Conexus Vision
  • Home
  • Programs
    • VisioCheck >
      • Understanding Your Results
      • Screening FAQs
      • Public Schools >
        • Richmond Intensive
      • Preschool
      • Compliance
      • Survey Results
      • Parent Feedback
      • Eye Care Providers >
        • ECP-Report
      • Scholarship Fund
    • Council for Pediatric Vision
    • Testimonials
    • School Nurse Resources
    • HB1408
    • Vision Facts
  • News
  • About Us
    • Office and Staff
    • Board of Directors
    • Donate >
      • Donation Form
      • 20/20 Club
    • About Our Name
    • Subscribe
    • Accountability
  • Golf Classic
    • Golf Register
    • Sponsorship Selection & Payment
    • Golf Teams
    • Golf Photos and Results >
      • 2016 Golf Photos
      • 2015 Golf Photos
      • 2014 Golf Photos
    • Golf Committee

FERPA & HIPAA Compliance

​FERPA -- Family Educational Rights and Privacy Act: The primary purpose of FERPA is generally directed at protecting identifiable student information as it pertains to a child’s education. However, the language is such that it encompasses all school records including records in the clinic.

Data: The technology-based Conexus Visiocheck program involves the uploading of a PDF report of a student’s vision screening result which includes the student’s first and last names and date of birth. The upload occurs through either:
  • the use of Microsoft Office 365, a professional file exchange and data storage entity which certifies that data is sent securely and in compliance with legal regulations regarding the privacy and security of confidential information. Office 365 provides highly secure password protection, granular folder-level permissions, and file transmission with SSL encryption.
  • the use of ShareFile, an alternative but equally secure file exchange.  ShareFile certifies site and file security as noted here.
Information regarding the storage and sharing of results electronically is provided in the results shipment, and access is limited only to those granted access through tiered security.

Is the shared data from the screening FERPA compliant? The following language demonstrates that the “sharing” of the screening record would be an exception under FERPA. Conexus through a signed MOU and/or any oth-er partner consent documents required by the participating Department of Health or Education would be considered a Contractor, Volunteer, or Other Party Outsourced.
“Under FERPA, a school may not generally disclose personally identifiable information from an eligible student's education records to a third party unless the eligible student has provided written consent. However, there are a number of exceptions to FERPA's prohibition against non-consensual disclosure of personally identifiable infor-mation from education records . Under these exceptions, schools are permitted to disclose personally identifiable information from education records without consent, though they are not required to do so. Following is general infor-mation regarding some of these exceptions.
One of the exceptions to the prior written consent requirement in FERPA allows "school officials," including teach-ers, within a school to obtain access to personally identifiable information contained in education records provid-ed the school has determined that they have "legitimate educational interest" in the information. Although the term "school official" is not defined in the statute or regulations, this office generally interprets the term to in-clude parties such as: professors; instructors; administrators; health staff; counselors; attorneys; clerical staff; trustees; members of committees and disciplinary boards; and a contractor, volunteer or other party to whom the school has outsourced institutional services or functions. “(1)

In addition to the exception as noted above the identifiable information shared in the upload is defined by FERPA to be “directory” information, in this case the student’s name and birthdate, which is permissible shared information through FERPA.(2)

Is the Screening HIPAA Compliant? Although Conexus is a provider of “health care”, within the meaning of HIPAA, because it provides vision screenings, Conexus does not engage in transactions subject to the TCS Rule. There-fore, Conexus is not a covered entity subject to HIPAA.

Conexus Privacy Policy: Conexus strictly adheres to standard accepted privacy policies. Additionally staff mem-bers associated with the Visiocheck records handling are screened through Criminal Background Check and Sex Offender Registry Check. The files that are uploaded as part of the Visiocheck program are not data files; they are pdf images of the results certificate, it is not a data transfer of the information. Files are not stored on a cloud-based serv-er; once the results have been processed and delivered, they are deleted from the cloud-based storage. Conexus holds a record of the screening report for 1 year. A complete disclosure of Conexus’ privacy policy as it pertains to online screening records is available upon request.

* The ShareFile security statement was copied from: https://www.sharefile.com/resources/citrix-sharefile-security-and-compliance
(1)US Department of Education’s website http://www2.ed.gov/policy/gen/guid/fpco/ferpa/students.html
(2)US Department of Education Safeguarding Student Privacy: https://www2.ed.gov/policy/gen/guid/fpco/ferpa/safeguarding-student-privacy.pdf
§ 99.31 for the full list of exceptions to the consent requirement in FERPA : http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf
Picture
formerly Prevent Blindness Mid-Atlantic
Picture
Headquarters: 11618 Busy Street, Richmond, VA 23236
(804) 423-2020   |   (888) 790-2020   |   www.ConexusVision.org   |   contact us
SUBSCRIBE - Join Our Community
Conexus meets the Better Business Bureau Wise Giving Alliance Standards for Charity Accountability.
A Tradition of Saving Sight
Conexus, formerly known as Prevent Blindness Mid-Atlantic, was established in 1957 as the National Society to Prevent Blindness - Virginia Affiliate. Throughout our history, our name has changed to reflect our vision and reach, but our mission is clear: eliminating undetected and untreated vision problems as barriers to success, enabling all children to reach their fullest potential.

Conexus is a 501(c)3 public charity, IRS Tax ID 46-5257732. All donations are tax-deductible as allowed by law.

A financial statement is available upon written request from the Office of Charitable and Regulatory Programs, Virginia Dep’t of Agriculture and Consumer Services.

​
Privacy Policy
  • Home
  • Programs
    • VisioCheck >
      • Understanding Your Results
      • Screening FAQs
      • Public Schools >
        • Richmond Intensive
      • Preschool
      • Compliance
      • Survey Results
      • Parent Feedback
      • Eye Care Providers >
        • ECP-Report
      • Scholarship Fund
    • Council for Pediatric Vision
    • Testimonials
    • School Nurse Resources
    • HB1408
    • Vision Facts
  • News
  • About Us
    • Office and Staff
    • Board of Directors
    • Donate >
      • Donation Form
      • 20/20 Club
    • About Our Name
    • Subscribe
    • Accountability
  • Golf Classic
    • Golf Register
    • Sponsorship Selection & Payment
    • Golf Teams
    • Golf Photos and Results >
      • 2016 Golf Photos
      • 2015 Golf Photos
      • 2014 Golf Photos
    • Golf Committee
✕