One of the great advantages of our new digital age is the ease with which information can be transmitted rapidly to people around the globe. Unfortunately, in certain areas that ease has led to serious problems. One such area is medical record-keeping, where the accessibility and disclosure of confidential medical information has become an important and expensive issue for any organization that handles such records.

In the past few years, several lawsuits have been filed over the release of confidential medical information via computer. The University of Michigan faces litigation because of its accidental posting of student medical records on the internet. A school district in Wisconsin lost a $900,000 judgment, in part, for not protecting the privacy of a student’s sexual orientation. Washington Hospital lost a $250,000 judgment for accidentally releasing a patient’s HIV status.

It was in this environment that the U.S. Department of Health and Human Services in December released its final regulations establishing the first-ever national standards to protect patients’ personal medical records, as mandated by Congress under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Among other things, these regulations place civil and criminal liability on the intentional or unintentional release of medical information unless prior written approval of the release is obtained. The law carries penalties of up to five years in prison and $50,000 in fines.

In 1996, HIPPA did not appear to affect schools. The regulations passed in December, however, now mention school medical records by name as one of the categories covered, including electronic and paper records. This law took effect April 14. That means schools, districts, and administrators now face increased accountability for ensuring the confidentiality of their students’ medical records.

The average school nurse sees more than 50 students a day. She typically accumulates more than 10,000 medical records a year. An estimated 10,000 schools across the country have purchased specific school health software that is designed to handle the administration of student medical records. In schools without student medical records software, medical information is written down on paper charts and stored in file cabinets or keyed into the school’s administrative system. But most school administrative systems have access portals for teachers, administrative personnel, and—in some cases—parents. Even using specific school health software or health modules that are part of the school’s administrative system does not guarantee compliance under the law. The software selected must have a high degree of security and confidentiality, restricting access to only those individuals authorized by law to view the information. Generally, this means only the school nurse. Administrators who gain access may be doing so at their peril.

A common and dangerous situation arises in schools where there is no nurse. In these schools, someone in the principal’s office or a parent volunteer is asked to help administer medications and keep track of medical information. These well-meaning individuals are not health-care providers under state laws and should not be dispensing medications. Under the new federal law, the school puts itself at risk by giving them access to the medical information that is needed to administer the medication. Further, if they intentionally or inadvertently disclose that a particular student is receiving any medication, both they and the school face severe penalties. The more people who have access to confidential medical information, the greater the chance that unauthorized information will be released—and the school is liable whether the release of such information is intentional or unintentional.

There are several steps that schools can take to reduce the potential for civil and criminal liability. The first is to ensure that only a qualified health-care professional, generally the school nurse, has access to confidential medical data. A corollary to that step would be to discard immediately the practice of having parents and other non-health-care professionals administer medications to students. If medical information is kept on paper, another important step is to ensure that only the nurse is recording and storing such information, and that only authorized individuals have access to the files in which such records are kept.

The difficulty of protecting confidentiality and enforcing restricted access to a paper-based record system will dictate the automation of confidential medical information in many schools, both large and small. For schools that are automating or have automated systems, it is critical that the database containing student medical information is kept separate from the school’s administrative database. Only systems containing extensive multilevel security that not only restricts access to the database, but also provides further protection once access has been granted, should be considered. There should be an additional level of security for especially sensitive information, such as pregnancy, abuse, HIV, and the myriad other problems that, unfortunately, have become a part of today’s school environment.

Although clerical staff can be given restricted access to enter demographic information, confidential medical information must be protected. Even the district’s technology administrator and staff should only have restricted access to the student medical database, and the software chosen should use encryption techniques wherever possible.

Under the new law, parents have the right to review their children’s medical information and request the correction of erroneous data. Each time a medical record is changed, a liability risk is incurred, based on the changes. It is imperative that the software chosen for automation contains an “audit log” to track all changes made to the medical record irrevocably. This “audit log” must become part of the permanent record and be attached to the record itself, not the system, in case the student transfers schools. Employing this procedure protects the district in the event that a change—or reasons for a change—is ever questioned.

This is a very good law that clearly will benefit students. It is a real tragedy when the unintentional release of student medical data accidentally harms a student. By following the steps described above, school districts should be able to reduce dramatically the added liability this new law places on them. By protecting students and school districts alike, the practices outlined above can ensure that everyone benefits from this legislation.

David L. Wigler is vice president of Healthmaster Inc. of Walled Lake, Mich., which makes HealthOffice 2000 school health software. He can be reached at