Skip to main content

Oklahoma Department of Human Services
Oklahoma Department of Human Services
Stronger Families Grow Brighter Futures
Oklahoma Department of Human Services
Sequoyah Memorial Office Building, 2400 N. Lincoln Blvd. • Oklahoma City, OK 73105
(405) 521-3646 • Fax (405) 521-6684 • Internet: www.okdhs.org
 
Services    County Offices    About Us     Online Services     Library   Careers  Newsroom
 
OKDHS Hotlines
OKDHS Home > Library > Policy > OAC 340 > Chapter 65. Public Assistance Procedures > 1. General Provisions > 2. Confidential nature of case material
340:65-1-2. Confidential nature of case material
Back 
|
Next

Revised 7-1-12

 

(a) Legal basis.  The Oklahoma Department of Human Services (OKDHS) maintains the confidentiality of all applications, information, and records concerning any applicant or recipient in accordance with the Oklahoma Social Security Act, the Federal Social Security Act, and Section 183 of Title 56 of the Oklahoma State Statutes.

(b) Custody of records.  All case information including electronic data procured by, or available to, any staff member of OKDHS is the property of OKDHS and is used by staff only in accordance with the provisions of the law and the rules adopted by OKDHS.

  • (1) Authority to disclose information.  The county director is responsible for the custody of records in the human services center (HSC) and for their proper use.  All requests for information from an OKDHS record are referred to the county director, except in those instances where the request originates within OKDHS in carrying out its regular functions.  Staff members of each of the OKDHS operating divisions have access to records of the other divisions so that a mutual exchange of information, on the same family or related to a case under care, may be constructive.  • 1
  • (2) Safeguarding of case information.  Case information must be safeguarded in accordance with OAC 340:1-1-20, OKDHS:2-41-15, OKDHS:2-45, OKDHS:115-3-2, and as provided in this subsection.  The county director or delegated custodian of records is responsible for ensuring compliance with the applicable rules when the records are located in a HSC or any alternate work location.  • 2  Alternate work locations as defined in OKDHS:2-1-301 must have the capacity for safeguarding case information.  • 3  If an alternate work location cannot meet safeguarding standards, case information cannot be received, stored or processed at that location.
    • (A) Practices for safeguarding information include:
      • (i) secure physical storage of records in locked buildings, rooms and containers;
      • (ii) secure storage and care of OKDHS owned electronic equipment; • 4
      • (iii) controlled or restricted access to areas containing case information; • 5
      • (iv) case information:
        • (I) must be secured in a storage area when an employee is not present, such as in a desk or file cabinet; • 6
        • (II) may not be stored on any electronic device or storage media that is not the property of OKDHS;
        • (III) may not be sent outside the agency via e-mail unless it is encrypted; • 7
      • (v) raw tax data which includes any written, typed, photocopied, or printout of information from the Income Eligibility Verification System-Internal Revenue Service (IEVS-IRS), Beneficiary and Earnings Data Exchange System (BENDEX), and Beneficiary Earnings Exchange Record (BEER):
        • (I) must be secured in a storage area, such as a locked desk or file cabinet; • 8
        • (II) may not be viewed or stored on any electronic device that is not the property of OKDHS or the State of Oklahoma;
        • (III) may not be printed or maintained in a non-electronic format; • 9
        • (IV) may not be sent via e-mail; and
        • (V) may not be transmitted via fax; and
      • (vi) reasonable privacy or restricted viewing of electronic data visible on computer screens or mobile devices.
    • (B) Information which must be safeguarded includes:
      • (i) names and addresses, including lists;
      • (ii) information contained in an application;
      • (iii) reports of investigations;
      • (iv) medical data which includes, but is not limited to, diagnosis and past history of disease and disability ;
      • (v) correspondence and other records concerning the condition or circumstances of any person from whom or about whom information is obtained, regardless of whether it is recorded;
      • (vi) evaluations of such information;
      • (vii) warrant registers;
      • (viii) all data items available on computer screens.  Disclosure to any unauthorized person is a violation of federal and state agency regulations.  Persons considered to be authorized are:
        • (I) the client;
        • (II) the client's authorized representative;
        • (III) OKDHS staff;
        • (IV) authorized volunteers; and
        • (V) staff of outside agencies with a contract or agreement allowing access to specific data; • 10  and
      • (ix) raw tax data may include:
        • (I) the client's name;
        • (II) Social Security number;
        • (III) Internal Revenue Service (IRS) reporting firm, company, political subdivision;
        • (IV) state agency account number;
        • (V) type of income; and
        • (VI) the amount of income or resource.
  • (3) Nature of information to be made available.  General information not identified with any particular person or group of persons, such as total expenditures made, number of recipients, and other statistical information and social data contained in reports or surveys do not fall within the type of material to be safeguarded.
    • (A) Requested information is released to representatives of agencies which are authorized, by law, to have the information.  Information may be released to other agencies only when they give assurance that the:
      • (i) confidential character of the information will be preserved;
      • (ii) information will be used only for purposes related to the administration of the assistance program and the functioning of the inquiring agency; and
      • (iii) standards of protection established by the agency to which information is disclosed are equal to those established by OKDHS, both in regard to the use of the information by the staff and the provision of protective procedures.
    • (B) Addresses of clients can be disclosed to federal, state, and local law enforcement officers who furnish the client's name, Social Security number, and notify OKDHS that the location or apprehension of the client is within their official duties and that the client is:
