. Please be aware and cautious with shared data to your school districts. They may not be as careful with your child’s data as you are.
We also provide necessary medical records directly, and have permission for contact with the Primary Care Provider only – whom I trust implicitly, and knows our history of privacy issues and schools trying to change our children’s orders without parental consent for their convenience and not our child’s benefit. This allows contact with a medical provider in an emergency, a local ER, yet a block to too much information filtering through and changes that we do not want. He also notifies us when school is making strange requests and I can have a meeting to find out what the problem is and go from there
Our school used the medical releases to contact the specialists independently and try to change medical orders without parent consent. They then contacted our DME, which they obtained info off the feeding pump, and tried getting orders changed that route. It didn’t work but did violate HIPAA for both the clinic and DME contacted. This affected many families in this group at the time as new notices had to be made and sent as a result and permissions obtained.
They then decided to change orders with no consent and harmed our child. Our child ended up very ill and required surgical repair as a result. To recover, our child missed three months of school.
With our other child, they contacted our nursing agency and falsely billed nursing hours under their waiver. This was also a HIPAA violation for both entities and Medicaid Fraud. It cost her waiver $75,000.
I was accused of mismanaging funds before we found out where they were disappearing. The school’s punishment? They had to pay it back and write a letter describing what happened and how it wouldn’t happen again. The nursing agency’s punishment? None.
This had nothing to do with specifics and everything to do with not following the law. The school didn’t want to feed our child properly. They thought a feeding tube was an inconvenience. They thought my other child’s nursing expense was our problem. So they decided they weren’t going to deal with them. It was a school attitude problem.”
We are thankful for this parent sharing their story and that their children are ok today, as it very well could have turned out with a much different outcome. This was just one family’s experience with their children’s medical information being misused. Our children’s information, whether medical or personally identifiable (PII) should be of the utmost importance of our schools to protect. And should not be used to cause a child harm. We as parents must be vigilant about making sure that we are protecting our children’s information, once it crosses the line from HIPAA to FERPA, a new ball game and new set of rules takes hold. And it is not always for the benefit of the child or family.