5101:1-1-03 Disclosure of recipient information, nondiscrimination, and treatment of information received from the internal revenue service and social security administration.
5101:1-1-03 Disclosure of recipient information, nondiscrimination, and treatment of information received from the
IRSinternal revenue service and social security administration.(A) Confidential records
All information and records concerning a recipient of disability financial assistance (DFA) pursuant to Chapter 5115. of the Revised Code, Ohio works first (OWF) pursuant to Chapter 5107. of the Revised Code, and prevention, retention and contingency (PRC) pursuant to Chapter 5108. of the Revised Code are confidential. No information or records regarding applicants, recipients, or former recipients of any of the programs listed in this paragraph is to be released to anyone except as provided in sections 5101.27 and 5101.28 of the Revised Code, including an entity administering a program assisting needy individuals with the costs of public utility services or as otherwise delineated in this rule pursuant to section 5101.30 of the Revised Code.
(B) Allowable disclosure of information
In accordance with
sectionsections 5101.27, 5101.28 and 5101.30 of the Revised Codeand in addition to sections 5101.27 and 5101.28 of the Revised Code, recipient information and records for any of the programs identified in paragraph(A) of this rule may be released to the following entities identified in paragraphs (B)(1) to (B)
(10)(9) of this rule. However, only the minimum information or records necessary to fulfill the need for the sharing of informationas allowed bythis rule mayshall bereleased:released.(1) A provider of services or assistance connected with the programs identified in paragraph (A) of this rule. Access to information under this paragraph is limited to information that is essential for the provider to render or bill for services or assistance
or to bill for services or assistance rendered. Providersreceiving this information mayshall not use this information except for the purpose set out in this paragraph and are subject to penalties set out in section5101.99 of the Revised Code for unauthorized use of the information.
(2) Any private contractor, grantee, or other state or county entity, performing administrative or other duties on behalf of the Ohio department of job and family services (ODJFS) or a county
department of job and family services(CDJFS)agency when in compliance with paragraphs (B)(3)(2)(a) to (B)(3)(d)(2)(c) of this rule. Access under this paragraph includes but is not limited to exchange of information pursuant to section 307.987 of the Revised Code. Informationthat can be accessed under this paragraphis limited only to information needed for completion of the administrative or other duties on behalf of ODJFS orCDJFSthe county agency:(a) There must be a signed, written agreement with the contractor, grantee, or entity, that establishes the purpose and scope of duties to be performed for ODJFS or
CDJFSthe county agency.(b) The agreement shall contain language that the contractor, grantee, or entity
mayshall not use the information received pursuant to the agreement for purposes other than those set out in the written agreement.(c) The agreement shall include language which establishes that the contractor, grantee, or entity is bound by relevant Ohio confidentiality laws and ODJFS rules; and, that disclosure of the information by the contractor, grantee, or entity in a manner not authorized by the
rulesRevised Code or Administrative Code is a breach of the contract andaviolation of sections 5101.27 andsubject to penalties set forth in section5101.99 of the Revised Code.
(3)
An employer for purposes of claiming tax credit under Public Law 94-12, theTax Reduction Act of 1975 or claiming some other type of payment from anygovernmental entity in connection with a program that provides payments toemployers for hiring and employing public assistance recipients. Anemployer may access only the recipient information that is essential forclaiming the tax credit or payment. Use of the recipient information by theemployer shall be only for the purpose set out in this paragraph andunauthorized use of the information shall be subject to penalties set out insection 5101.99 of the Revised Code.(4)(3) Any state licensing or certification authority while performingtheirits statutory duties of conducting or assisting with investigations, prosecution or civil or criminal proceedings against medicaid providers, provided that any such licensing or certification authority agrees to be bound by the same rules and regulations regarding recipient confidentiality that binds ODJFS. To ensure agreement of confidentiality, these information requests and responses will be conducted solely between the requesting authority and the appropriate office within ODJFS.(5)(4) A county child support enforcement agency(CSEA)when requesting relevant information needed to secure child support pursuant to rule 5101:1-3-10 of the Administrative Code.(6)(5) State and local offices of women, infants and children(WIC), child and family health services(CFHS), and the children with medical handicaps program(CMH). The information shared is limited to eligibility informationfor specific individuals or assistance groups receiving these services
fromWIC, CFHS and/or CMH.(7)(6)PublicA public children servicesagencies (PCSAs)agency (PCSA) when theCDJFScounty agency is to report known or suspected instances of child abuse and neglect of a child receiving OWF, PRC or DFA or when the PCSA needs information in order to conduct an assessment/ or investigation of a report of alleged child abuse or neglect, asdelineatedset forth in rule5101:2-39-515101:2-33-28 of the Administrative Code. Instances of abuse and neglect situations exist when a child experiences physical or mental injury, sexual abuse, or exploitation, or negligent treatment or maltreatment under circumstances which indicate that the child's health or welfare is threatened.(7) To the extent permitted by federal law, the ODJFS and county agencies shall provide information, except information directly related to the receipt of medical assistance or medical services, regarding recipients of public assistance under a program administered by the ODJFS or a county agency pursuant to Chapter 5107., 5108., or 5115. of the Revised Code to law enforcement agencies upon request for the purposes of investigations, prosecutions, and criminal and civil proceedings that are within the scope of the law enforcement agencies' official duties.
