Around the Corner-MGuhlin.org: FERPA This, GoogleApps!
Does Gmail meet FERPA guidelines?
Google is contractually and legally responsible to protect information. Google will not share e-mail contents or personal information to outside parties.
Source: http://www.csuchico.
Discussion in Mark Wagner’s blog about GoogleAPps and FERPA is mentioned in comments:
http://edtechlife.com/?p=2236
Fascinating reading…
The question of Family Educational Rights and Privacy Act (FERPA) compliance was raised during
most sessions. Session attendees appeared to be comfortable with the typical subsequent discussion
pointing out that FERPA compliance is more a task of user behavior rather than infrastructure, and that
the features within Google Apps allow FERPA compliance.
The most significant issue may be with the ability of Google Apps to allow compliance with The Health
Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. Sessions were held at
Arizona Health Sciences Center (AHSC) as well as at the remote Phoenix Biomedical Campus (PBC).
The question of HIPAA compliance arose at both locations, although the most pointed comments were
made here in Tucson. Steven Wormsley, the head of college IT for the College of Medicine, was explicit
in expressing his doubts that Google would be HIPAA compliant, although without noting specific
issues. An attorney from the UA Office of General Counsel’s (OGC) Comstock satellite office was
present at one of the AHSC sessions. She appeared less worried about present compliance, but
informed us that the HIPAA rules would be updated as of February 2010, and might contain certain
aspects of required encryption that is not presently mandated. GIT anticipates that we would purchase
an optional but standard add-on for Google Apps, if we were to move faculty and staff into the Google
structure, that allows much more control over staff and faculty email. This add on, the Postini service,
would allow encryption of email data, as well as requirements such as ediscovery, mail rollback,
archiving, record retention, etc.
There is some precedence in regards to education and healthcare institutions determining that Google
Apps does allow HIPAA compliance. St. Louis University (SLU), a private school of approximately
13,000 students, has moved their faculty and staff to Google Apps. SLU has a comprehensive
healthcare program, including a College granting medical degrees, and running a 365-bed academic
teaching hospital. Their Compliance Office has determined that Google Apps meets HIPAA
requirements. See more at http://www.slu.edu/x22574.xml .
FERPA Issues
Google is contractually and legally responsible to protect information. A note is made that they are not obligated to be FERPA compliant — since Google itself is not required to be — but that they work with the institution to ensure their privacy needs are met. Northwestern feels that Google security is a contractual requirement that the institution must agree to (so should support their needs) and is better than what many institutions can provide.
Source: http://blog.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.