5101:1-1-03 Disclosure of recipient information, nondiscrimination, and treatment of information received from the internal revenue service and social security administration.  

5101:1-1-03                 Disclosure of recipient information, nondiscrimination, and treatment of information received from the IRS internal revenue service and social security administration.

(A)  Confidential records

All information and records concerning a recipient of disability financial assistance (DFA) pursuant to Chapter 5115. of the Revised Code, Ohio works first (OWF) pursuant to Chapter 5107. of the Revised Code, and prevention, retention and contingency (PRC) pursuant to Chapter 5108. of the Revised Code are confidential. No information or records regarding applicants, recipients, or former recipients of any of the programs listed in this paragraph is to be released to anyone except as provided in sections 5101.27 and 5101.28 of the Revised Code, including an entity administering a program assisting needy individuals with the costs of public utility services or as otherwise delineated in this rule pursuant to section 5101.30 of the Revised Code.

(B)  Allowable disclosure of information

In accordance with section sections 5101.27, 5101.28 and 5101.30 of the Revised Code and in addition to sections 5101.27 and 5101.28 of the Revised Code, recipient information and records for any of the programs identified in paragraph

(A)   of this rule may be released to the following entities identified in paragraphs (B)(1) to (B)(10)(9) of this rule. However, only the minimum information or records necessary to fulfill the need for the sharing of information as allowed by this rule may shall be released: released.

(1)   A provider of services or assistance connected with the programs identified in paragraph (A) of this rule. Access to information under this paragraph is limited to information that is essential for the provider to render or bill for services or assistance or to bill for services or assistance rendered. Providers receiving this information may shall not use this information except for the purpose set out in this paragraph and are subject to penalties set out in section

5101.99 of the Revised Code for unauthorized use of the information.

(2)    Any private contractor, grantee, or other state or county entity, performing administrative or other duties on behalf of the Ohio department of job and family services (ODJFS) or a county department of job and family services (CDJFS) agency when in compliance with paragraphs (B)(3)(2)(a) to (B)(3)(d)(2)(c) of this rule. Access under this paragraph includes but is not limited to exchange of information pursuant to section 307.987 of the Revised Code. Information that can be accessed under this paragraph is limited only to information needed for completion of the administrative or other duties on behalf of ODJFS or CDJFS the county agency:

(a)   There must be a signed, written agreement with the contractor, grantee, or entity, that establishes the purpose and scope of duties to be performed for ODJFS or CDJFS the county agency.

(b)     The agreement shall contain language that the contractor, grantee, or entity may shall not use the information received pursuant to the agreement for purposes other than those set out in the written agreement.

(c)       The agreement shall include language which establishes that the contractor, grantee, or entity is bound by relevant Ohio confidentiality laws and ODJFS rules; and, that disclosure of the information by the contractor, grantee, or entity in a manner not authorized by the rules Revised Code or Administrative Code is a breach of the contract and a violation of sections 5101.27 and subject to penalties set forth in section

5101.99 of the Revised Code.

(3) An employer for purposes of claiming tax credit under Public Law 94-12, the Tax Reduction Act of 1975 or claiming some other type of payment from any governmental entity in connection with a program that provides payments to employers for hiring and employing public assistance recipients. An employer may access only the recipient information that is essential for claiming the tax credit or payment. Use of the recipient information by the employer shall be only for the purpose set out in this paragraph and unauthorized use of the information shall be subject to penalties set out in section 5101.99 of the Revised Code.

(4)(3) Any state licensing or certification authority while performing their its statutory duties of conducting or assisting with investigations, prosecution or civil or criminal proceedings against medicaid providers, provided that any such licensing or certification authority agrees to be bound by the same rules and regulations regarding recipient confidentiality that binds ODJFS. To ensure agreement of confidentiality, these information requests and responses will be conducted solely between the requesting authority and the appropriate office within ODJFS.

(5)(4) A county child support enforcement agency (CSEA) when requesting relevant information needed to secure child support pursuant to rule 5101:1-3-10 of the Administrative Code.