(8) Information about a recipient shall be exchanged, obtained, or shared only if ODJFS, the county agency, or law enforcement agency requesting the information gives sufficient information to specifically identify the recipient. In addition to the recipient's name, identifying information may include the recipient's current or last known address, social security number, other identifying number, age, gender, physical characteristics, any information specified in an agreement entered into under section 5101.28 of the Revised Code, or any information considered appropriate by ODJFS or the county agency.
(C) Requirements regarding protection of the recipient's right to control personal data
The following requirements must be explained at the time of application for assistance or services and are included to protect the recipient's right to control personal data.
(1) Whenever a recipient of any of the programs identified in paragraph (A) of this rule is asked to supply personal data to the
CDJFScounty agency or ODJFS, the legal requirements for providing or not providing such data must be explained to him.(2) Upon the request of any recipient of any of the programs identified in paragraph
(A) of this rule, the
CDJFScounty agency must make all data collected about that individual available to the individual. Medical, psychiatric or psychological information may not be released to the individual or his legal guardian if theCDJFScounty agency has reason to believe that its release may have anaverseadverse effect on the individual.If the
CDJFScounty agency has reason to believe that the release of medical, psychiatric or psychological information may have an adverse effect, theCDJFScounty agency shall release this information to a physician, psychiatrist or psychologist designated by the individual. Once the individual provides expressed and informed consent, theCDJFScounty agency will send this information to the designated medical provider. The medical provider will then determine whether the information should be disclosed to the recipient.In addition, the agency must supply an interpretation of the data if it is not readily understandable. If the individual feels that the data is incomplete or inaccurate, the individual has the right to include additional information in the individual's files.
(3) Upon any request for individual data through compulsory legal process, the recipient of any program identified in paragraph (A) of this rule, must be immediately informed of such request. In addition, the department must inform the court of the statutory and regulatory provisions against disclosure of information, if state or federal law precludes the release of the information. If the court still seeks the information, and if the information is not protected by any other privilege recognized by law, the county agency will furnish the specified information to the court itself along with ODJFS policies for safeguarding that information. At the same time, the county agency must notify the individual that the information has been furnished to the court and must supply duplicate copies to that individual of the information so furnished.
(4) Pursuant to division (D) of section 5101.27 of the Revised Code, ODJFS and the
CDJFScounty agency may release information about a recipient of any of the programs listed in paragraph (A) of this rule, if the recipient gives voluntary, written consent in compliance with section 5101.27 of the Revised Code.(D) Nondiscrimination
CDJFS areThe county agency is responsible forrenderingproviding assistance without discrimination on account of race, color, religion, national origin, gender,sexual orientation, disability, age or political beliefs, in a manner consistent with the
United States constitution, Social Security Act (1952), Civil Rights Act (1964),and the Constitution of the state of Ohio, and policies of ODJFSall federal and state laws relating to non-discrimination.(E) Release of information
A signed JFS 07341 "Applicant/Recipient Authorization for Release of Information" (rev.
