HIPAA and FERPA

FERPA Compliance and Student Data Privacy Policy

iSpeax Tech, Inc. is a service provider to educational agencies and institutions (EAs) and receives personally identifiable information (PII) contained within student records provided by the EAs. iSpeax Tech, Inc. only receives data essential for its team and associates to deliver its services. These data exchanges are sanctioned under the Family Educational Rights and Privacy Act (FERPA). Acting as a service provider to the EA, iSpeax Tech, Inc. accesses this data under the same conditions as in-school staff members in line with FERPA regulations, 34 CFR §99.31(a)(1)(i)(B). iSpeax Tech, Inc. is given data access due to its legitimate educational interest, as this information is paramount for performing the outsourced function. It operates under the EA’s strict guidance when using and maintaining the shared educational records, adhering to its contract terms. It observes the conditions on the use and redisclosure of educational data that all school officials must follow as detailed in 34 CFR §99.33. iSpeax Tech, Inc. ensures that only authorized personnel with genuine educational reasons, in line with the original intent of data acquisition, can access PII from the educational records it maintains on the EA’s behalf.

Under the guidelines of 34 CFR §99.33(a) and (b), iSpeax Tech, Inc. is prohibited from redisclosing PII without parental or student consent unless permitted by a FERPA exception and recorded by the institution. For instance, if an EA instructs iSpeax Tech, Inc. to facilitate the transfer of student records between systems, such a disclosure would be made.

iSpeax Tech, Inc. neither sells nor uses education records for targeted marketing. There are no advertisements within its offerings; hence, no behavioral or targeted advertising occurs. It only utilizes data to fulfill the service obligations to educational institutions. However, iSpeax Tech, Inc. may analyze de-identified, non-PII data internally to enhance its offerings.

Employing cutting-edge security measures, iSpeax Tech, Inc. upholds data security and privacy. This includes state-of-the-art security systems, strict physical access regulations, thorough employee training on FERPA, HIPAA, HITECH Act, and other privacy laws, and comprehensive background checks. The Chief Technology Officer at iSpeax Tech, Inc. oversees data security compliance. Data encryption during transfer and storage is ensured through SSL and AWS RDS & S3 with AES-256 bit encryption. All data storage occurs within the US.

iSpeax Tech, Inc. does not claim ownership over student or district-originated data within its products. The EA retains ownership and control over this data.

If a third party seeks education record access, iSpeax Tech, Inc. will promptly notify the EA. Access will only be granted if mandated by due process, court order, subpoena, or if directed by the EA. Should any such legal demands be received, iSpeax Tech, Inc. will inform the EA unless prohibited by law.

Should an EA be unable to allow a student or parent/guardian to review student records, iSpeax Tech, Inc. can aid at the EA's discretion and expense. Any data modifications requested by parents, guardians, or students within our platforms will be managed according to the EA's FERPA-aligned procedures.

If a data breach or unintended PII disclosure occurs, iSpeax Tech, Inc. will act swiftly to mitigate any potential harm. The senior leadership of the affected EA will be notified, ideally the Superintendent or equivalent, typically within 48 hours. The EA and iSpeax Tech, Inc. will collaborate to decide on the best course of action.

Upon termination of services or products and upon EA’s written request or contract terms, iSpeax Tech, Inc. will destroy all student records in its systems in a secure manner. If there's no written request from the EA, iSpeax Tech, Inc. retains student data for 6 years.

For queries related to content or privacy regarding any applications used, contact the respective agency or institution.

iSpeax Tech, Inc. may periodically update this policy in response to evolving legislative requirements. Policy alterations that reduce privacy protections will only be made with written consent from the EA.

HIPAA Compliance

Student records shared with iSpeax Tech, Inc. by the EA within its platforms are classified as “education records” under FERPA and not “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). FERPA protections mean the HIPAA Privacy Rule does not cover student health information in educational records. However, in its commitment to uphold all privacy standards, iSpeax Tech, Inc. ensures its operations align with HIPAA regulations.