Privacy Rights And/Or Public Safety Post Virginia Tech
Jennifer B. Espinola
University of South Florida

Privacy Rights And/Or Public Safety Post Virginia Tech

Seung-Hui Cho’s killing spree on the Virginia Tech campus in 2007 has sparked an unsettled national debate regarding the privacy rights of individuals against the public safety interests of a college or university. The backdrop to this issue highlights America’s litigious nature, coupled with sporadic examples of significant monetary pay-outs to persons claiming that their individual rights had been violated by acts of the institution. The negative media attention garnered by such cases, along with the substantial financial commitments to legal representation and sanctions, have understandably inflamed institutions’ anxieties. One might argue that squeaky wheel individuals and watchdog activist groups were in effect weaving imaginary binds around the hands of institutions who felt incapacitated. However, more recent incidents on campuses around the country resulting in fatalities caused by people who provided warning signs are now giving rise to a potential paradigm shift. Public safety is emerging as a viable contender for highest priority. And what may be most surprising about this transformation is that it will likely happen without a single revision to law. The key to this change will be in the institutions’ reassessed values, which the laws will support in their current state.
Since the Virginia Tech incident, reports have been generated by the campus itself (Fischer, 2008), other institutions and states including Florida’s Gubernatorial Task Force on University Campus Safety (2007), and even the Federal government. President Bush requested that the Departments of Education and Health and Human Services jointly investigate the matter to offer recommendations and guidance (HHS Report, 2007). While illustrative and interesting in terms of deciphering the associated problems, these reports are not clear on changes in institutional responses to cues or warnings from potential threats. Yet there is quite a bit of commentary accusing the collective of colleges and universities of an overly conservative reading of the Health Insurance and Portability Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA) (Schuchman, 2007). These federal laws, along with accompanying state regulations, are implicated by institutions claiming they are not permitted to disclose information without consent. Yet, the real power is in the interpretation and use of law, and this occasion demands an exploration of the original intent of HIPAA and FERPA.
“A major goal of the Privacy Rule [in HIPAA] is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being.” (HHS HIPPA Report, 2003). However, the stigma surrounding mental health issues may have given special emphasis to the protection of an individual’s health information at the cost of protecting the public’s well being. But the solution can be found in the Act itself. The name of the Act, and a closer read of HIPAA suggest that protection of the individual’s rights regarding information sharing appears to be mostly related to the involvement of insurance companies. And it clearly states that promoting high quality health care is as weighty a goal as any other. So in the context of the Virginia Tech incident, the institution had the obvious goal of providing quality healthcare to Mr. Cho and to also protect the health and well being of the community. These objectives support information sharing among the health care providers who were involved in his case and nothing in HIPAA suggests it would be a barrier. But even more importantly, and rarely discussed, HIPAA’s privacy rule excludes medical treatment records protected by FERPA (Dept. of Ed. Report, 2007). Virginia Tech officials stated during the post-incident inquiry that state and federal laws were prohibitive of campus medical personnel and law enforcement officials sharing information about Mr. Cho (Fischer, 2007). Yet this claim appears to be based more on assumptions then on the laws themselves.
FERPA addresses the protection of educational records of students, which include medical records generated by the university. The mantra repeatedly cited generally states that all records are protected and not releasable without consent. However, “in an emergency, FERPA permits school officials to disclose without student consent education records, including personally identifiable information from those records, to protect the health or safety of students or other individuals.” (Dept. of Ed Report, 2007).
It is time for institutions of higher education to reconcile their interests. By reestablishing a priority on the well being of the entire campus community, individual privacy rights and/or public safety can be enhanced simultaneously. Believing that sharing pertinent information about a student amongst relevant professionals on campus is not only in the best interest of the community, but also in the best interest of the student will make this philosophical transition more palatable. And in the case of Mr. Cho, it can hardly be argued that his litany of prior warnings did not justify a more collaborative response by professionals on campus. It seems that Virginia Tech General Counsel would rather have defended against his claim of privacy violations, than have to substantiate the choice to keep warning signs undercover.


References

Fischer, Karen (April 18, 2008). Virginia Tech Weighs Hundreds of Recommendations and Acts on Some. The Chronicle of Higher Education, Special Report Volume 54, Issue 32, Page A15. Retrieved from http://chronicle.com.ezproxy.lib.usf.edu/article/Virginia-Tech-Weighs-Hundre/6707

Florida Gubernatorial Task Force For University Campus Safety. (May 24, 2007). Report on Findings and Recommendations. Retrieved from http://www.dcf.state.fl.us/initiatives/campussecurity/.

United States Department of Health and Human Services. (June 13, 2007). Report to the President on Issues Raised by the Virginia Tech Tragedy. Retrieved from http://www.hhs.gov/vtreport.html.

Schuchman, Miriam. (July 12, 2007). Falling Through the Cracks – Virginia Tech and the Restructuring of College Mental Health Services. N Engl J Med; 357:105-110. Retrieved from http://www.nejm.org/doi/full/10.1056/NEJMp078096

United States Department of Health and Human Services. (Last Revised May, 2003). Summary of the HIPAA Privacy Rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf.

United States Department of Education. (October, 2007). Balancing Student Privacy and School Safety: A Guide to the Family Educational Rights and Privacy Act for Colleges and Universities. Retrieved from http://www2.ed.gov/policy/gen/guid/fpco/brochures/postsec.html.

Fischer, Karen (June 22, 2007). Report on Virginia Tech Shootings Urges Clarification of Privacy Laws. The Chronicle of Higher Education, Money & Management Volume 53, Issue 42, Page A30. Retrieved from http://chronicle.com.ezproxy.lib.usf.edu/article/Report-on-Virginia-Tech-Sho/30736/.