The District is technically a “covered entity” under the Health Insurance Portability and accountability Act of 1996 (HIPAA), which among other things protects the privacy of personal health information of individuals. The District has this status because it provides health care services to some students. However, the District hereby designates itself as a “hybrid entity” under HIPAA, which means that only covered functions (student health services) are subject to the HIPAA Privacy Rule. That rule provides that school districts do not have to comply with HIPAA privacy regulations in connection with student health records because those records are already protected by another federal law: the Family Educational Rights and Privacy Act (FERPA). When dealing with student records, District officials are obligated and directed to safeguard student health information through compliance with FERPA.