The Columbia conference was explicitly organized to follow up on a key issue raised by the Virginia Tech shootings: whether the shooter’s mental health history and disturbing behavior should have raised warning flags that might, if handled differently, have made it possible to prevent the tragedy. The same question has arisen after other violent events, in particular the 1999 shooting at Columbine High School in Littleton, Colorado (which, incidentally, appears to have had a significant influence on Seung Hui Cho, the Virginia Tech shooter).
Information-sharing issues were pinpointed by the Virginia Tech Review Panel, which noted in its summary of key findings that during Cho’s junior year on campus, “numerous incidents occurred that were clear warnings of mental instability. Although various individuals and departments within the university knew about each of these incidents, the university did not intervene effectively. No one knew all the information and no one connected all the dots.” In the end, the panel continued, “the system failed for lack of resources, incorrect interpretation of privacy laws, and passivity.” In the body of the report, the panel amplified on that finding: “the lack of information sharing among academic, administrative, and public safety entities at Virginia Tech and the students who had raised concerns about Cho contributed to the failure to see the big picture…. The Care Team was hampered by overly strict interpretations of federal and state privacy laws (acknowledged as being overly complex), a decentralized corporate university structure, and the absence of someone on the team who was experienced in threat assessment and knew to investigate the situation more broadly, checking for collateral information that would help determine if this individual truly posed a risk or not.”
Most campus public safety officials at the Columbia conference appeared to feel that in their institutions — possibly in part as a consequence of the Virginia Tech tragedy — barriers to communication are being overcome and information is getting to those who need it. “People realize lack of communication is going to kill us,” said Kenneth E. Finnegan, public safety director for Columbia’s Morningside campus, adding that information sharing has “improved dramatically, both from the mental health and the dean of student life sides of the house.” John DeAngelis, director of public safety at Columbia Teachers College, agreed: “I think we are in the best position we’ve ever been in… we’re in better shape than in years past.” A factor in this improvement may have been new guidelines for colleges and universities issued by the U.S. Department of Education several months after the Virginia Tech shootings in an attempt to clarify what disclosures are and are not permitted by the Family Educational Rights and Privacy Act, commonly referred to as FERPA. The guidelines specifically authorized designating campus police as “school officials” with a “legitimate educational interest,” and thus able to receive “personally identifiable information from students’ education records.”
There is, of course, a strong reason for protecting confidentiality of student information, mental health records in particular. Christopher Rodgers, dean of students at Fordham University’s Rose Hill campus, reminded the conference that the wall between a university administration and psychiatrists, psychologists and social workers exists and must be protected “so you can get students to come when they need to.” Without confidentiality safeguards, he added, “we are never going to hear half of things we hear about now.” Law, professional ethics, institutional policies and common sense all recognize that there are situations requiring exceptions to confidentiality rules, but there is no easy or simple formula determining what and how to disclose in a given case. That, as Dr. Paul S. Appelbaum pointed out in keynoting the March 12 session, is why “clinicians and administrators struggle constantly” with the issue — a necessary and appropriate struggle, because those decisions involve balancing different needs and obligations.
Appelbaum, professor of psychiatry, medicine and law in the psychiatry department of Columbia’s College of Physicians and Surgeons and director of the department’s division of law, ethics and psychiatry, commented that “we can learn from Virginia Tech and similar tragedies of lesser magnitude” where more disclosure might have helped avoid a disastrous event. But, he added, “rare events should not drive policy.” It is also worth remembering that universities and colleges are not dangerous places. Nor are they becoming more dangerous. The incidence of violent crime is much lower on campuses than in the nation as a whole, and available data show that rate declined, rather than rising, between the mid-’90s and the middle of the last decade. Though mass-casualty incidents like the shootings at Virginia Tech may heighten public fears, they do not represent an epidemic of campus violence or a need for drastic new limitations on confidentiality protection.
In view of the potential consequences for an individual and for the effectiveness of a counseling service, Appelbaum concluded, disclosure of mental health information should take place only when other options are unlikely to work, and specific information released should be tailored to needs of the situation. In most cases, he said, appropriate situations for disclosure will be those already listed in privacy laws as emergency exceptions — when third parties are in danger, in commitment proceedings, or when a patient is incompetent to consent to disclosure, among others. “Probably a reasonable approach for the institution as a whole,” he added, is the common-sense standard that disclosure “should do more good than harm.”
 Report of the Virginia Tech Review Panel, Summary of Key Findings, p. 2, and Chapter IV, p. 52
 Balancing Student Privacy and School Safety: A Guide to the Family Educational Rights and Privacy Act for Colleges and Universities. U.S. Department of Education,