10/0104/2004) shall be obtained whenever theCDJFScounty agency requests information from a third party. TheCDJFScounty agency shall use the JFS 03397 "Authorization for the Release or Use of Protected Health Information (PHI)" (rev.4/0407/2003) when the information is medical in nature or the JFS 06907 "LEAP-Learning, Earning, and Parenting Program School Information Release Form" (rev. 8/032003) when requesting attendance and educational information for LEAP program participants. A copy of any signed release must be included in the individual's file.(F) Confidentiality requirements for information from the social security administration (SSA)
(1) The SSA sends information to the ODJFS about retirement, survivors and disability insurance (RSDI)
(SSA retirement, survivors, disability, and healthinsurance)and supplemental security income (SSI) beneficiaries who are an applicant for or recipients of any of the programs listed in paragraph (A) of this rule.ODJFS displays this information to the CDJFS using the CRIS-Edata exchange screens, DEBB (RSDI) and DESX (SSI). The ODJFS stateverification and exchange system (SVES) provides electronic interface withthe SSA. The interface allows the transfer of Title II (SSA retirement,survivors, disability, and health insurance benefits), Title XVI (supplementalsecurity income), and benefit earnings exchange record (BEER) informationabout employment (whether or not the individual is a participant of RSDIand/or SSI). SVES replaces the paper transaction request, third party query(TPQY) between the state of Ohio and the SSA.The SSA limits use and disclosure of this SSA information.(2) The Privacy Act of 1974, PL 93-579, (12/74), 88 Stat. 1896, 5 U.S.C. 522a, allows SSA to release information to ODJFS and
CDJFSthe county agency without a release of information from the beneficiary only as long as the information is for a "routine use" and for specified programs. Every use or disclosure of SSA information which is not routine or is not for an approved, specified program requires the prior written permission of the beneficiary or the SSA, respectively.(a) The routine uses and approved programs for RSDI information obtained
from
the bendex system ("Beneficiary and Earnings Data Exchange")SSA are: to determine eligibility for and administer OWF, DFA, foodstampsassistance, Title XX social services, Title IV-E, child support, and energy assistance.(b) The routine uses and approved programs for SSI benefits obtained from
the state data exchange (SDX) and SVESSSA are: to determine eligibility for and administer OWF, foodstampsassistance, DFA, energy assistance, Title XX social services, Title IV-E, child support, and interim assistance.(G) Disclosure, confidentiality, and physical safeguarding of SSA and internal revenue service (IRS) information
(1) Whenever ODJFS or the
CDJFScounty agency discloses SSA information received from the SSA to someone who is not an employee of ODJFS or aCDJFScounty agency, it must do so only for a routine use of an approved program. Additionally, itand must disclose only the information needed to accomplish the purpose of the routine use.(2) ODJFS may disclose SSA information to another state agency, provided it is for routine use for an approved program and only the needed information is disclosed.
(3)
Although ODJFS and the CDJFS may obtain SSA information without a releaseof information from the beneficiary, theyODJFS and/or the county agency must keep a recordanyevery time they disclosethisinformation received from SSA to anyone who is not an employee of ODJFS or aCDJFS. This istrue even thoughcounty agency, even if the disclosure is for a routine use.(a) The required record of disclosure of SSA information must be kept in the individual case record and also in a central
CDJFScounty agency file.(b) The case record notation and the central file must contain the date of disclosure, the information disclosed, the purpose of the disclosure, and the person to whom the information was disclosed. For the case record, the
CDJFScounty agency must enter the notation about the disclosure. For the central file, theCDJFScounty agency must maintain separate records, for each source of data disclosed.(c) The record of disclosure must be retained for five years or the life of the application, whichever is longer. The disclosure records are subject to
inspection by the SSA.
(4) The IRS sends unearned income information received from 1099 forms filed with that agency to ODJFS regarding applicants and recipients of any of the programs listed in paragraph (A) of this rule.
