The University’s commitment to safeguarding the security, confidentiality, and integrity of student records is evidenced in the policies and procedures the University has implemented. Federal and state regulations and standards regarding the protection of student records drive institutional policies and procedures. The University complies with the rules and regulations determined by the Family Educational Rights Privacy Act (FERPA) and with the recommendations of the American Association of Collegiate Registrars and Admission Officers.

All student records, including those of students enrolled in off-campus or distance learning courses, are subject to the policies and procedures of the University concerning confidentiality, security, and integrity.

University policies ensure the following:

University policy clearly states regulations regarding access to student records. Only employees who have a “legitimate educational or safety interest as determined by the University” are granted access to student records. New employees are instructed in federal and state laws regarding confidentiality issues and University policies during new employee orientations offered by both the Office of Human Resources and individual departments and units. Other policies regarding access to confidential student records are published in the Faculty/Staff Handbook and on the University home page.

Security and Retention of Student Records

Records are maintained and some are digitally imaged in accordance with the McNeese State University Records Retention Schedule. Confidential records that are no longer needed are shredded, burned, or otherwise destroyed by appropriate personnel. The University Records Retention Schedule meets the obligation established by Louisiana Revised Statute 44:402 and applies to student non-academic records as well as to academic records.

Individual University units review their Records Retention Schedules on a regular basis to ensure that they are following the appropriate time lines. The Records Retention Schedule is submitted annually by the University President to the Office of the State Archivist, where the Schedule is permanently filed. The table below provides some examples from the Records Retention Schedule that relate to student records.

Records Retention Schedule Examples

Office of the Registrar

The University protects the security, confidentiality, and integrity of its student records and complies with the Family Educational Rights and Privacy Act (FERPA) and the University of Louisiana System policy regarding the accessibility to student educational records.
The University's policy regarding the release of directory and non-directory student information is outlined in the Catalog, and the student’s rights to inspect and challenge his/her educational records is outlined in the University FERPA Policy Statement. Students’ educational records are not released without written consent of the student, except in situations covered by these acts and policies.
McNeese State University limits access to students’ electronic records. University employees with a legitimate, employment-related need to access student electronic records are provided password-protected access in accordance with the Policy for Use of Information Technology Services. The registrar, viewed as the custodian of student records, approves all access to computer system screens and data related to student records and admissions.

The University’s efforts to safeguard the security, confidentiality, and integrity of student academic records are addressed in detail in Comprehensive Standard 3.4.11. Policies governing handling of student academic records extend to student records generated by academic departments and academic support units as well.

Examples showing how some academic support services manage student records with security, confidentiality, and integrity can be seen below.

Student Services Disciplinary Records

Student disciplinary records are considered educational records and are retained by the University for a period of no less than seven years. Disciplinary records are stored in a locked file cabinet inside the office of the Dean of Student Services. Only the Dean of Student Services, Assistant Dean of Student Services, and the administrative secretary for the department have authorized key access to this office and file cabinet. Records are reviewed annually, and files holding records for incidents older than seven years are removed, emptied of their contents, and the contents shredded under the supervision of the Dean of Student Services.

Electronic records associated with student discipline cases are printed and filed in hard copy format within the individual student record folders. Upon completion of each academic year cycle (fall, spring, and summer terms) the Dean of Student Services transfers individual electronic records onto a single storage disk and places it inside a sealed envelope in the file cabinet holding the corresponding hard copy files for the appropriate academic year. This disk, upon completion of the seven year records retention period, is subsequently destroyed at the same time hard copy files are shredded.

Student Health Center

The Student Health Center is staffed by professional nurses who are trained health care professionals. The Student Health Center employees are the following:

• Three Registered Nurses
• R.N. 1 Supervisor Student Health
• R.N. 1
• R.N. Student Health
• Three local physicians maintain office hours on a rotating basis;
• The center also employees students who are currently enrolled full time at the university.

Confidentiality is part of normal practice for health care providers. The Nursing Code of Ethics Provisions 3:1 and 3:2 clearly state the obligations of health care providers:

3.1. Privacy. The nurse safeguards the patient’s right to privacy. The need for health care does not justify unwanted intrusion into the patient’s life. The nurse advocates for an environment that provides for sufficient physical privacy, including auditory privacy for discussions of a personal nature and policies and practices that protect the confidentiality of information.

3.2. Confidentiality. Associated with the right to privacy, the nurse has a duty to maintain confidentiality of all patient information.

Informed by federal standards regarding individual’s right to privacy in all matters concerning health care, the Student Health Center provides information regarding confidentiality of student health records to each student to whom it provides service. Students acknowledge their rights to privacy on forms provided and filed in the Student Health Center. The Student Health Center states in its Student Health Center Policy Manual the following with regard to student’s privacy rights:

The [University] Administration shall respect the rights of students to privacy and confidentiality in receiving health care. In the case of a student being under the legal age of 18 or is incapable of rational decisions, the Administration shall be responsible for notifying the legal parent or guardian when the student’s disregard of professional advise constitutes a serious or permanent hazard to his welfare or the welfare of others.

