The superintendent of Mercer County Schools in Illinois, along with two district information technology employees, is facing criminal charges, including a felony, for allegedly accessing confidential student medical records to obtain vaccine information. Court documents detail accusations that the data was compiled into a shared database.
Key Takeaways
- Mercer County Superintendent Timothy Farquer, 53, faces felony official misconduct and two misdemeanor charges.
- Two IT employees, Amberly Norton, 41, and Andrea Long, 41, face misdemeanor charges for computer tampering and unauthorized access to medical records.
- Allegations claim Farquer ordered a nurse to provide student vaccine data, which was then used to create a Google database shared with unauthorized individuals.
- The school district issued a statement defending its handling of student records, citing state and federal education privacy laws.
Three School Officials Face Criminal Charges
Mercer County Schools Superintendent Timothy Farquer and two district employees appeared in court on Thursday to face charges related to the handling of student information. The case has brought significant attention to the Aledo, Illinois, community.
Farquer is charged with felony official misconduct, as well as misdemeanor counts of computer tampering and unauthorized access to medical records. The two district IT employees, Amberly Norton and Andrea Long, each face the two misdemeanor charges.
According to court records, the allegations against Farquer stem from an incident on September 1. The documents state he instructed a school nurse to provide him with confidential student vaccine information. This information was then allegedly used to create a Google database that was subsequently shared with people not authorized to view it.
The documents also indicate that Norton and Long are accused of accessing student data in 2019.
Understanding the Charges
Felony Official Misconduct: This is the most serious charge, filed against a public official who, in their official capacity, performs an act they know is forbidden by law. It carries more significant penalties than a misdemeanor.
Computer Tampering: This misdemeanor charge typically involves accessing or altering computer data without authorization.
Unauthorized Access to Medical Records: This charge relates to viewing or obtaining protected health information without a legal right to do so.
Police Investigation and Court Proceedings
The charges followed an investigation by the Aledo Police Department. On Wednesday, officers executed search warrants at Mercer County High School in Aledo and the district's administrative office in Joy. Officials confirmed that electronic devices were seized during the searches.
During the court appearance on Thursday, Amberly Norton was granted release with conditions. She informed the court she intends to hire a private attorney. Her next scheduled court date is October 7.
Information regarding the court filings for Superintendent Farquer and Andrea Long was not immediately available. Authorities have not released details regarding a potential motive for the alleged actions.
Timeline of Events
- 2019: IT employees allegedly access student data.
- September 1, 2025: Superintendent Farquer allegedly commits offenses.
- September 24, 2025: Police search school and district offices.
- September 25, 2025: The three accused officials appear in court.
School Board Responds, Cites Education Privacy Laws
In response to the arrests, the Mercer County School Board published a statement on the district's website. The board acknowledged the seriousness of the situation and confirmed its full cooperation with law enforcement and legal counsel.
The statement provided a defense of the district's record-keeping practices, arguing that its actions are governed by specific education-related privacy laws, not healthcare privacy laws like HIPAA.
"The Board emphasizes that these records are governed by the Family Educational Rights and Privacy Act and ISSRA, not by HIPAA or medical privacy laws applicable to healthcare providers. Their use within the school setting is lawful, regulated, and essential to the functioning of our educational mission," the statement read.
The district argued that student health records are legally defined as part of a student's overall school record under the Illinois School Student Records Act (ISSRA). It stated that access by school personnel, including nurses and support staff, is a necessary part of ensuring student safety and meeting state requirements.
The board also noted that the management of these records, including digital access, is handled by the IT department, which it described as a standard and legal practice.
Distinction Between HIPAA and FERPA
The district's statement highlights a key legal distinction that will likely be central to the case. While the Health Insurance Portability and Accountability Act (HIPAA) governs how healthcare providers handle patient data, school records fall under different regulations.
- FERPA (Family Educational Rights and Privacy Act): A federal law that protects the privacy of student education records.
- ISSRA (Illinois School Student Records Act): A state law that provides further guidelines on the maintenance and confidentiality of student records in Illinois.
The school board's position is that its handling of student health data is compliant with these education-specific statutes. The prosecution, however, has brought charges suggesting the actions of the three employees crossed a legal line.
The district has declined to provide further comment on the ongoing investigation or to confirm whether parents have been notified directly about the situation. In its statement, the board asked the public to "withhold judgment until all facts are reviewed and due process is respected."
