Schools and higher education institutions nationwide are still considering whether to return to in-person classrooms, continue remote learning, or offer a mix of options this fall as the COVID-19 pandemic continues. Any of these options raise significant implications for student privacy and equity, but most reopening plans do not examine these concerns. The Future of Privacy Forum has developed a new issue brief series to raise awareness of the reopening issues that are keeping us up at night.
Issue Brief: Increased Data Collection and Sharing
Most K-12 and higher education reopening plans include ways to collect health information, often daily, from students, staff, and their families or household members. A recent piece published in the Journal of the American Medical Association recommends that K-12 schools provide parents with a checklist to complete every morning that confirms not only that their child is symptom-free, but also that other members of the household are healthy. Since younger students are more likely to be asymptomatic carriers of the virus, schools may ask for information about any household pre-existing health conditions to identify immunocompromised family members or roommates. Schools may want to use this information to determine whether an otherwise healthy and low-risk student should remain home or be kept separate from other students.
Many schools are likely trying to follow CDC guidelines that recommend that K-12 schools and higher education institutions should conduct, when feasible, daily physical health screenings of students and staff upon arrival, such as through temperature or symptom checks. While the guidance surrounding these health screenings is evolving, schools must be prepared for false flags–when these screenings inevitably “flag” someone with symptoms, like a fever, that are not related to COVID-19 but rather the sign of another ailment.
Some higher education institutions such as Boston University and Duke have announced preliminary plans that will require students to conduct daily health screenings via an app, either one created by the school or by a company. Boston University students who do not complete their daily check-in may be denied access to school buildings via a “passport” on the school’s app. Higher education faculty and staff are also being asked, with little context or warning, to self-disclose sensitive personal information to receive appropriate on-campus accommodations during the fall semester.
This expanded collection of sensitive and personal health information goes far beyond the amount of information a school typically collects about a student, let alone about the people living with them. It will be essential for schools to consider privacy and equity as they solidify the specific requirements in their reopening plans. How long will this information be kept – for a week, a month, the duration of the pandemic, or indefinitely? How will it be stored and secured? If a third-party app is being used, has it been thoroughly vetted for sufficient privacy and security protections based on the sensitivity of the data? Will the data be shared or used for any other purpose? Is there a potential for misuse of the information? Will there be consequences if students or parents do not want to comply with the reporting system? Some students and families may wish to keep their living arrangements and health statuses private, either for safety reasons or concerns about bias, stigma, or discrimination.
And what laws apply? While many people may assume all health data is covered under HIPAA, it is unlikely that the data collected from these types of health check-ins are. The data is likely protected under FERPA as part of students’ education records, but FERPA does not have higher protections for medical information or the highly-regulated cybersecurity standards required by HIPAA. K-12 schools may be subject to state student privacy laws that include greater protections for health information, but most higher education institutions are not governed by comparable state statutes.
These are complicated questions without a single right answer, but these questions must be asked and schools must create policies to ensure that their community trusts their institutions and shares accurate health data, as needed, to combat the pandemic. K-12 and higher education institutions’ reopening plans must protect student health and student privacy. If you have any questions or would like to discuss these issues further, please contact us here.
What They’re Saying: Recent News
- Education Week: Let’s Be Honest About the Ethical Trade-Offs of Reopening Schools (OPINION) (May 8, 2020)
- AP: Schools Debate Whether To Detail Positive Tests for Athletes (June 14, 2020)
- Washington Post: Companies’ use of thermal cameras to monitor the health of workers and customers worries civil libertarians (April 28, 2020)
- The Washington Post: Teachers in Fairfax revolt against fall plans, refusing to teach in-person (June 26, 2020)
- The Wall Street Journal: Back to School With Covid-19 Rules: Temperature Checks, Few Sports and Lots of Distance (June 23, 2020)
- Wired: Schools Turn to Surveillance Tech to Prevent Covid-19 Spread (June 5, 2020)
- OregonLive: Canzano: Oregon Ducks’ disingenuous stance on coronavirus testing is a fumble (June 26, 2020)
- Fast Company: Verily launches app to monitor employee health amid COVID-19 (June 18, 2020)
- NPR: As Colleges Make Plans For Fall, More Young People Are Getting COVID-19 (June 25, 2020)
Future of Privacy Forum Resources
- Resources List: Student Privacy During the COVID-19 Pandemic (last updated June 29, 2020)
- FPF and AASA: The School Superintendents Association: FAQs: Disclosing Student Health Information During the COVID-19 Pandemic (Published March 20, 2020)
- FAQs: The Protection of Pupil Rights Amendment (March 27, 2020)
Additional Resources
- Accessible Campus Action Alliance: Beyond “High Risk”: Statement on Disability and Campus Re-openings (June 5, 2020).
- The Network for Public Health Law: FAQ: COVID-19 and Health Data Privacy (June 22, 2020)
- Johns Hopkins Center for Health Security: Filling in the Blanks: National Research Needs to Guide Decisions about Reopening Schools in the United States (Published May 15, 2020)
- The Centers for Disease Control and Prevention: Reducing Stigma (Page last reviewed June 11, 2020)
- The U.S. Department of Education: FERPA and the Coronavirus Disease 2019 (COVID-19) (Last updated March 2020)
- Arnold & Porter Kaye Scholer LLP: University Preparedness for a Pandemic: Key Testing and Privacy Considerations Every University Should Be Aware Of (June 18, 2020)
- The Network for Public Health Law: Data Privacy in School Nursing: Navigating the Complex Landscape of Data Privacy Laws, Part I (June 19, 2019)
- The Network for Public Health Law: Data Privacy in School Nursing: Navigating the Complex Landscape of Data Privacy Laws, Part II (January 23, 2020)
- The Network for Public Health Law: Data Sharing Guidance for School Nurses (January 23, 2020)
