University of the Pacific is committed to actively promoting our shared values, including Integrity and Accountability, Respect and Civility, and Diversity and Inclusion. As part of our commitment these values, University of the Pacific's Compliance & Ethics Program serves the University community by providing infrastructure and resources to promote ethical behavior, principled decision making and compliance with laws, regulations and university policies.

 

Compliance & Ethics Reporting Hotline

Call 1.800.854.8443

or

Make a Report Online

University Policies
Privacy Program
Make a Report or Ask a Question

Compliance: It’s Everyone’s Responsibility

The Compliance & Ethics Program provides resources to help faculty, staff and students do the right thing and ensure Pacific is a safe, secure and ethical place to work and learn.

The Compliance Program introduced the Compliance Helpline, hosted by a third-party provider, EthicsPoint, to provide an easy method for members of the university community to request guidance for compliance questions and concerns, and to report allegations of non-compliance or unethical activity. An important feature of the Compliance Helpline is that all requests and reports either by phone or online can be made on a confidential, anonymous basis, at the choice of the Helpline user.

HIPAA stands for the Health Insurance Portability and Accountability Act. This federal law covers many subjects but most people are familiar with the privacy rights and protections it provides to certain medical records. FERPA stands for the Family Education Rights and Privacy Act and is another federal law regarding privacy of education records.

Both federal laws concern the privacy and protection of information. HIPAA sets standards for the use and disclosure of patient records and gives patients the right to view and correct their records. 

Similarly, FERPA outlines the circumstances in which an educational institution may share student education records and how and when a student (or their parent) may have access to that information. While the subject matter is the same, the specifics regarding who can access the records and the circumstances in which you can share them differ.

Both laws contain specific exceptions allowing for disclosure of information in the case of a threat to the health and safety of the patient/student or others.

Given that HIPAA concerns the privacy of health information, many people logically assume students’ health records maintained by a campus health clinic or a school’s athletics department would be covered by HIPAA. However, HIPAA has some specific exceptions for health information, one of which is covered by FERPA. FERPA covers student educational records, which include health records that directly relate to a student and are maintained by a qualifying educational institution.

Student health records are still private and must be maintained securely with restricted access. When it comes to determining when and with whom student medical information can be shared, we must follow the university’s FERPA policies and procedures. 

In some cases, FERPA is more restrictive than HIPAA rules. For example, for treatment purposes, HIPAA allows medical information to be freely shared between medical providers without patient permission or notice. Under FERPA, information maintained in a student record can only be shared with a treatment provider with student consent or if the disclosure meets one of the FERPA exceptions to consent.