members, parents, and outside vendors could create the very issue the regulations warn against. Limiting those involved in the pro- cess and providing appropriate staff training are important practices.
Office Policies and Practices
Besides addressing policies and practices relating to HIPAA, FERPA, and McKinney- Vento with business office staff, it is also important to establish some commonsense confidentiality practices.
Building security. Position a gatekeeper of sorts at the entrance to the school to prohibit visitors from walking into an office unannounced. This procedure will prevent a visitor from overhearing or see- ing private information. Although employees and ven- dors visiting the office may be annoyed by this practice, they will also understand that the school system takes privacy seriously.
Technology. Technology safeguards are essential in today’s world. • Keep all account information and passwords in a secure location or use a password manager.
• Create strong passwords that incorporate lower- and upper-case letters, numbers, and symbols and ensure that all confidential documents are password protected.
• Implement an email encryption process when emailing confidential documents or files.
• Install black screens on monitors so the computer screen is invisible from a side view.
• Develop computer protocols, such as requiring staff members to log off before leaving their desks for an extended period.
• When discarding obsolete technology equipment, destroy any hardware or software that may contain confidential information.
Staff development. Recurring staff training is essential when complying with federal policies. Many schools have a “family” culture. When employees are not in school, it’s natural for colleagues to question their absence. A trained staff member will not discuss the details of absent employees but will instead redirect the conversation. Staff training should occur at least annu- ally and be updated to address current regulations.
Key Takeaways HIPAA, FERPA, and McKinney-Vento are just a few
federal policies that require confidentiality and privacy in the business office. HIPAA focuses on an individual’s privacy related to employer-sponsored health plans. School districts should become familiar with the requirements and develop a process for training and implementing compliance pro- cedures. Select a HIPAA privacy officer to coordinate the training and responsibilities and select a security officer to assist in technology compliance. Districts should also document every procedure and training session to prove compliance if the district is selected for a HIPAA audit. FERPA protects the privacy of student records. Every district should know the circumstances in which the district may disclose a student’s protected health infor- mation. Staff training should be conducted annually and documented to prove compliance. McKinney-Vento ensures that the district’s home- less population is offered educational stability without stigmatization. Districts should develop procedures to ensure anonymity and provide training to all staff mem- bers involved in the process. Common practices can also assist in protecting an individual’s privacy. Begin by reviewing the existing pro- cesses. Current procedures may only need small adjust- ments to comply with federal policies and protect an individual’s privacy.
School districts are in the people business, and part of our job is to protect the privacy of our staff and stu- dents. We hope you find this article to be a refresher and resource to ensure that confidentiality and privacy in the business office remain a top priority.
Lynn Knight is director of business services for Nekoosa School District in Wisconsin and a member of the ASBO Inter- national Board of Directors. Email:
lynn_knight@nekoosa.k12.
wi.us
Linda Mont is a managing member of Key Benefit Concepts LLC in Wales, Wisconsin. Email:
lmont@keybenefits.com
32 APRIL 2022 | SCHOOL BUSINESS AFFAIRS
asbointl.org
EUSTOCK/
STOCK.ADOBE.COM
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48
