it's not just copyright law that's totally snafu...

Here's an except from a recent article in the New England Journal of Medicine. (Shuchman, Miriam. "Falling through the Cracks -- Virginia Tech and the Restructuring of College Mental Health Services." NEJM. 357(2):105-110)
Falling through the Cracks — Virginia Tech and the Restructuring of College Mental Health Services

...

FERPA, HIPAA, and the Privacy of College Students

The laws and professional codes of conduct that protect a college student's right to privacy are so confusing that they have produced "massive misunderstanding," according to Peter Lake, director of the Center for Excellence in Higher Education Law and Policy at Stetson University. This claim is supported by a "Report to the President" issued by three Cabinet members in June. Confusion about federal and state privacy laws was a consistent theme in discussions that these officials held throughout the country in response to the Virginia Tech tragedy.

The Family Educational Rights and Privacy Act (FERPA), the college confidentiality law passed in 1974, is often interpreted as prohibiting faculty or staff members from sharing information about a student with one another or with family members unless there is an emergency, but Lake said this is a misinterpretation. FERPA was not intended to block communication between deans or professors, who may share students' academic records. It's also not aimed at blocking communication between universities and students' families, since it restricts only discussion of a student's academic record, not interactions about, say, strange behavior or illness. Yet Cabinet members "repeatedly heard reports of `information silos' within educational institutions . . . that impede appropriate information sharing."

College counseling centers may also claim that they are prevented by the Health Insurance Portability and Accountability Act (HIPAA) from sharing information about a student without the student's permission, but experts differ about whether and when HIPAA applies. The Cabinet members wrote that in their meetings "and in every breakout session, we heard differing interpretations and confusion about legal restrictions on the ability to share information about a person who may be a threat to self or others."

Most college mental health personnel follow standard medical confidentiality rules, which can be frustrating to parents and to faculty and staff members. But without a strict interpretation of confidentiality, many students might not seek care. "A large percentage of our students who come for counseling have had thoughts of suicide," said Mark Reed, director of Dartmouth College's Counseling and Health Resources Departments. "If they think, `If I whisper those words, I'm going to be kicked off campus,' that will prevent them from coming."

One answer for counseling centers is to find another person on campus who can communicate about a student more broadly. Class deans, who fill that role at Dartmouth, are free to communicate with family and faculty members. Though deans cannot know what is in the student's counseling or medical records, they can share their own concerns about a student's behavior or the concerns raised by others. Said Reed, "If family call us or the coach calls us, we'll say, `You're right to be concerned, and you may also want to share that with the dean.'" Information that comes to the dean from these other sources — not the school's health or mental health service — "is not HIPAA protected," explained Paul Appelbaum, director of the Division of Psychiatry, Law, and Ethics at Columbia University.

Another answer is to find legal counsel who can weigh the risks of breaching confidentiality against the risks of keeping it. At the University of Michigan, health care professionals have been reassured by university counsel that if a breach in confidentiality is required to preserve a student's life or mental health, the university will support them, "though it's done with great gravitas," said chief health officer Robert Winfield.

Both FERPA and HIPAA have exceptions for emergencies, but even the exceptions are confusing, and the Cabinet members found that people were generally unaware of these exceptions.

Perhaps, as Lake predicts, the Virginia Tech case will ultimately help to clarify the provisions of the privacy laws and allow crucial communication to take place."