Compliance

This page addresses compliance-related points that all users should be aware of. Lightner-ai is a fully compliant system, but requires the user to not engage in malfeasance. Ai-ai reserves the right to audit cases to ensure user compliance with standard FERPA requirements. Lightner is also FERPA compliant in regards to encryption at rest and in transit. The system leverages industry-standard AES-256 encryption for storing data at rest, and has valid https certification through AWS for data in transit.

Family Educational Rights and Privacy Act (FERPA)

Lightner-ai allows the user to submit "Directory information" (student name, grade) -- permissible under FERPA disclosure rules. To proceed to Case Edit, users must complete one of two “Consent” workflow options: Consent or Waived Consent.

 To comply with FERPA re-disclosure laws, the user must appropriately determine which use case they are intending to proceed with:

  1. Users will be submitting student education record data that includes personally identifiable information (PII), and their educational institution for which they are acting as a school official does NOT have an enterprise-agreement with Ai-ai

    1. Users must obtain consent from the student's legal guardian/parent. They may do this by using Lightner’s integrated consent request workflow, where they can enter the recipient's name and email address, then click 'Request' to generate a consent request to the designated recipient

    2. This will send an email to the address with a subject line of "FERPA Consent Request: Evaluation Processing for (Student's Full Name)" and a link to Approve or Reject the request

    3. Users will be notified via the email that is linked to their account when the recipient completes a response

    4. For more information, refer to the code of federal regulations Title 34, Subtitle A, Part 99, Subpart D, 99.30

  2. Users will be submitting student education record data that includes personally identifiable information (PII), and their educational institution for which they are acting as a school official DOES have an enterprise-agreement with Ai-ai where the Company has been granted school official exemption.

    1. Users do NOT need to obtain consent from the student's legal guardian/parent

    2. We recommend users verify with their administrators that the appropriate vendor agreements are in place, and to which schools within their district that exemptions are applicable

    3. For more information, refer to the code of federal regulations Title 34, Subtitle A, Part 99, Subpart D, 99.31(a)(1)(i)(B)

  3. Users will be submitting education record data that does NOT include PII

    1. Removing all PII from the data (e.g. observations, score reports, and interviews) allows a user to not need a consent from a parent/guardian to use the system in compliance.

    2. Instead, they may 'Waive' the consent requirement, and proceed with an attestation that they have de-identified the records appropriately and no data will qualify as PII. This can be achieved by substituting all names with fictional or generic placeholder names, for example.

    3. For more information, refer to the code of federal regulations Title 34, Subtitle A, Part 99, Subpart D, 99.31(b)

The parent/guardian reserves the right to withdraw consent at any time; this can be done by clicking “Refuse” on an existing consent request that was previously Accepted. Users will be notified with a “Reneged” status.

All user & recipient data will be stored securely per the terms outlined in the Privacy Policy.

Ai-ai is not liable for any damages as a result of data breaches where consent was waived inappropriately and PII was present. For more details, users may review the Terms of Service.

For complete reference information, we recommend clicking here to review the code of federal regulations (Title 34, Subtitle A, Part 99).

Children’s Online Privacy Protection Act (COPPA)

COPPA does not generally apply in regards to use of the Lightner application per federal guidelines. This is because the services provided by Lightner-ai are not targeted towards students/children directly.

For complete reference information, we recommend clicking here to review the FTC’s COPPA documentation.

Health Insurance Portability and Accountability Act (HIPAA)

For virtually all normal cases, any information submitted by the user will fall under FERPA jurisdiction and requirements as data were originated and maintained by a school system, not a healthcare organization. Therefore, HIPAA regulations generally do not apply to student records. Exceptions may apply if evaluations originate from healthcare organizations and not a school official, and are recognized by institutional laws and designations as part of a healthcare encounter, but Lightner-ai does not support such use cases. This is outlined in the Terms of Service, and Ai-ai is not responsible nor liable for any misuse, abuse, or mishandling of HIPAA-protected information by users.

For complete reference information, we recommend clicking here to review the CDC’s documentation on FERPA vs HIPAA differences and applicability.