(6)(5) State and local offices of women, infants and children (WIC), child and family health services (CFHS), and the children with medical handicaps program (CMH). The information shared is limited to eligibility information

for specific individuals or assistance groups receiving these services from WIC, CFHS and/or CMH.

(7)(6) PublicA public children services agencies (PCSAs) agency (PCSA) when the CDJFS county agency is to report known or suspected instances of child abuse and neglect of a child receiving OWF, PRC or DFA or when the PCSA needs information in order to conduct an assessment/ or investigation of a report of alleged child abuse or neglect, as delineated set forth in rule 5101:2-39-51 5101:2-33-28 of the Administrative Code. Instances of abuse and neglect situations exist when a child experiences physical or mental injury, sexual abuse, or exploitation, or negligent treatment or maltreatment under circumstances which indicate that the child's health or welfare is threatened.

(7) To the extent permitted by federal law, the ODJFS and county agencies shall provide information, except information directly related to the receipt of medical assistance or medical services, regarding recipients of public assistance under a program administered by the ODJFS or a county agency pursuant to Chapter 5107., 5108., or 5115. of the Revised Code to law enforcement agencies upon request for the purposes of investigations, prosecutions, and criminal and civil proceedings that are within the scope of the law enforcement agencies' official duties.

(8) Information about a recipient shall be exchanged, obtained, or shared only if ODJFS, the county agency, or law enforcement agency requesting the information gives sufficient information to specifically identify the recipient. In addition to the recipient's name, identifying information may include the recipient's current or last known address, social security number, other identifying number, age, gender, physical characteristics, any information specified in an agreement entered into under section 5101.28 of the Revised Code, or any information considered appropriate by ODJFS or the county agency.

(C)  Requirements regarding protection of the recipient's right to control personal data

The following requirements must be explained at the time of application for assistance or services and are included to protect the recipient's right to control personal data.

(1)   Whenever a recipient of any of the programs identified in paragraph (A) of this rule is asked to supply personal data to the CDJFS county agency or ODJFS, the legal requirements for providing or not providing such data must be explained to him.

(2)   Upon the request of any recipient of any of the programs identified in paragraph

(A)   of this rule, the CDJFS county agency must make all data collected about that individual available to the individual. Medical, psychiatric or psychological information may not be released to the individual or his legal guardian if the CDJFS county agency has reason to believe that its release may have an averse adverse effect on the individual.

If the CDJFS county agency has reason to believe that the release of medical, psychiatric or psychological information may have an adverse effect, the CDJFS county agency shall release this information to a physician, psychiatrist or psychologist designated by the individual. Once the individual provides expressed and informed consent, the CDJFS county agency will send this information to the designated medical provider. The medical provider will then determine whether the information should be disclosed to the recipient.

In addition, the agency must supply an interpretation of the data if it is not readily understandable. If the individual feels that the data is incomplete or inaccurate, the individual has the right to include additional information in the individual's files.

(3)    Upon any request for individual data through compulsory legal process, the recipient of any program identified in paragraph (A) of this rule, must be immediately informed of such request. In addition, the department must inform the court of the statutory and regulatory provisions against disclosure of information, if state or federal law precludes the release of the information. If the court still seeks the information, and if the information is not protected by any other privilege recognized by law, the county agency will furnish the specified information to the court itself along with ODJFS policies for safeguarding that information. At the same time, the county agency must notify the individual that the information has been furnished to the court and must supply duplicate copies to that individual of the information so furnished.

(4)    Pursuant to division (D) of section 5101.27 of the Revised Code, ODJFS and the CDJFS county agency may release information about a recipient of any of the programs listed in paragraph (A) of this rule, if the recipient gives voluntary, written consent in compliance with section 5101.27 of the Revised Code.

(D)  Nondiscrimination

CDJFS areThe county agency is responsible for rendering providing assistance without discrimination on account of race, color, religion, national origin, gender,

sexual orientation, disability, age or political beliefs, in a manner consistent with the United States constitution, Social Security Act (1952), Civil Rights Act (1964), and the Constitution of the state of Ohio, and policies of ODJFS all federal and state laws relating to non-discrimination.

