1. Case records must remain in the local human services center (HSC) unless approval is received from the county director to remove a case record to another designated location. The county director may delegate the authority for permission to remove a case record to the worker's supervisor.
(1) Circumstances when it may be permissible to remove a case record include:
(A) staff from another division within the Oklahoma Department of Human Services (OKDHS) requests the case record for use in a criminal or administrative investigation or to review the record for other OKDHS official business;
(B) a court issues a subpoena for the case record to be brought to court; or
(C) the worker receives permission to work offsite at home or another designated location and supervisory staff are aware that the case record has been removed from the HSC.
(2) When permission to remove the case record has been granted, the worker or other designated HSC staff must record on a paper or electronic log that is accessible to the entire office:
(A) the case name;
(B) the case number;
(C) the date the case record was removed from the HSC;
(D) why it was removed;
(E) where the case record can be located while it is out of the HSC; and
(F) the date it is returned to the HSC.
(3) Case records removed from the HSC in order for the worker to work offsite at home or another designated location must be stored in a secure and locked location such as a filing cabinet or lockbox. Prior to permission being given to remove a case record from the HSC for this reason, the supervisor must discuss with the worker how the case record will be safeguarded against confidential information being accessed by others.
(A) To make a decision whether to remove the entire case record or only parts of the record from the HSC, it must be determined:
(i) which documents are necessary to complete the work being performed offsite; and
(ii) how the worker will secure the case record offsite when not in use.
(B) When the entire case record is not removed from the HSC, it must be determined how the worker will ensure documents from different case records are always returned to the correct case record.
2. (a) Refer to OKDHS:115-3-2 for information about the county director's responsibility to safeguard records and the confidentiality of client information and to be alert to possible compromises of security and conflicts of interest.
(b) OKDHS:115-3-2 also includes information about employee responsibility to complete Form 09042E, Securing and Assigning Sensitive Case Records, when they, members of their household, relatives, or other persons whose circumstances are considered sensitive in nature apply for or receive benefits or services from the same HSC where the employee works.
3. Refer to OKDHS:2-1-301 for information regarding the authority to inspect alternate work locations.
4. Refer to OKDHS:2-41-15(l) for information regarding the safeguarding of mobile equipment.
5. Controlled access includes the implementation of practices to identify staff accessing areas where case information is located. Refer to OKDHS:2-21-113 for rules concerning the display of identification badges in OKDHS facilities.
6. Information is not left on a desk, file cabinet, work area, or any other location when the employee is away from the desk or work area.
7. (a) OKDHS staff may send email communications to a client who has voluntarily provided his or her email address to OKDHS when the communication does not contain confidential information such as personal health, adult protective services (APS), child welfare (CW), alcohol or drug treatment, or mental health information.
(b) Per Health Insurance Portability and Accountability Act (HIPAA) rules at OAC 340:2, OKDHS must protect health information using data security rules for encryption per OKDHS:2-41-15 when transmitting OKDHS data over the Internet.
(c) Email communication does not take the place of written communications required by law or policy such as:
(1) providing official written notice of benefit actions taken on the client's case; or
(2) the requirement to send Form 08AD092E, Client Contact and Information Request, to advise a client of an interview time or verification request.
(d) Some examples of appropriate email communication include, but are not limited to, sending an email to:
(1) request the client call the worker to arrange an interview time or answer questions;
(2) advise the client that incomplete verification was received or additional verification is required; or
(3) respond to an email received from a recognized client account.
(e) The worker retains a copy of the email communication in the case record or records the content and date of the communication in FACS Case Notes. When a response is needed within a certain time frame, the time frame is clearly stated in the email.
8. Any record containing raw tax data or information must be secured in a storage area, such as a locked desk or file cabinet. At no time is raw tax data left on a desk, file cabinet, work area, or any other location even when the employee is away from the desk or work area for a short period of time.
(1) Provisions of Section 7213 of the Internal Revenue Code (IRC) make willful, unauthorized disclosure of federal returns or return information a felony punishable by a fine not exceeding $5,000 or imprisonment of not more than five years, or both, together with the costs of prosecution and dismissal from office or discharge from employment.
(2) Provisions of Section 7213A of the IRC, the Taxpayer Browsing Protection Act, make unauthorized inspection of returns or return information a misdemeanor punishable by a fine not exceeding $1,000 or imprisonment of not more than one year, or both, together with the cost of prosecution and dismissal from office or discharge from employment.
(3) Provisions of Section 7431 of the IRC permit a taxpayer to bring suit for civil damages for unauthorized disclosure of returns or return information in the amount equal to the sum of the greater of $1,000 for each act or the sum of the actual damages sustained plus the cost of the action.
9. Raw tax data is viewed on the PS2 eligibility system through the IEV and BWG transactions, this information should not be printed unless authorized by legal staff.
10. OKDHS enters into different types of information sharing agreements or contracts with outside agencies. The Family Support Services Division (FSSD) Information Privacy and Security Section maintains such agreements or contracts. HSC staff sends inquiries regarding release of such information to the FSSD Information Privacy and Security Section or emails FSSDSecurity@okdhs.org to determine what, if any, information may be released.
11. Refer to OKDHS:2-25-10 regarding subpoenaed records.
12. When the HSC receives requests for medical information that is not defined in OAC 340:65-1-2, HSC staff contacts the FSSD Health Related and Medical Services Section (HRMS) and outlines the details of the request. If a legal opinion is necessary, the HRMS supervisor makes a referral to the Legal Division and advises HSC staff of what action to take.