Can We Allow Students To Send Verification and Other Documents Via Email Due To Coronavirus?

KA-34739 Helpfulness Rating 2,951 page views

This AskRegs Knowledgebase Q&A was updated on January 5, 2021 to reflect confirmation of prior guidance and extended timeframes in the December 11, 2020 Federal Register. The following COVID-19 flexibilities now apply through the end of the payment period that begins after the date on which the federally declared qualifying emergency related to COVID-19 is rescinded.

Yes, but it's entirely up to the institution after consulting with its information technology (IT) department and/or legal counsel. 

The December 11, 2020 Federal Register allows a school to "accept a document signed and photographed and sent by email or text message attachment, on any verification documentation required to validate a student’s title IV eligibility..."

The following guidance, which applies more broadly than just verification documents, is from the U.S. Department of Education's (ED's) Title IV, HEA Q&A that is attached to the May 15, 2020 Electronic Announcement:

"Q: Is the Department providing any flexibilities during this national emergency for record retention and data security requirements given the rapid change to telework for many institutional employees.

A:  The Department cannot exempt an institution from record retention or data security requirements. An institution must use its judgment to determine whether it can securely use email or other electronic methods to exchange information with applicants and students. For example, an institution may determine that during the COVID-19 national emergency, they will accept documents (as permitted by the Office of Postsecondary Education’s Updated Guidance for interruptions of study related to Coronavirus (COVID-19), posted April 3, 2020) by photograph via smartphone or as a scanned document, as opposed to notarized or certified paper copies of documents that may be required under normal circumstances. In such instances, the institution must continue to properly preserve those documents for their records, which may include preserving text messages for the formal record or requiring students to provide hard copies, notarized copies or official copies of documents through the institution’s normal process when normal campus operations resume. We are providing flexibility to institutions regarding how they can collect documents during the national emergency, but institutions are still required to maintain the requisite documents in their records during and after the national emergency."

Per the December 11, 2020 Federal Register, the above May 15th announcement guidance now applies through the end of the payment period that begins after the date on which the federally declared qualifying emergency related to COVID-19 is rescinded.

The following guidance is general in nature and not limited by the COVID-19 timeframes.

Unless hard copies with "wet" signatures are specifically required by ED regulation or guidance, schools generally are allowed to accept documents by email but only if adequate measures are taken to encrypt and protect sensitive personal and taxpayer documents and data. One option may be to have the student submit the documentation through a secure online student portal. Another option may be to have the student encrypt and password-protect an email attachment.

In a Frequently Asked Questions about Cybersecurity Compliance document that was previously available on the Information for Financial Aid Professionals (IFAP) website, ED provided some specifics regarding the transmission of sensitive data via email (emphasis added):

“Secure means could include an appropriately safeguarded fax, a secure web portal to upload data and documents, student email accounts that encrypt communications to at least an AES-256-bit level, or separately encrypted attachments that are password protected (with the password provided in a separate email).”

“There are many applications that have the ability to encrypt attachments. An example is provided below for WinZip™, with the caveat that this is not the only acceptable method, and unless very carefully configured, WinZip would not fit the Federal Information Processing Standard (FIPS) which is defined by FIPS 140-2. The minimum acceptable encryption is AES 256-bit for PSIs.”

ED’s Q&A document also provides instructions for encrypting email attachments using WinZip.

That having been said, please be aware that this ED Q&A document is no longer posted on IFAP, and ED has indicated that it is currently reviewing that guidance, so it is possible that it may be revised. In the meantime, we strongly advise that you check with your school’s information technology (IT) office and legal counsel to ensure compliance and adequate safeguarding of sensitive information transmitted electronically. Any further questions on this topic should be sent to ED at FSASchoolCyberSafety@ed.gov.

There's always the U.S. Postal Service option.

Remember: You still need the student's written consent to communicate electronically. See AskRegs Q&A, Do Schools Have To Obtain Consent To Use Electronic Processes From All Students Or Just Title IV Aid Recipients?

Note: This AskRegs Q&A was updated on August 24, 2020 to reflect extended deadlines in the August 21, 2020 Electronic Announcement, as well as to provide additional information from the Q&A attachment to the May 15, 2020 Electronic Announcement.

AskRegs Q&As represent NASFAA's understanding of regulatory and compliance issues. They are FOR INTERNAL USE ONLY. While NASFAA believes AskRegs Q&As are accurate and factual, they have not been reviewed or approved by the U.S. Department of Education (ED). If you should need written confirmation of AskRegs information for audit or program review purposes, please contact your ED School Participation Division. NASFAA shall not be liable for technical or editorial errors or omissions contained herein; nor for incidental or consequential damages resulting from the furnishing, performance, or use of this material.