      • (i) a fugitive felon who is fleeing to avoid prosecution, custody, or confinement after conviction; or
      • (ii) violating a condition of probation or parole.
    • (C) The days and hours a child is approved for the Child Care Subsidy Program can be disclosed to a child care provider.
    • (D) Upon written request, information used to establish eligibility that is not otherwise protected by law is made available to the client or the client's representative during normal business hours.  Confidential information, including the names of persons who have disclosed information about the client without the client's knowledge and the nature or status of pending criminal prosecutions is withheld.
    • (E) Information obtained by the worker from collateral sources, other than public records or the worker's written evaluation of the client's situation, cannot be made available to the client or to any other person without the consent of the person who gave the information.  Prior to a fair hearing, HSC staff is responsible for supplying the client with a copy of the written summary, documents, and other records which HSC staff present at the hearing.  [OAC 340:2-5]
  • (4) Release of information at request of client.  If the client or the client's representative requests OKDHS make available to him, her, or to other persons, courts, or agencies, certain information which he or she has given OKDHS regarding himself or herself, it is proper to do so, provided the release is to the designated person and the material is related to the specific subject involved.
    • (A) A written inquiry from an interested person, accompanied by the client's written permission, is considered sufficient to identify the person as the authorized representative of the client and information may be furnished.
    • (B) If a letter of inquiry does not conclusively show that the person making inquiry has been asked to obtain such information in behalf of the client, no action is taken without ascertaining the client's wishes in the matter.
  • (5) Release of information to courts.  Information about the client in his or her record is made available in court proceedings only upon subpoena, except upon request by court officials in cases of abandonment and desertion, neglect of children, or restitution when such cases have been referred to the court by OKDHS.  In these situation OKDHS staff testimony is limited to material affecting the administration of the public assistance law except when participating in a case requested by the client or the client's representative in which his or her personal interests are at stake.
    • (A) When an employee of OKDHS is subpoenaed by the court for the purpose of giving testimony based upon OKDHS records, the county director confers with the district attorney (DA) regarding recognition by the court of the right of OKDHS under the law to protect its records, and of the confidential character of information made available to OKDHS in the process of administering assistance.
    • (B) If there is reason to believe that the court will not respect the confidential character of OKDHS records, the county director communicates immediately with the Legal Division regarding the steps to be taken.  • 11
  • (6) Release of information to the DA.  Information is released to the DA, as necessary, to carry out OKDHS policy regarding support from an absent parent.  In every instance, the relative making application for Temporary Assistance for Needy Families (TANF) is informed of the requirement for obtaining support from an absent parent.
  • (7) Release of medical information.  Medical information paid for by OKDHS is not released, even at the request of the person to whom it pertains, except to another agency to which the person has applied for services with the objective to protect or advance the person's welfare.  There is nothing in Oklahoma law or federal law to prevent a physician from releasing medical information to his or her patient or an authorized representative of the patient.  The physician, in such instances, is governed by the physician‑patient relationship.  • 12
    • (A) The OKDHS Legal Division is responsible for determining whether the particular medical information being requested may be released under federal regulations and OKDHS policies.  When such clearance has been made, the Legal Division notifies FSSD.  FSSD contacts HSC staff regarding the action to take.
    • (B) Medical information that HSC staff has obtained from the Veterans Administration or from the Social Security Administration cannot be released to anyone outside OKDHS.
    • (C) When a client requests a hearing on a medical decision, all medical records or reports except for psychological and psychiatric records, which were considered in establishing the medical decision, are provided to the client or authorized representative at a reasonable time before the date of the hearing.  Copies of psychological and psychiatric records are not made available unless the release of these records is consented to by the treating physician or practitioner or are ordered released by a court of competent jurisdiction upon a finding that it is in the best interest of a patient.

INSTRUCTIONS TO STAFF 340:65-1-2

 

Revised 7-1-12

 

1.   Case records must remain in the local human services center (HSC) unless approval is received from the county director to remove a case record to another designated location.  The county director may delegate the authority for permission to remove a case record to the worker's supervisor.

(1) Circumstances when it may be permissible to remove a case record include:

(A) staff from another division within the Oklahoma Department of Human Services (OKDHS) requests the case record for use in a criminal or administrative investigation or to review the record for other OKDHS official business;

(B) a court issues a subpoena for the case record to be brought to court; or

(C) the worker receives permission to work offsite at home or another designated location and supervisory staff are aware that the case record has been removed from the HSC.

(2) When permission to remove the case record has been granted, the worker or other designated HSC staff must record on a paper or electronic log that is accessible to the entire office:

(A) the case name;

(B) the case number;

(C) the date the case record was removed from the HSC;

(D) why it was removed;

(E) where the case record can be located while it is out of the HSC; and

(F) the date it is returned to the HSC.

