Skip To ContentSkip To Content

    Is my student's data private and secured?

    CareDox systems, services, and how they use data fully adhere to the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). They are also a signatory of the national Student Privacy Pledge and all State Student Privacy Policies.

    HIPAA rules give individuals the rights to access their health information, make sure that it is correct, and know who else has seen it.

    FERPA grants parents the right to access their child's educational records (including all information on CareDox), to request amendments to the records, and to have some controls relative to the disclosure of personally-identifiable information from the education records.

    The Student Privacy Pledge is a public and legally enforceable statement by Education Technology companies to safeguard student privacy built around commitments regarding the collection, maintenance, and use of student personal information.

    Who has access to my student's data in the district?

    School staff who provide health services to students, and a limited number of central office staff who support the school staff and administer the software.

    Is CareDox contractually obligated to safeguard student data?

    Yes. Safeguards concerning CareDox and any of their 3rd party affiliates are identified in both the body of the Cloud Services Agreement (CSA) and more specifically, in Exhibit A of the CSA.

    What data is stored by CareDox?

    See Exhibit B of the Cloud Services Agreement (CSA) to view the data that CareDox stores.

    What are CareDox's data security and privacy policies?

    CareDox's data security and privacy policies can be found on their corporate website.

    What are the district's data security and privacy policies?

    See Superintendent Procedure 3231SP.

    What does CareDox do with my student's data?

    See the CareDox Privacy Policy.

    How was CareDox selected by Seattle Public Schools?

    CareDox was selected through a public Request for Proposal (RFP) process that was advertised to vendors with K-12 oriented electronic health record (EHR) software offerings on March 14, 2017. Vendor responses included product demonstrations, pricing, and references.

    A team of school nurses, District technology personnel, District data security personnel, and the District's legal team evaluated the RFP responses and assessed the finalist's tools, giving feedback to the project team.

    The project team, composed of both Health Services and Technology Services staff, reviewed proposals and selected the software. CareDox was awarded the contract on May 11, 2017. In addition to CareDox, bidders for this RFP included offerings from Healthmaster Inc., Lumen Touch, Public Consulting Group (PCG), and Professional Software for Nurses, Inc.

    The CareDox proposal was re-reviewed by district senior leadership, the district's information Security manager, and the General Counsel's Office in June 2017 to address concerns about student data privacy. The General Counsel's Office followed up with a letter to the Board of Directors for Seattle Public Schools to address these concerns around student data security/privacy stating that the CareDox application is both FERPA and HIPAA compliant.

    Resources
    CareDox Privacy Policy


    Read more about HIPAA and electronic medical records on the U.S. Department of Health and Human Services website.


    Read more about FERPA on the U.S. Department of Education website.


    Read more about this pledge on the Student Privacy Pledge website.