ClearTrack 200/RTI Edge is a tool developed and maintained by the SCRIC (South Central Regional Information Center), a division of Broome Tioga BOCES. As such, any data uploaded to the system is in the hands of an “educational agency.” As you may know, educational agencies are exempt from the strict compliance required of third-party contractors for data security and privacy required by New York Education Law §2-d. Nevertheless, we have adopted this protocol to assure Cleartrack 200/RTI Edge customers of our commitment to data security and privacy, protecting the confidentiality of student information under our stewardship. This Privacy Notice explains how we collect, share, use, and protect student information within the systems and services that we manage on behalf of school districts.

The ClearTrack 200/RTI Edge Development Team has access to personally identifiable information on students and staff for the sole purpose of providing support to School Districts and sending health-related data required for Medicaid reimbursement. Any data collected is necessary in order for districts to manage the day-to-day operations of their schools and comply with New York State reporting and billing requirements.

Databases may reside on servers managed by SCRIC (South Central Regional Information Center), a division of Broome-Tioga BOCES, Amazon Web Services, or other Regional Information Centers across New York State. All student data housed within these systems belongs to the respective school districts.

ClearTrack 200/RTI Edge will not release or provide access to student data to parents, students, other vendors or other unauthorized agencies, without the expressed consent of the school district that is responsible for the data. Requests for student information or access received by ClearTrack 200/RTI Edge from unauthorized parties will be referred to the respective school district for authorization.

If, for any reason, ClearTrack 200/RTI Edge intends to use student information in a manner different from that stated at the time of collection, we will notify the school district. School administration will have a choice as to whether or not ClearTrack 200/RTI Edge can use student information in such a way.

If students or parents wish to review, update, or correct student information, they should follow the policies and procedures of their local school district.

Only student information relevant and necessary to the application is collected. No other student information is collected. The specific information that is collected includes Personally Identifiable Information (PII). PII is data that identifies a specific student, can be used to distinguish one student from another or be used in combination with other information to identify the student.

PII includes but is not limited to, a student’s name, address, email, unique school identification number, student photos, individualized education programs (IEPs or other student education plans), testing and evaluations, medical records, date of birth, and any access codes or passwords that permit access to personal records.

• Password protection and authentication to establish the identity of all persons accessing systems housing student data and at the appropriate level of authority.
• Stringent account provisioning, de-provisioning, and authorization procedures.
• Encrypted transmission of student data.
• Secured file structures limiting student information access to only authorized employees.
• Privacy requirements incorporated into all contracts with vendors and consultants who come into contact with student data.
• Software patches which may include security enhancements.
• Regular privacy risk assessment and review of security and privacy controls.

ClearTrack 200/RTI Edge and the SCRIC also regularly promote awareness of student data security and privacy issues and train staff on security and privacy standards. This includes participating in an annual training session for all SCRIC staff and managers regarding security and privacy policies, guidelines, and practices. We consider data to be confidential and is not used for any purpose other than providing services on the district’s behalf.

Sometimes individuals and organizations outside the schools and ClearTrack 200/RTI Edge, such as software support teams and technical consultants, have access to student data by the nature of the work they do.

In these cases, ClearTrack 200/RTI Edge requires stringent contractual obligations (the same as the SCRIC) for the security and privacy of student data in compliance with the New York State Common Core Implementation Reform Act of March 2014. Contracts with these providers include the following stipulations:

School districts are solely responsible for the accuracy of the student data that their employees enter into and utilize within ClearTrack 200/RTI Edge.

New York State has defined a multi-level process for exporting student data to the New York State Education Department Student Information Repository System (SIRS database). The first step in this process is to import data to Level 0 of the system, resolve any errors that result, and validate the accuracy of this data.

For Medicaid purposes, Broome-Tioga BOCES (Board of Cooperative Educational SO) Medicaid Service Bureau (MSB) adheres to a Medicaid Billing Compliance Program. We ensure data encryption and secure data transfer are used to move the data from school districts enrolled in eMedNY.

ClearTrack 200/RTI Edge monitors its privacy policies and practices, including this Privacy Notice, to ensure compliance with the most recent state and federal laws.
ClearTrack 200/RTI Edge also self-monitors to ensure that internal security and privacy processes and procedures meet the requirements described in this Notice. This includes processes for the regular assessment of risks and regular review of security and privacy procedures and documents.

All choices available to students and parents regarding the collection, use and disclosure of student information are governed by the policies and procedures of each student’s respective school district and are outside the jurisdiction of ClearTrack 200/RTI Edge. All requests received to opt-out or limit data collection, data use and information disclosure for a specific student will be referred to the school district of that student.

Inquiries, complaints, disputes, or Freedom of Information requests concerning specific student data should be directed to the local school district(s) responsible for the student information.
If you have an inquiry, complaint, or dispute specific to ClearTrack 200/RTI Edge’s privacy notice or practices, please allow thirty (30) days for us to document and respond to your request. All documented inquiries, complaints and disputes will be collected and reviewed to determine whether appropriate actions were followed and to assess if changes to procedures and/or policies should be implemented to further improve SCRIC services. All submissions will be documented and cataloged and an appropriate response will be provided.

 Please send all inquiries, complaints or dispute information to: 

              Christine Choi
              Broome-Tioga BOCES Data Protection Officer
              [email protected]
              607-763-3623

Employees who become aware of a suspected or actual security breach must report the matter immediately as follows:

• School district employees: Contact your superintendent’s office immediately.
• SCRIC staff: Contact your manager immediately.