Skip to main content

Faculty and Staff Access to Educational Records

Policy Statement

All students enrolled in US Higher Education are protected by the Family Educational Rights and Privacy Act (FERPA). In addition, Emory University School of Medicine (EUSOM) students are protected by the university's Privacy Statement: Student Characteristics which includes the right to consent to disclosure of personally identifiable information contained in education records, except to the extent that FERPA authorizes disclosure without consent.

At EUSOM, student education records are confidential and available only to those members of the EUSOM faculty and administration with a legitimate educational interest, unless released by the student or as otherwise governed by laws concerning confidentiality.

Directory Information

Student information designated directory information will appear in public documents and may otherwise be disclosed without student consent unless the student objects. All students are given annual notice by the Office of the University Registrar of the categories of information designated as directory information and will allow a reasonable period after such notice for the student to inform the University that they wish to suppress some or all the information. Each student has access to do so within their OPUS student account.

The following categories of information have been designated directory information:

  • Name
  • Whether or not the student is currently enrolled
  • The school or division in which the student is or was enrolled and the class/ year
  • Dates of enrollment including full-time or part-time status
  • Degree or degrees earned, date of degree, major area of concentration and academic honors received
  • Awards of merit and participation in officially recognized activities and sports
  • Address and telephone number
  • Electronic mail address

Student questions regarding FERPA release status should be directed to the Office of the University Registrar, located at 100 B. Jones Center or via email at vacompliance@emory.edu.

Reason for Policy

The purpose of this policy is to safeguard the privacy and confidentiality of student education records.

Policy Scope

This policy applies to all EUSOM faculty, staff, and individuals with authorized access to student records at Emory University School of Medicine.

Policy Guidelines

Access Authorization: Access to student education records is restricted to authorized individuals who have a legitimate educational interest in the information contained therein. These individuals may include EUSOM faculty, administrative staff, and other designated personnel. Access to student education records is granted based on a need-to-know basis, and access permissions are defined by the respective roles and responsibilities of individuals within the institution.

Confidentiality: FERPA requires individuals with access to student records maintain the confidentiality of all students’ records, and that no information from the records be released to a third party without the written permission of the student unless otherwise required by law. In the absence of the written consent, FERPA does permit an educational agency or institution to disclose personally identifiable information from an education record of a student if the disclosure meets one or more of the conditions outlined in 20 U.S.C. § 1232g(b) and (h) – (j) and 34 CFR § 99.31.

Awareness: All personnel with access to student education records must be aware of FERPA and other relevant regulations to ensure their understanding of the legal obligations and responsibilities associated with student data. Each year, such personnel will receive an email outlining FERPA law along with this policy for review and will be asked to complete the university online FERPA quiz.

Data Security: Student education records must be stored and transmitted using secure methods to prevent unauthorized access or data breaches. Access to electronic student education records systems must be protected by strong, unique passwords and two-factor authentication where feasible.

Requesting Access: Individuals outside of those defined in this policy who seek access to student education records must submit a formal request to the designated authority, specifying the reason for the request and demonstrating legitimate educational interest. Such access requests and approvals are documented, including the reason for access and the duration of authorization.

Compliance

Failure to comply with this policy may result in disciplinary action, including but not limited to warnings, suspension, or termination of employment or educational relationship. Violations may also lead to legal action in cases of data breaches or unauthorized disclosures.

Review and Revision

This policy will be reviewed regularly to ensure its effectiveness and compliance with accreditation standards and other relevant regulations. Any necessary revisions will be made to enhance the protection of student records and privacy.

History

Initial Policy Creation: October 9, 2023

Relevant Emory University Policies

Confidentiality and Release of Student Records

Print as PDF

Last modified: 07/15/2024.