The Policy Manual explicitly defines for students’ the nature of their rights to privacy and confidentiality: “Students have the right to expect high quality personal health care, privacy, and confidentiality” (5). To ensure that students are provided with holistic care while on campus, the Student Health Center may find it necessary to recommend counseling. The policy regarding referrals to the University Counseling Center addresses privacy issues: “The Student Health Center does make referrals to the MSU Counseling Center. All referrals follow the HIPAA confidentiality policy”

Copies of privacy statements and student forms are appended as supporting documentation. Each semester during staff orientation, policies and procedures to ensure privacy and confidentiality are addressed. These policies are strictly enforced. The process by which confidentiality of medical information is maintained includes the following:

• All medical records are kept in filing cabinets accessible only to the nursing staff and trained student workers.

• Records are kept in closed files and are not released without written consent.

• In the case of a request of records by subpoena, a copy of the subpoena must be obtained for university files.

• The original subpoena is reviewed by the Supervisor. Before any records are released, the Vice President for Special Services and Equity and the Director of Media Services are consulted.

• All attempts are made to obtain a signed consent for release of records from the patient.

• If this is not possible, the records must be surrendered as ordered by subpoena.

• All medical records are kept for a period of up to 7 years. After this time, the records are destroyed by shredding. This process is done at The Student Health Center by the staff.

Counseling Center

The University Counseling Center attests its commitment to confidentiality on the University homepage as follows:

Confidentiality of counseling sessions is strictly maintained and records of the center are kept separate from other McNeese University student records. No content information will be released to a student's family or other University departments without the student's knowledge and written consent. The only exception to the above procedure is in the event of an emergency, a life threatening event, or through a requirement from a court.

University Counseling Center Staff

Source: McNeese State University Counseling Center

The Counseling Center protects the security, confidentiality, and integrity of its student records by strictly adhering to the American Counseling Association (ACA) Code of Conduct regarding standards of client privilege, confidentiality, and recordkeeping. Some of the ACA policies pertinent to services provided to students include the following:

B.1.b. Respect for Privacy. Counselors respect client rights to privacy. Counselors solicit private information from clients only when it is beneficial to the counseling process.

B.1.c. Respect for Confidentiality. Counselors do not share confidential information without client consent or without sound legal or ethical justification.

B.1.d. Explanation of Limitations. At initiation and throughout the counseling process, counselors inform clients of the limitations of confidentiality and seek to identify foreseeable situations in which confidentiality must be breached.

B.3.c. Confidential Settings. Counselors discuss confidential information only in settings in which they can reasonably ensure client privacy.

B.3.e. Transmitting Confidential Information. Counselors take precautions to ensure the confidentiality of information transmitted through the use of computers, electronic mail, facsimile machines, telephones, voicemail, answering machines, and other electronic or computer technology.

B.6.a. Confidentiality of Records. Counselors ensure that records are kept in a secure location and that only authorized persons have access to records.

B.6.b. Permission to Record. Counselors obtain permission from clients prior to recording sessions through electronic or other means.

B.6.c. Permission to Observe. Counselors obtain permission from clients prior to observing counseling sessions, reviewing session transcripts, or viewing recordings of sessions with supervisors, faculty, peers, or others within the training environment.

Limits to confidentiality and/or legal privilege are iterated in each counselor's Declaration of Practices and Procedures. A copy of the counselor's declaration is given to each new client. The counselor and client verbally review the declaration, and the client signs a statement acknowledging receipt of a copy of the declaration. A copy of the Counseling Center’s Declaration of Practices and Procedures is included as supporting documentation.

In accordance with FERPA and ACA standards, no information is released without written permission from the client and/or a judicial court order. No confidential information is transmitted by facsimile reproduction unless the recipient is bound by HIPAA regulations regarding protected health information.

All case records, reports, and correspondence are stored in locked filing cabinets in secure areas. No client records are directly stored on computer hard drives. All client records are routinely destroyed after six years in accordance with the University Records Retention Policy.

Services for Students with Disabilities

The Office of Services for Students with Disabilities (SSD) ensures that all students with disabilities can freely and actively participate in all facets of university life and provides and/or coordinates support services and programs that enable students with disabilities to maximize their educational potential. This office provides selected student services which are not provided by other university offices or outside organizations. Students are aided in negotiating disability-related barriers through this office. SSD strives to improve access to university programs, activities, and facilities for students with disabilities. SSD informs the University campus of its commitment to confidentiality of student records on its website:

Confidentiality. Services for Students with Disabilities cannot share information about a student’s disability with MSU staff unless the student has granted SSD permission to share this information, or there is a demonstrated institutional need to know. McNeese State University has designated SSD to be the office to receive and handle information about the student’s disability. With the student’s permission, designated faculty and staff will be advised only of the information they need to know to accommodate the student or to protect the safety and health of the student or others. Consider any communication regarding a student’s disability or special needs to be confidential. Employees, including student workers, must sign a confidentiality agreement acknowledging their understanding that continuation of employment is contingent on their abiding by the policies relating to confidentiality and privacy. Students who register with SSD are provided with a document outlining their rights and responsibilities. They are required to sign an authorization that allows the office to “notify my instructors of requested accommodations for [their] learning needs.” A signed copy of this document is kept in the student’s file in the SSD office. Copies of these documents are included as supporting documentation.