(E)  Release of information

A signed JFS 07341 "Applicant/Recipient Authorization for Release of Information" (rev. 10/01 04/2004) shall be obtained whenever the CDJFS county agency requests information from a third party. The CDJFS county agency shall use the JFS 03397 "Authorization for the Release or Use of Protected Health Information (PHI)" (rev. 4/04 07/2003) when the information is medical in nature or the JFS 06907 "LEAP-Learning, Earning, and Parenting Program School Information Release Form" (rev. 8/032003) when requesting attendance and educational information for LEAP program participants. A copy of any signed release must be included in the individual's file.

(F)    Confidentiality requirements for information from the social security administration (SSA)

(1)     The SSA sends information to the ODJFS about retirement, survivors and disability insurance (RSDI) (SSA retirement, survivors, disability, and health insurance) and supplemental security income (SSI) beneficiaries who are an applicant for or recipients of any of the programs listed in paragraph (A) of this rule. ODJFS displays this information to the CDJFS using the CRIS-E data exchange screens, DEBB (RSDI) and DESX (SSI). The ODJFS state verification and exchange system (SVES) provides electronic interface with the SSA. The interface allows the transfer of Title II (SSA retirement, survivors, disability, and health insurance benefits), Title XVI (supplemental security income), and benefit earnings exchange record (BEER) information about employment (whether or not the individual is a participant of RSDI and/or SSI). SVES replaces the paper transaction request, third party query (TPQY) between the state of Ohio and the SSA. The SSA limits use and disclosure of this SSA information.

(2) The Privacy Act of 1974, PL 93-579, (12/74), 88 Stat. 1896, 5 U.S.C. 522a, allows SSA to release information to ODJFS and CDJFS the county agency without a release of information from the beneficiary only as long as the information is for a "routine use" and for specified programs. Every use or disclosure of SSA information which is not routine or is not for an approved, specified program requires the prior written permission of the beneficiary or the SSA, respectively.

(a)    The routine uses and approved programs for RSDI information obtained

from the bendex system ("Beneficiary and Earnings Data Exchange") SSA are: to determine eligibility for and administer OWF, DFA, food stamps assistance, Title XX social services, Title IV-E, child support, and energy assistance.

(b)    The routine uses and approved programs for SSI benefits obtained from the state data exchange (SDX) and SVES SSA are: to determine eligibility for and administer OWF, food stamps assistance, DFA, energy assistance, Title XX social services, Title IV-E, child support, and interim assistance.

(G)    Disclosure, confidentiality, and physical safeguarding of SSA and internal revenue service (IRS) information

(1)     Whenever ODJFS or the CDJFS county agency discloses SSA information received from the SSA to someone who is not an employee of ODJFS or a CDJFS county agency, it must do so only for a routine use of an approved program. Additionally, it and must disclose only the information needed to accomplish the purpose of the routine use.

(2)   ODJFS may disclose SSA information to another state agency, provided it is for routine use for an approved program and only the needed information is disclosed.

(3)   Although ODJFS and the CDJFS may obtain SSA information without a release of information from the beneficiary, theyODJFS and/or the county agency must keep a record any every time they disclose this information received from SSA to anyone who is not an employee of ODJFS or a CDJFS. This is true even though county agency, even if the disclosure is for a routine use.

(a)   The required record of disclosure of SSA information must be kept in the individual case record and also in a central CDJFS county agency file.

(b)    The case record notation and the central file must contain the date of disclosure, the information disclosed, the purpose of the disclosure, and the person to whom the information was disclosed. For the case record, the CDJFS county agency must enter the notation about the disclosure. For the central file, the CDJFS county agency must maintain separate records, for each source of data disclosed.

(c)   The record of disclosure must be retained for five years or the life of the application, whichever is longer. The disclosure records are subject to

inspection by the SSA.

(4)    The IRS sends unearned income information received from 1099 forms filed with that agency to ODJFS regarding applicants and recipients of any of the programs listed in paragraph (A) of this rule. This federal tax information is displayed on the CRIS-E screen data exchange inquiry resource/unearned income (DERS).

