Understanding the difference between FERPA and HIPAA in special education is essential for every IEP team member—from special education teachers and related service providers to administrators and general education staff. When it comes to handling student records, IEP documents, and confidential information, knowing who can access what (and when) is not just helpful—it’s legally required.
Together, let’s break down the difference between FERPA and HIPAA, what each law means for confidentiality in schools, and why protecting student privacy should be a top priority in every special education setting. Whether you’re writing IEPs, collaborating with service providers, or communicating with families, this is the must-know guide to confidentiality laws in special education.
What is FERPA?
FERPA stands for the Family Educational Rights and Privacy Act. It’s a federal law that protects the privacy of student education records. It applies to all schools that receive funds from the U.S. Department of Education, which means nearly every public school in the United States.
Under FERPA:
- Parents have the right to access their child’s education records.
- Schools must have written permission from the parent or student (aged 18+) to release any information from a student’s record.
- This includes IEPs, evaluations, progress reports, and more.
FERPA is governed by the U.S. Department of Education.
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act. It was created to protect individuals’ medical records and other personal health information.
HIPAA is governed by the U.S. Department of Health and Human Services (HHS).
However, and this is important, HIPAA typically does not apply to public schools. That’s because student health information maintained by a school, for example: information from a school nurse or school-based therapist, is considered an education record and therefore covered under FERPA, not HIPAA.
Here’s a quick and simple breakdown:
| FERPA | HIPAA |
|---|---|
| Applies to educational records in schools that receive federal funding | Applies to health records in healthcare settings like hospitals or private clinics |
| Governs school staff, teachers, administrators | Governs healthcare providers and insurance companies |
| Parent or eligible student rights to access, review, and amend education records | Patient rights to access, correct, and limit use of health records |
| Covers school-based special education records (like IEPs) | Covers private healthcare therapy records (like outpatient OT) |
In short: If the information is being maintained by the school, FERPA applies. If it’s outside the school setting in a healthcare context, HIPAA applies.
Why Confidentiality Matters
Every IEP team member is a guardian of sensitive information. And confidentiality isn’t about being secretive or avoiding legal trouble – it’s about protecting your students. It shows families you respect their child’s story, their privacy, and their rights.
When in doubt, pause, ask, and protect. Because your students are worth that level of care. It only takes one slip for a student or family to feel exposed or violated.
Remember – when confidentiality breaks down, so does collaboration. And trust is so hard to rebuild once it’s been lost.
A Parent-Friendly Way to Explain It
If a parent ever asks, “Who sees my child’s IEP?” here’s a simple response you can use:
Only the people who are working directly with your child and need that information to support them in school have access. We follow a federal law called FERPA to protect your child’s privacy and make sure that everything in their IEP stays confidential unless you give us written permission to share it.
Confidentiality is the foundation of trust between educators, families, and students with disabilities. By understanding and following FERPA and HIPAA regulations, special education teachers and IEP team members can confidently navigate student data privacy, protect sensitive information, and uphold legal compliance in all areas of special education services.
As you plan, write, and implement IEPs, always remember: if you’re handling student records, education data, or private health information, you’re responsible for keeping it secure. Stay informed. Ask questions. And make confidentiality a non-negotiable part of your IEP process.
IEP writing shouldn’t feel like guesswork! Inside The Intentional IEP, you’ll get access to the expert-led trainings you should have learned in college – covering everything from data collection to goal writing and implementation. Pair that with 10,000+ pre-written, standards-aligned goals and time-saving resources, and you’ll finally have the clarity and confidence you need to write strong, effective IEPs. Join today and start learning what they didn’t teach you in school!