FERPA Policy

Last updated: September 25, 2024

HiTA’s Approach to FERPA Compliance

HiTA is a platform that integrates securely with institutional systems while prioritizing the protection of student data. Below are the key aspects through which HiTA assists educational institutions in meeting FERPA standards:

Controlled Access to Student Data

HiTA allows institutions to set specific roles and permissions for accessing student data. Only authorized users, such as instructors, administrators, and students, have access to relevant records based on their role within the institution. AI assistants within HiTA are designed to provide support to users without exposing or disclosing personal student information.

Integration with Institutional Systems

HiTA integrates seamlessly with LMS systems like Canvas while adhering to strict privacy protocols. During the authentication process with an LMS, HiTA uses OAuth2, a secure authentication standard, ensuring that data transfer and access are protected. When importing courses and student information from an LMS like Canvas, HiTA follows a read-only approach to student data and does not modify or store sensitive student records beyond what is necessary for course management.

Data Protection and Privacy Controls

HiTA allows institutions to anonymize student names to provide an added layer of privacy. This feature ensures that instructors can access necessary student records without exposing identifiable information. The platform implements logging-off inactive users and requires authentication for access to any part of the service, ensuring that only authorized users can access student data.

Instructor Control Over Course Content and Student Data

Instructors have full control over what course materials and student records are shared with HiTA. When creating course assistants, instructors decide the resources available to the assistant's knowledge base, allowing control over what information is shared and ensuring that only FERPA-compliant data is used. At the end of a course or semester, instructors have the ability to delete course content and data from HiTA as per their institution’s data retention policies.

Secure Communication and Data Handling

HiTA’s communication between users, such as messaging through course assistants, is securely handled within the platform. Personal email addresses and contact information are not exposed during any interactions, and all conversations are recorded in a secure manner accessible only to authorized personnel. Data transmission between HiTA, the LMS, and users is encrypted to protect against unauthorized access or data breaches.

Documentation and Transparency

HiTA provides comprehensive documentation to guide administrators, instructors, and users through setting up and managing the platform in compliance with FERPA requirements. The documentation outlines how to securely manage course data throughout the use of the platform.

HiTA Privacy Policy and User Data

HiTA adheres to a strict privacy policy, which outlines how user data is collected, stored, and used. No student data is used for purposes outside the scope of course facilitation and improvement of educational services. The policy prohibits the use of student records for training machine learning models, selling data to third parties, or any other activities that might violate FERPA.