(3) Case records removed from the HSC in order for the worker to work offsite at home or another designated location must be stored in a secure and locked location such as a filing cabinet or lockbox.  Prior to permission being given to remove a case record from the HSC for this reason, the supervisor must discuss with the worker how the case record will be safeguarded against confidential information being accessed by others.

(A) To make a decision whether to remove the entire case record or only parts of the record from the HSC, it must be determined:

(i) which documents are necessary to complete the work being performed offsite; and

(ii) how the worker will secure the case record offsite when not in use.

(B) When the entire case record is not removed from the HSC, it must be determined how the worker will ensure documents from different case records are always returned to the correct case record.

2.   (a) Refer to OKDHS:115-3-2 for information about the county director's responsibility to safeguard records and the confidentiality of client information and to be alert to possible compromises of security and conflicts of interest. 

(b)  OKDHS:115-3-2 also includes information about employee responsibility to complete Form 09042E, Securing and Assigning Sensitive Case Records, when they, members of their household, relatives, or other persons whose circumstances are considered sensitive in nature apply for or receive benefits or services from the same HSC where the employee works.

3.   Refer to OKDHS:2-1-301 for information regarding the authority to inspect alternate work locations.

4.    Refer to OKDHS:2-41-15(l) for information regarding the safeguarding of mobile equipment.

5.   Controlled access includes the implementation of practices to identify staff accessing areas where case information is located.  Refer to OKDHS:2-21-113 for rules concerning the display of identification badges in OKDHS facilities.

6.   Information is not left on a desk, file cabinet, work area, or any other location when the employee is away from the desk or work area.

7.   (a) OKDHS staff may send email communications to a client who has voluntarily provided his or her email address to OKDHS when the communication does not contain confidential information such as personal health, adult protective services (APS), child welfare (CW), alcohol or drug treatment, or mental health information. 

(b) Per Health Insurance Portability and Accountability Act (HIPAA) rules at OAC 340:2, OKDHS must protect health information using data security rules for encryption per OKDHS:2-41-15 when transmitting OKDHS data over the Internet. 

(c) Email communication does not take the place of written communications required by law or policy such as:

(1) providing official written notice of benefit actions taken on the client's case; or

(2) the requirement to send Form 08AD092E, Client Contact and Information Request, to advise a client of an interview time or verification request. 

(d) Some examples of appropriate email communication include, but are not limited to, sending an email to:

(1) request the client call the worker to arrange an interview time or answer questions;

(2) advise the client that incomplete verification was received or additional verification is required; or

(3) respond to an email received from a recognized client account.

(e) The worker retains a copy of the email communication in the case record or records the content and date of the communication in FACS Case Notes.  When a response is needed within a certain time frame, the time frame is clearly stated in the email.

8.   Any record containing raw tax data or information must be secured in a storage area, such as a locked desk or file cabinet.  At no time is raw tax data left on a desk, file cabinet, work area, or any other location even when the employee is away from the desk or work area for a short period of time.

(1) Provisions of Section 7213 of the Internal Revenue Code (IRC) make willful, unauthorized disclosure of federal returns or return information a felony punishable by a fine not exceeding $5,000 or imprisonment of not more than five years, or both, together with the costs of prosecution and dismissal from office or discharge from employment.

(2) Provisions of Section 7213A of the IRC, the Taxpayer Browsing Protection Act, make unauthorized inspection of returns or return information a misdemeanor punishable by a fine not exceeding $1,000 or imprisonment of not more than one year, or both, together with the cost of prosecution and dismissal from office or discharge from employment.

(3) Provisions of Section 7431 of the IRC permit a taxpayer to bring suit for civil damages for unauthorized disclosure of returns or return information in the amount equal to the sum of the greater of $1,000 for each act or the sum of the actual damages sustained plus the cost of the action.

9.   Raw tax data is viewed on the PS2 eligibility system through the IEV and BWG transactions, this information should not be printed unless authorized by legal staff.

10. OKDHS enters into different types of information sharing agreements or contracts with outside agencies.  The Family Support Services Division (FSSD) Information Privacy and Security Section maintains such agreements or contracts.  HSC staff sends inquiries regarding release of such information to the FSSD Information Privacy and Security Section or emails FSSDSecurity@okdhs.org to determine what, if any, information may be released.

11.       Refer to OKDHS:2-25-10 regarding subpoenaed records.

12. When the HSC receives requests for medical information that is not defined in OAC 340:65-1-2, HSC staff contacts the FSSD Health Related and Medical Services Section (HRMS) and outlines the details of the request.  If a legal opinion is necessary, the HRMS supervisor makes a referral to the Legal Division and advises HSC staff of what action to take.
Back
|
Next


Last Updated:  6/26/2012
Oklahoma Department of Human Services
Street address: Sequoyah Memorial Office Building, 2400 N. Lincoln Blvd., Oklahoma City, OK 73105
Mailing address: P.O. Box 25352, Oklahoma City, OK 73125
(405) 521-3646
Help | Web site Policies | Feedback | Accessibility | Document Readers