Data Ownership, Protection and Compliance When Hiring Healthcare Students

Collecting and reviewing data from the pool of talented students attending your clinical rotations is an innovative way to search for outstanding future employees. But student data — just like personal data connected to any individual — is fiercely protected by law and requires impactful data management that doesn’t compromise data safety, rights and ownership as it passes between an individual, educational partners and healthcare facilities.

Family Educational Rights and Privacy Act (FERPA)

  • Schools may use certain directory information; but individuals have the right to know which details are being used and give their consent
  • Understanding what information can be shared is essential, as is properly securing consent and providing the time and means to correct an individual’s records upon request

Fair Credit Reporting Act (FCRA)

  • There are certain ways an individual’s data can be collected and used for different purposes including employment, but it must be protected 
  • Specific legal obligations apply to the stakeholders providing the individual’s data

General Data Protection Regulation (GDPR)

  • Data relating to any individuals or stakeholders in EU territory is protected during multiple stages including collection, storage, transmission and analysis
  • Compliance includes conducting a GDPR assessment, then implementing technical and operational safeguards to protect personal data to satisfy GDPR requirements

California Consumer Privacy Act (CCPA)

  • Provides individuals with the right to know what data is collected and how it is used and shared
  • Provisions must be in place to delete information and opt-out of data sharing without discriminating against the individual requesting it

Virginia Consumer Data Protection Act (VCDPA)

  • Outlines responsibilities and privacy protection standards for data collection and management
  • Individuals must be provided a way to access, correct, delete, and obtain a copy of their personal data, as well as revoke their consent for data usage

Americans with Disabilities Act (ADA) 

  • Data confidentiality requirements apply to information obtained through employment related inquiries
  • Any measures taken to maintain confidentiality must effectively restrict access to the data to only those people with a legal right to view it

Title VII of the Civil Rights Act of 1964 

  • The process of collecting data to identify potential future employees brings with it specific nondiscrimination requirements
  • It’s important to collect, manage, and review data in such a way as to avoid limiting or depriving candidates of employment opportunities or otherwise adversely affecting their application for employment

Equal Employment Opportunity Commission (EEOC) 

  • It’s essential to stay on the right side of federal oversight to avoid discrimination for things like race, gender, age and disability
  • Whether or not you need to adhere to laws the EEOC enforces varies depending on numerous factors including the number of employees and type of discrimination

BridgesEXP logo

Bridges EXP™ protects you from the risk of exposure to potentially discriminatory data points and violating data privacy laws. Our expert compliance and legal team is constantly researching, analyzing, and providing up–to–date best practices relative to the ever–changing regulatory landscape, enabling us to leverage our decades of experience to take on your compliance burden when it comes to data privacy, data security, and data ownership.