Applies to: A/BSN, CIPCT (MS), DNP, Certs, PhD
I. Policy Statement
The School of Nursing (SoN) requires all students to protect the confidentiality and privacy of information in compliance with federal, state, and University regulations.
-
- FERPA protects the privacy of student educational records.
- HIPAA protects the privacy and security of patient health information.
Students are responsible for adhering to all applicable privacy laws and University policies. Unauthorized access, use, or disclosure of confidential or private information is a serious violation and may result in action under School or University policy, up to and including dismissal.
II. Applicability
This policy applies to all SoN students across programs and encompasses all settings, including classrooms, simulation, clinical, research, community-based, and administrative interactions.
III. Requirements
A. FERPA Compliance
- Student educational records are confidential.
- Students may not access or disclose another student’s information without authorization.
- Students are expected to understand their FERPA rights and responsibilities as outlined by the University of Washington Registrar’s Office (e.g., rights to review and amend records, consent to disclosures, and restrict directory information).
B. HIPAA Compliance
- Students must protect patient information encountered in clinical, practicum, community, or research activities.
- Clinical students must complete HIPAA training as part of compliance requirements prior to beginning clinical activities.
- Other students may be required to complete HIPAA training if specified by a community, project, or program site.
- Written work, presentations, and discussions must exclude identifiable patient information.
C. Reporting and Accountability
- Suspected or actual breaches of confidentiality must be reported to faculty or preceptor immediately.
- Breaches are reviewed under UW School of Nursing Policy 4.1 (Essential Qualifications & Behaviors), UW School of Nursing Policy 3.4 (Clinical Incident & Exposure Reporting), and, where applicable, referred to University conduct or compliance offices.
IV. Roles & Responsibilities Summary
| Activity | Student | Faculty/ Preceptor | ADAA | UW Privacy/ SoN Compliance | Clinical Partner |
|---|---|---|---|---|---|
| Complete HIPAA training | R/A | I | I | I | C |
| Maintain confidentiality of records | R/A | I | C | I | |
| Monitor compliance in course/ clinical | I | R/A | I | I | R |
| Report breaches of confidentiality | R | R | A | C | A |
| Respond to breaches and determine action plan | I | C | A/R | C | C |
RACI Legend:
- R = Responsible: Performs the task
- A = Accountable: Ultimately answerable
- C = Consulted: Provides input
- I = Informed: Kept up to date
Related Policies & References
- UW Registrar Family Educational Rights and Privacy Act (FERPA) for Students
- Health Insurance Portability and Accountability Act (HIPAA)
- UW Student Governance & Policies, Chapter 478-140 WAC: Student Records
- UW Privacy Office
- UW School of Nursing Policy 3.4: Clinical Incident & Exposure Reporting
- UW School of Nursing Policy 4.1: Essential Qualifications & Behaviors
Last updated: September 2025