This federal tax information isdisplayed on the CRIS-E screen data exchange inquiry resource/unearnedincome (DERS).(5)
Internal revenue code (IRC) section 6103 (amend. 1/04)C26 U.S.C. 6103 (1/07), allows the disclosure of tax return information to federal, state and local agencies by the IRS for use in theirOWFtemporary assistance for needy families and foodstampassistance programs. The return information is disclosed solely for the purpose of, and to the extent necessary in, determining eligibility for, or the correct amount of benefits under the specified programs.(6) IRS return information may not be disclosed to, exchanged with, or utilized by any other state agency. ODJFS and
CDJFScounty agency employees who are entitled to access tax return information generally must not disclose this information to any party outside the agency other than the taxpayer to whom the information relates or the taxpayer's duly appointed representative who has the explicit authority to obtain tax return information.(7) To the extent that disclosure of IRS information is necessary to verify eligibility for and the correct amount of benefits, including past benefits, such disclosure may be made only when there is no other means of verifying the unearned income information, and only to the extent necessary to verify the unearned income information.
(a) All ODJFS and
CDJFScounty agency employees with access to IRS return informationmustshall have disclosure awareness training for safeguarding requirements and must be advised on an annual basis of IRS penalty provisions.(b) A permanent system of standardized record keeping must be maintained by the
CDJFScounty agency which documents requests for, and disclosure of return information. If redisclosure is authorized, the information disclosed outside the agency must be recorded on a separate list which reflects to whom the disclosure was made, what was disclosed, why and when it was disclosed.(8) ODJFS and the
CDJFScounty agency must physically protect SSA and IRS information from unauthorized access. The physical record number of SSAand IRS information required to be safeguarded include, but are not limited to, the following:
(a) Benefit earnings exchange record
(BEER)information which contains federal wage information obtained from the SSA master earnings file;(b) IRS information return master file which contains returns filed by payers of income such as dividends, interest and retirement income.
(9) ODJFS and the
CDJFScounty agency must:(a) Limit access to the data to only those employees and officials who need it to perform their official duties in connection with the approved programs.
(b) Store data in an area that is physically safe from access by unauthorized persons.
(c) Store
and, process and use magnetic tapes, screen prints and any electronic datain CRIS-E or any otherin any computer systemusedin such a way that information cannot be retrieved by unauthorized persons.(d) Advise all personnel who will have access to the data of the confidential nature of the information, the safeguards required, and the criminal and civil sanctions for noncompliance contained in federal and state statutes.
(e) Permit the SSA and internal revenue service to make onsite inspections to ensure that adequate safeguards are being maintained.
(f) Ensure that
whenduring interactive interviewsusing the CRIS-E systemoccur in the presence of an assistance group member who is not thesubject of the confidential information, the computer screen is adjustedin such a manner that the visual screenconfidential information is not exposed tothatany individual who is not the subject of the confidential information.Effective: 10/01/2010
R.C. 119.032 review dates: 06/17/2010 and 10/01/2015
CERTIFIED ELECTRONICALLY
Certification
08/23/2010
Date
Promulgated Under: 119.03
Statutory Authority: 5101.27, 5101.28, 5101.30, 5101.99, 5107.05,
5108.02, 5115.04
Rule Amplifies: 5101.27, 5101.28, 5101.30, 5101.572
Prior Effective Dates: 1/1/74, 1/1/76, 1/1/83, 10/1/84 (Emer.), 12/27/84,
7/1/85 (Emer.), 9/29/85; 1/18/86, 8/1/86 (Emer.),
10/3/86, 10/1/88 (Emer.), 12/20/88, 7/14/89 (Emer.),
10/1/89, 1/1/90 (Emer.), 3/22/90, 4/7/90, 10/1/90,
10/10/91 (Emer.), 12/20/91, 1/1/93, 1/1/94 (Emer.),
1/30/94, 1/1/96 (Emer.), 10/11/96 (Emer.), 11/1/96,
1/1/97, 7/1/97, 10/1/97 (Emer.), 12/30/97, 7/1/97,
7/1/98, 11/1/98, 7/1/99, 11/1/02, 4/1/03, 7/1/05
Document Information
- Effective Date:
- 10/1/2010
- File Date:
- 2010-08-23
- Last Day in Effect:
- 2010-10-01
- Five Year Review:
- Yes
- Rule File:
- 5101$1-1-03_PH_FF_A_RU_20100823_1340.pdf
- Related Chapter/Rule NO.: (1)
- Ill. Adm. Code 5101:1-1-03. Disclosure of recipient information, nondiscrimination, and treatment of information received from the internal revenue service and social security administration