FERPA Policy

Policy #:
ADM 201.012
Executive Owner:
Registrar
Scope:

This policy applies to all AdventHealth University (AHU) campuses, academic programs, modalities, faculty, staff, administrators, contractors, student workers, and third-party service providers who create, access, manage, or store education records.

Purpose:

The purpose of this policy is to establish AHU’s responsibilities and procedures for complying with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations (34 CFR Part 99). This policy ensures:

a. Protection of the privacy and confidentiality of student education records

b. Compliance with federal requirements governing access, disclosure, and amendment of education records

c. Clear communication of rights afforded to students under FERPA

d. Standardized institutional practices for record handling and data security

Policy:

AHU may disclose directory information without prior student consent unless the student opts out in writing. Recommended directory information includes:

a. Student name

b. Address(es)

c. Telephone listing

d. AHU email address

e. Major field(s) of study

f. Dates of attendance

g. Enrollment status (e.g., full-time/part-time)

h. Degrees, honors, and awards received

i. Expected graduation date

j. Participation in officially recognized activities

k. Photographs

AHU will annually notify students of their right to restrict disclosure of directory information.

4. Disclosure Without Prior Consent

AHU may disclose PII from education records without consent to parties authorized by FERPA, including but not limited to:

a. School officials with legitimate educational interest

b. Other institutions where a student seeks or intends to enroll

c. Federal, state, and local educational authorities

d. Financial aid providers

e. Organizations conducting accreditation, studies, or audits

f. Appropriate officials in health, safety, or emergency situations

g. Compliance with judicial orders or subpoenas

All disclosures must be documented per federal requirements.

5. Legitimate Educational Interest

 

AHU officials (faculty, staff, administrators, contractors, student workers) may access education records only when:

a. The information is necessary to perform an authorized academic, administrative, supervisory, or service function; and

b. Access aligns with job responsibilities.

6. Record Security and Data Protection

All education records, in any format, must be:

c. Stored securely

d. Accessed only by authorized personnel

e. Transmitted using secure university-approved systems

f. Disposed of using secure destruction methods

g. No education record may be stored on personal devices without explicit authorization.

IV. PROCEDURE/GUIDELINES: 

Procedures for implementing this policy—including requests for record access, amendment procedures, disclosure processes, training requirements, and annual FERPA notifications—are detailed in:

Definition(s):

Definitions for terms such as “education record,” “directory information,” “personally identifiable information,” “school official,” and “legitimate educational interest” are located in the FERPA Appendix.

Related Document(s):
Keyword:
Committee Information:
CommitteeDate VotedMinutes Code
President's Council Monday, December 8, 2025
Approved by:
Approval Date:
Monday, December 8, 2025