This sensitive data should not be secured via role. Unless someone has Nurse, they should not be able to see information about a child they do not have in a class/group. We can't use the Directories because of this (and a few other reasons), and any admin with access to the Academic Student Profile who also teaches a single class can pull up info for any student across the entire school. This may only be a handful of people, but it's a major security risk.