A Florida commission on campus safety has contradicted assertions by officials at Virginia Tech that they could not share information about the gunman in April’s fatal shooting rampage because of privacy laws.
In a report issued last month, the commission, assembled by Gov. Charlie Crist in the wake of the Virginia Tech shootings, pointed to crisis-management teams at the University of Florida and Rollins College that identify and discuss specific students who are considered at risk of being a danger to themselves or others as models that all institutions in the state should follow.
That approach is very different from the one taken by Virginia Tech. “What I am hearing is that at Florida, there were protocols that when people at the mental-health center see problems, they are going to the police. I am not aware that we have those protocols,” said Lawrence G. Hincker, Virginia Tech’s associate vice president for university relations.
“University offices don’t regularly share information about individuals with different university offices,” said Mr. Hincker. “I think it’s fair to say that different people have interpreted the law differently, but that is the approach we have taken.”
Virginia Tech officials have said that because of privacy concerns, they did not exchange information about Seung-Hui Cho, the gunman who killed 33 people there, including himself.
Mr. Cho was referred in 2005 to an off-campus mental-health facility, and a judge checked a box saying that he believed Mr. Cho presented an immediate danger to himself. However, after he was examined, outpatient care was recommended.
It is unclear how much about that diagnosis and treatment was known on the campus. Mr. Hincker said he could not talk specifically about Mr. Cho and what administrators knew about him.
The Florida commission, formally known as the Gubernatorial Task Force for University Campus Safety, recommends in its report that federal agencies give “definitive interpretations” of two laws governing student records: the Health Insurance Portability and Accountability Act of 1996, known as Hipaa, which covers the use and disclosure of private health information, and the Family Educational Rights and Privacy Act of 1974, known as Ferpa, which covers privacy of student education records.
However, the report says, “those most closely involved in the fields of mental-health law and higher-education law held that the disclosure of a student’s records without his or her consent is not prohibited in connection with a health or safety emergency ... if knowledge of the information is necessary to protect the health or safety of the student or other individuals.”
Peter F. Lake, director of the Center for Excellence in Higher Education Law and Policy at Stetson University, in Florida, concurred.
“A lot of the information that you are hearing about privacy laws keeping people from talking is just dead wrong,” said Mr. Lake, who is not connected with the governor’s task force. “Both Hipaa and Ferpa have very broad exceptions for health and safety.”
Medical Ethics
Some mental-health professionals have pointed out, however, that if a clinician were to talk about an individual patient, it would violate ethical codes of conduct.
In testimony before the U.S. Senate Committee on Homeland Security and Governmental Affairs a week after the Virginia Tech shootings, Russ Federman, director of counseling and psychological services at the University of Virginia, said each university must decide what constitutes a health or safety threat that would justify the release of private mental-health information.
“Unless ‘imminent danger’ to self or others is at hand, then clinicians’ capacities to communicate with other university personnel or even patients’ families are limited,” Mr. Federman said in his testimony. “If and when we do choose to breach patient confidentiality in order to address issues of safety, then we risk violating mental-health ethics and licensing codes. Essentially we are faced with circumstances where we are damned if we do and damned if we don’t.”
Marc J. Blitz, an assistant professor of law at Oklahoma City University who studies privacy issues, agreed that there are exceptions in the laws governing educational and personal records for issues of safety. “Whether there is the kind of flexibility to give administrators the ability to share information they think they need is another question,” he says.
The Florida commission clearly comes down on the side of sharing information, even without a student’s consent. The panel lauds the crisis team at the University of Florida. That team, according to the report, includes representatives of the campus police department, the legal counsel’s office, the university counseling center, and the offices of student affairs and residential life. It meets weekly to “review and evaluate specific individuals and incidents ... and channel the institution’s coordinated response.”
Several other institutions, including the University of Wisconsin at Madison, have similar intervention teams.
The Florida panel’s report was sent to Michael O. Leavitt, the U.S. secretary of health and human services, last month. Mr. Leavitt is one of three cabinet members whom President Bush has asked to recommend steps to prevent a future incident like the shootings at Virginia Tech. Several states have named similar panels and are holding hearings about campus security in the wake of the Virginia Tech massacre. Florida is believed to be the first state to complete the process.
http://chronicle.com Section: Money & Management Volume 53, Issue 40, Page A25