Data Stewardship at SimpleIEP

SimpleIEP Safety and Privacy Guidelines Overview

At SimpleIEP, we prioritize the safety and privacy of student data above all. Our commitment to protecting this sensitive information is reflected in our adherence to the following key guidelines:

  • FERPA and HIPPA Compliant:
    Ensuring all student data is handled in accordance with the Family Educational Rights and Privacy Act (FERPA) guidelines. Going a step beyond, also work with clinics and meet the stringent standards set by the Health Insurance Portability and Accountability Act (HIPAA).

  • Data Encryption:
    Implementing advanced encryption methods to secure data both at rest and in transit.

  • Access Control: Strictly limiting data access to authorized personnel only, based on their role and necessity.

  • Regular Audits and Ongoing Training: We conduct annual security audits to identify and rectify potential vulnerabilities. We also know that cyber threats are always evolving, and our dedicated security officer receives privacy and security training yearly.

Detailed Practices

FERPA Compliance:

SimpleIEP complies with the Family Educational Rights and Privacy Act (FERPA), a federal law that protects the privacy of student education records. We ensure that:

  • Access to student education records is limited to authorized individuals who have a legitimate educational interest, as defined under FERPA.

  • All data shared with SimpleIEP by educational institutions is managed with strict confidentiality and security measures to prevent unauthorized access, use, or disclosure.

  • Educational institutions retain control over their student education records, including the right to amend and manage access as required by FERPA.

HIPAA Compliance:

Although the Health Insurance Portability and Accountability Act (HIPAA) primarily applies to healthcare providers, SimpleIEP extends its privacy practices to ensure HIPAA compliance when working with clinics and other healthcare entities involved in providing services to students with disabilities. We ensure that:

  • Protected Health Information (PHI) received in the course of providing educational support is handled with the utmost care, confidentiality, and security.

  • We implement administrative, physical, and technical safeguards to protect the integrity and confidentiality of PHI, as required by the HIPAA Security Rule.

  • All staff members receive training on HIPAA compliance and the importance of safeguarding PHI.

Data Protection and Security Measures:

SimpleIEP employs state-of-the-art security measures to protect against unauthorized access, alteration, disclosure, or destruction of personal and sensitive data. These measures include, but are not limited to:

  • Encryption of data in transit and at rest.

  • Regular security assessments and penetration testing to identify and mitigate potential vulnerabilities.

  • Strict access controls and authentication measures to ensure that only authorized personnel can access sensitive information.

Commitment to Transparency and Accountability:

SimpleIEP is committed to maintaining transparency about our data protection practices. We regularly review and update our policies and procedures to comply with evolving laws and regulations related to data privacy and security.

  • We provide clear and accessible information about our data handling practices to our users and stakeholders.

  • We are committed to being responsive to inquiries and concerns about privacy and data security.