(5)     Internal revenue code (IRC) section 6103 (amend. 1/04)C26 U.S.C. 6103 (1/07), allows the disclosure of tax return information to federal, state and local agencies by the IRS for use in their OWF temporary assistance for needy families and food stamp assistance programs. The return information is disclosed solely for the purpose of, and to the extent necessary in, determining eligibility for, or the correct amount of benefits under the specified programs.

(6)   IRS return information may not be disclosed to, exchanged with, or utilized by any other state agency. ODJFS and CDJFS county agency employees who are entitled to access tax return information generally must not disclose this information to any party outside the agency other than the taxpayer to whom the information relates or the taxpayer's duly appointed representative who has the explicit authority to obtain tax return information.

(7)   To the extent that disclosure of IRS information is necessary to verify eligibility for and the correct amount of benefits, including past benefits, such disclosure may be made only when there is no other means of verifying the unearned income information, and only to the extent necessary to verify the unearned income information.

(a)    All ODJFS and CDJFS county agency employees with access to IRS return information must shall have disclosure awareness training for safeguarding requirements and must be advised on an annual basis of IRS penalty provisions.

(b)   A permanent system of standardized record keeping must be maintained by the CDJFS county agency which documents requests for, and disclosure of return information. If redisclosure is authorized, the information disclosed outside the agency must be recorded on a separate list which reflects to whom the disclosure was made, what was disclosed, why and when it was disclosed.

(8)    ODJFS and the CDJFS county agency must physically protect SSA and IRS information from unauthorized access. The physical record number of SSA

and IRS information required to be safeguarded include, but are not limited to, the following:

(a)     Benefit earnings exchange record (BEER) information which contains federal wage information obtained from the SSA master earnings file;

(b)   IRS information return master file which contains returns filed by payers of income such as dividends, interest and retirement income.

(9)   ODJFS and the CDJFS county agency must:

(a)   Limit access to the data to only those employees and officials who need it to perform their official duties in connection with the approved programs.

(b)   Store data in an area that is physically safe from access by unauthorized persons.

(c)     Store and , process and use magnetic tapes, screen prints and any electronic data in CRIS-E or any other in any computer system used in such a way that information cannot be retrieved by unauthorized persons.

(d)   Advise all personnel who will have access to the data of the confidential nature of the information, the safeguards required, and the criminal and civil sanctions for noncompliance contained in federal and state statutes.

(e)   Permit the SSA and internal revenue service to make onsite inspections to ensure that adequate safeguards are being maintained.

(f)   Ensure that when during interactive interviews using the CRIS-E system occur in the presence of an assistance group member who is not the subject of the confidential information, the computer screen is adjusted in such a manner that the visual screen confidential information is not exposed to that any individual who is not the subject of the confidential information.

Effective:                                                     10/01/2010

R.C. 119.032 review dates:                         06/17/2010 and 10/01/2015

CERTIFIED ELECTRONICALLY

Certification

08/23/2010

Date

Promulgated Under:                           119.03

Statutory Authority:                           5101.27, 5101.28, 5101.30, 5101.99, 5107.05,

5108.02, 5115.04

Rule Amplifies:                                  5101.27, 5101.28, 5101.30, 5101.572

Prior Effective Dates:                         1/1/74, 1/1/76, 1/1/83, 10/1/84 (Emer.), 12/27/84,

7/1/85 (Emer.), 9/29/85; 1/18/86, 8/1/86 (Emer.),

10/3/86, 10/1/88 (Emer.), 12/20/88, 7/14/89 (Emer.),

10/1/89, 1/1/90 (Emer.), 3/22/90, 4/7/90, 10/1/90,

10/10/91 (Emer.), 12/20/91, 1/1/93, 1/1/94 (Emer.),

1/30/94, 1/1/96 (Emer.), 10/11/96 (Emer.), 11/1/96,

1/1/97, 7/1/97, 10/1/97 (Emer.), 12/30/97, 7/1/97,

7/1/98, 11/1/98, 7/1/99, 11/1/02, 4/1/03, 7/1/05