HIPAA, COPPA and FERPA Compliance Statement
We take very seriously our responsibility to protect student, family, and teacher privacy in our training software, data storage and management systems, web-based services, and internal policies to regulate access. We are fully compliant with the Family Education Rights and Policy Act (
FERPA), the more stringent, Health Information Privacy and Protection Act (
HIPAA), and the Children’s Online Privacy Protection Act (
COPPA). At the simplest level, it means we will NEVER disclose student personal information to any unauthorized parties.
Technically, the student records in our program are not health records when the program is administered by An Education Agency (EA), but because clinicians also use some of our programs, we have added extra levels of confidentiality protection that are not used by other social-emotional learning programs. These include:
Protections within the software
- Providing users password protection
- Requiring individual logins, passwords and/or pin codes on shared devices used to access our programs
- Limiting teacher access to only their assigned classrooms and students
- Heavily encrypting all data when stored and during transport
Where is the data stored?
A HIPAA and FERPA compliant cloud server hosted by a third party under contract with RoboKind
Privacy protections with our cloud-based server
If the cloud-based option is chosen, we have a
HIPAA Business Associate Agreement with a 3
rd party, for use of a secure, HIPAA compliant server. Our provider offers these things:
- Transport Encryption: Data is always encrypted as it is transmitted over the Internet
- Backup: Data is backed up and can be recovered
- Authorization: Data is only accessible by authorized personnel using unique, audited access controls
- Integrity: Data cannot be tampered with or altered
- Storage Encryption: Data is encrypted when it is being stored or archived
- Disposal: Data can be permanently disposed of when no longer needed
Internal policies limit unauthorized access to student data
Any requests by school district personnel to directly access student data on the server, must be made in writing, stating the reason access is needed. The request must be signed by at least one other qualified administrator, then approved (or not) by RoboKind's Security Officer. Instances, where limited authorization may be granted are:
- For research projects where proxies for student identity are in place, and IRB approval has previously been granted
- To export data to correlate with district administrative data, if authorized by District administrators
Authorization to access student data will never be granted for commercial use of any kind.
HIPAA Compliance
Student records that are disclosed to RoboKind by EAs and maintained within RoboKind's products are by definition “education records” under FERPA and not “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Because student health information in education records is protected by FERPA, the HIPAA Privacy Rule excludes such information from its coverage. See the exception at paragraph (2)(i) to the definition of “protected health information” in the HIPAA Privacy Rule at 45 CFR § 160.103. See, also, Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to Student Health Records, USED and U.S. Department of Health and Human Services (November 2008).
For more information please contact:
RoboKind ATTN: HIPAA Officer
PO Box 130299
Dallas, Texas 75313
Phone: 972-331-7050
E-mail: support@robokind.com
Last Updated: June 3rd, 2021