Section 357.5 - Procedures for safeguarding information maintained by the New

357.5 Procedures for safeguarding information maintained by the New York State Department of Social Services, local social services districts and other authorized agencies. (a) Records containing individually identifiable information shall be marked "confidential" and kept in locked files or in rooms that are locked when the records are not in use.

(b) When in use, records shall be maintained in such a manner as to prevent exposure of individual identifiable information to anyone other than the authorized party directly utilizing the case record.

(c) No records shall be taken from the place of business without prior authorization by appropriate supervisory staff of the New York State Department of Social Services, the local social services district or other authorized agency.

(d) No records shall be taken home by agency staff except upon prior authorization by appropriate supervisory staff in order to perform a function which requires the possession of the records outside of the agency and where return of the records to the agency at the close of business would result in an undue burden to the staff. In those cases where records are taken home by staff, the records are to be maintained in a secure location and are not to be disclosed to anyone other than those expressly authorized by statute or regulation. The records are to be returned to the agency by staff on the following business day.

(e) Records shall be transmitted from one location to another in sealed envelopes stamped "confidential," and a receipt shall be obtained documenting delivery of said records.

(f) Interviews with clients shall be conducted at a location and in a manner which maximizes privacy.

(g) Employees of the New York State Department of Social Services, the local social services district or the other authorized agency, consistent with applicable statute and regulation, shall have access to individual identifiable information only where the employee's specific job responsibilities cannot be accomplished without access to individual identifiable information.

 

Doc Status: 
Complete