Records maintained by the University Police, if the record is maintained solely for law enforcement purposes, are revealed only to law enforcement agencies of the same jurisdiction, and the Police Office does not have access to education records maintained by the University. University Police records are in both paper and electronic form. Paper records are stored in fireproof file cabinets in the University Police office. Only the Chief of University Police and his/her Administrative Assistant have access to these files. Files which are stored electronically on computers in the University Police Department are password protected. Plans are underway to convert paper records to an electronic medium.

The kinds of documents likely to be found in the University Police Department files include the following:

Student Employment

The Department of Student Employment has the following internal controls to protect the security, confidentiality, and integrity of student employment records:

• All student employment records are electronically entered into the Payroll mainframe database/SCT- Banners by employees who are assigned access for such.

• All access to Payroll mainframe database/SCT-Banners is approved through the internal auditor.

• Employees are assigned security levels in the mainframe system appropriate to their positions within the department.

• All SCT-Banners passwords are confidential and cannot be shared between employees.

• All hard copy documents are filed in the central file room.

• Central file room is locked and file cabinets within central file room are locked.

• Central file room access is limited to certain employees of Human Resources/Student Employment.

• Central file room is not accessible by the general public or other employees outside of Human Resources/Student Employment.

• Requests for student employment records are forwarded to the Human Resource Manager for review.

• Each student employee has a public and a private file within the central file room.

• Records are segregated into files in accordance with the Department of Civil Service regulations.

• All employees hired in Human Resources/Student Employment sign a confidentiality statement at hire. (Confidentiality Form)

• Human Resources/Student Employment is audited on a regular on-going basis by the internal auditor, the legislative auditors, and the Department of Civil Service auditors. Proper internal controls have been mandated by audits and are followed with regard to security, integrity, and confidentiality.

Financial Aid

McNeese State University protects the security, confidentiality, and integrity of its student records and complies with the Family Educational Rights and Privacy Act (FERPA). Student financial aid records are not released without written consent of the student.

McNeese State University limits access to students’ financial aid electronic records. The Director of Financial Aid approves all access to computer system screens and data related to student financial aid records and awards. Permanent financial aid records are maintained in fireproof filing cabinets on document imaged disks. Other financial aid records are maintained in filing cabinets throughout the Office of the Financial Aid. Access to these records is restricted to personnel with a legitimate, employment-related need. Records of a confidential nature which are no longer needed are shredded.

Special Services and Equity

The Division of Special Services and Equity is charged with the responsibility of ensuring that all “students, faculty, and staff have an equal opportunity to participate in all aspects of University life.” University employees and students who feel that their rights to fair treatment and access are abridged may turn to this office for assistance. As do other offices on campus, the Division of Special Services and Equity protects the security, confidentiality, and integrity of its student records. All records are confidential and are kept on file for three years, in compliance with state and federal laws. Written student complaints are not released without a notification to the student. The Discrimination Complaint Form requires a signature and date and includes a notice regarding release of information.

Integrity and University Computing Services

Some student records are maintained on computer servers housed at University Computing Services, Kaufman Hall Room 305. These servers are in an environmentally controlled room that is accessible only through a secure keypad. The servers are connected to uninterruptible power supplies (UPS). The servers are accessed via Internet Protocol (IP) services. There are two levels of security. Before a user can access the server, he/she must have read the Policy for Use of Information Technology Services and sign the Banner Account Request Form, indicating that they have done so. Once they have passed this level of security, they must be granted access to student records by the Registrar. The Registrar must send a signed statement to UCS indicating which screens/forms the prospective user will have access to.

Student data is backed up on a daily basis. Backups are kept for two weeks. The oldest set of backups is kept in the computer room. The other tapes are kept in a fireproof vault in Smith Hall. When the operator completes the backup at night it is placed in a fireproof safe in the computer room. The next day it is transferred to Smith Hall. Each Thursday, a set of backups is removed to an offsite location.

Supporting Evidence

Confidentiality and FERPA

Information Technology Policy

New Patients

Patients Bill of Rights

Patients Medical Records

Accommodation Signature Form

Confidentiality

Mission of Services for Students with Disabilities

MSU FERPA Policy Statement

MSU Records Keeping and Retention

Counseling Center Declaration of Practice and Procedures

Services for Students with Disabilities Forms

Reasonable Accommodation Process Form

Discrimination Complaint Form

Office of Student Employment Forms Confidentiality and FERPA

Human Resources Confidentiality Statement

Office of Student Employment Confidentiality Statement

Confidentiality Agreement for SSD

Excerpt from Student health center policy manual