1) The privacy and confidentiality of student records at HEC is protected by one of the nation’s strongest privacy and protection laws, the Family Educational Rights and Privacy Act (FERPA). FERPA regulations provide stringent rules regarding a broad range of records and information that encompasses all paper and electronic documents in an educational environment.

All staff members receive specific training regarding the confidential nature of student information during their initial pre-service training and the general staff receive yearly training updates on this subject. Confidentiality of student information is addressed specifically in the Personnel Policies and Procedures in Section 3.8.
The HEC Charts Committee, a standing committee with cross campus and interdisciplinary representation, routinely audits existing charts, communicates procedural policies or changes regarding access to the chart, and facilitates any modification to the structural content of the chart.
Although the FERPA standard does not require specific security routines regarding electronic documentation, the Information Services Department has embraced the computer security requirements found in the Health Insurance and Portability and Accountability Act (HIPAA) and administers strict security access and disaster recovery procedures. Continuity of information is maintained using a comprehensive off-site data warehousing/backup system of mission-critical data and a schedule of routine hardware and software maintenance.
Given that all electronic communication between HEC staff and the agencies they serve is potentially a part of the student record, ALL electronic communication at HEC is archived in real time in a secure facility that meets all Federal , State, and local requirements for secure electronic document storage.

2) Hillcrest Educational Center staff, students and trainees will regard as confidential all information that might identity a person as a HEC client, as well as all information concerning events and conditions as they relate to particular clients. Staff and students will act in every instance to protect such material in accordance with the client’s wishes, and with applicable laws and regulations.
a. Staff are only authorized to see records of clients with whom they are involved in a service or supervisory capacity. Staff may look at other client case records only with the express permission of the client’s Program Director.
b. Case records are the physical and legal property of Hillcrest Educational
Centers, Inc.
Staff will NOT automatically release records when subpoenaed. Instead, staff will check with their Program Directors who, on the basis of possible harm to the client and with the approval of their supervisor, may seek to have the subpoena legally nullified.
Staff will NOT release physical records, electronic records. or components or copies of them to a client, a former client, or to a client or former client’s parent/guardian before securing approval from the Program Director.
c. On each occasion in which a staff removes a client record from either a campus Records Room or from long term storage, the staff must sign out each record being removed, and must sign the record back in upon return to the Records Room or to storage. Staff assumes responsibility for any case record in their possession, and unless they are responding to a court order, and with the knowledge and approval of their Program Director, staff must never remove a client record from a Hillcrest site or property.