Skip to content

Policy 4.3: Confidentiality & Privacy Compliance (FERPA/HIPAA)  

Applies to: A/BSN, CIPCT (MS), DNP, Certs, PhD

I. Policy Statement

The School of Nursing (SoN) requires all students to protect the confidentiality and privacy of information in compliance with federal, state, and University regulations.

    • FERPA protects the privacy of student educational records.
  • HIPAA protects the privacy and security of patient health information.

Students are responsible for adhering to all applicable privacy laws and University policies. Unauthorized access, use, or disclosure of confidential or private information is a serious violation and may result in action under School or University policy, up to and including dismissal.

II. Applicability

This policy applies to all SoN students across programs and encompasses all settings, including classrooms, simulation, clinical, research, community-based, and administrative interactions.

III. Requirements

A. FERPA Compliance

  • Student educational records are confidential.
  • Students may not access or disclose another student’s information without authorization.
  • Students are expected to understand their FERPA rights and responsibilities as outlined by the University of Washington Registrar’s Office (e.g., rights to review and amend records, consent to disclosures, and restrict directory information).

B. HIPAA Compliance

  • Students must protect patient information encountered in clinical, practicum, community, or research activities.
  • Clinical students must complete HIPAA training as part of compliance requirements prior to beginning clinical activities.
  • Other students may be required to complete HIPAA training if specified by a community, project, or program site.
  • Written work, presentations, and discussions must exclude identifiable patient information.

C. Reporting and Accountability

IV. Roles & Responsibilities Summary

Activity Student Faculty/ Preceptor ADAA UW Privacy/ SoN Compliance Clinical Partner
Complete HIPAA training R/A I I I C
Maintain confidentiality of records R/A I C I
Monitor compliance in course/ clinical I R/A I I R
Report breaches of confidentiality R R A C A
Respond to breaches and determine action plan I C A/R C C

RACI Legend:

  • R = Responsible: Performs the task
  • A = Accountable: Ultimately answerable
  • C = Consulted: Provides input
  • I = Informed: Kept up to date

Related Policies & References


Last updated: September 2025