Securing System and Workspace Information 448-01-25-15-15

(Revised 5/1/2019 ML #3546)

View Archives

 

 

Federal and State regulations require information stored in the computer systems and at your workspace be kept secure. The following requirements must be followed to ensure the security of this information:

 

• When leaving your workspace for any reason, secure your computer by activating the password-protected screen saver or logging off.

 

• When leaving your workspace, place confidential information in a secure area.

 

• Do not share passwords with co-workers.

 

• Keep passwords secure.

 

• Position your monitor so it cannot be easily viewed or turn it off to avoid displaying sensitive information to unauthorized personnel.

 

• Do not leave confidential information where unauthorized personnel can view it.

 

• Ensure your workspace is secure before leaving during an evacuation or emergency, such as fire, tornado, or flood.

 

• Save information to an appropriate network drive if available. Information stored in the network is backed-up.

 

• Shred or burn sensitive information in accordance with office procedures.

 

• Promptly report any virus activity to your computer technician.

 

• Close all programs and properly shut down your computer at the end of each day.
  
  

• If you are working at home or use a dial-up environment, you are prohibited from using a recording, taking pictures of, or capturing screen shots of any FTI or SSA provided information, including but not limited to cell phones, tablets, laptops, video cameras, security cameras, family members with access to workstations that could view personally identifiable information (PII).

 

• Each time an e-mail containing client information (e.g. name, social security number) is sent, it must include one of the following disclaimers and the subject line of the email should not include client identifying information:

 

• General Disclaimer

 

-----------Confidentiality Statement-----------

This transmission is intended only for the use of the individual to whom it is addressed and may contain information that is made confidential by law. If you are not the intended recipient, you are hereby notified any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please respond immediately to the sender and then destroy the original transmission as well as any electronic or printed copies. Thank you.

 

• Drug and Alcohol Disclaimer

 

-----------Confidentiality Statement-----------

This transmission is intended only for the use of the individual to whom it is addressed and may contain information that is made confidential by law. If you are not the intended recipient, you are hereby notified any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please respond immediately to the sender and then destroy the original transmission as well as any electronic or printed copies. Thank you.

 

This notice accompanies a disclosure of information concerning a client in alcohol or drug treatment, made to you with the consent of such a client. This information has been disclosed to you from records protected by Federal confidentiality rules (42 C.F.R Part 2). The Federal rules prohibit you from making any further disclosure of this information unless further disclosure is expressly permitted by the written consent of the person to whom it pertains or as otherwise permitted by 42 C.F.R. Part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. The Federal rules restrict any use of the information to criminally investigate or prosecute any alcohol or drug abuse patient.

• Any suspicious activity must be reported to the Information Technology Services Division in the Department.

 

Controlling Access to Areas Containing Federal Tax Information (FTI)

The director or designee shall maintain an authorized list of all personnel who have access to information system areas where these systems contain FTI. This shall not apply to those areas within the facility officially designated as publicly accessible.

 

Each agency shall control physical access to the information systems that display FTI information or where FTI is processed to prevent unauthorized individuals from observing the display output.

 

Each agency shall position information system components within the facility to minimize potential damage from physical and environmental hazards and to minimize the opportunity for unauthorized access.

 

• Whenever cleaning and maintenance personnel are working in restricted areas containing FTI, the cleaning and maintenance activities must be performed in the presence of an authorized employee if the area includes access to casefiles or computers where FTI is housed.

 

• Allowing an individual to “piggyback” or “tailgate” into a restricted locations should be prohibited and documented in agency policy. The agency must ensure that all individuals entering an area containing FTI do not bypass access controls or allow unauthorized entry of other individuals.

 

• Unauthorized access should be challenged by authorized individuals (e.g., those with access to FTI). Security personnel must be notified of unauthorized piggyback/tailgate attempts.