AGENDA STAFF REPORT

Agenda Item AGENDA STAFF REPORT ASR Control 19-000790
MEETING DATE:	09/10/19
legal entity taking action:	Board of Supervisors
board of supervisors district(s):	All Districts
SUBMITTING Agency/Department:	Social Services Agency (Approved)
Department contact person(s):	Alyson Piguee (714) 245-6190
	Grady Howe (714) 541-7469

Subject: 2019 Privacy and Security Agreements with the State of California

ceo CONCUR

County Counsel Review

Clerk of the Board

Concur

Approved Agreement to Form

Consent Calendar

3 Votes Board Majority

Budgeted: N/A

Current Year Cost: N/A

Annual Cost: N/A

Staffing Impact:

# of Positions:

Sole Source: No

Current Fiscal Year Revenue: N/A

Funding Source: N/A	County Audit in last 3 years: No

Prior Board Action: 4/11/2017 #11, 7/26/2016 #14

RECOMMENDED ACTION(S):

Authorize the Director of the Social Services Agency, or designee, to ratify the California Department of Social Services Privacy and Security Agreement in order to ensure the privacy and security of Social Security Administration, Medi-Cal Eligibility Data System and Applicant Income and Eligibility Verification System, effective September 1, 2019, through September 1, 2022.

Authorize the Director of the Social Services Agency, or designee, to ratify the Department of Health Care Services Privacy and Security Agreement in order to ensure the privacy and security of Social Security Administration, Medi-Cal Eligibility Data System and Applicant Income and Eligibility Verification System, effective September 1, 2019, through September 1, 2022.

Authorize the Director of the Social Services Agency, or designee, to ratify any additional documents that may be required by the California Department of Social Services or Department of Health Care Services in connection with the Privacy and Security Agreements.

SUMMARY:

Compliance with the California Department of Social Services and Department of Health Care Services Privacy and Security Agreements will ensure the security and privacy of Personally Identifiable Information contained in the Medi-Cal Eligibility Data System, the Applicant Income and Eligibility Verification System, data received from the Social Security Administration and other data sources used to administer public social services programs.

BACKGROUND INFORMATION:

The Social Services Agency (SSA) is requesting the Board of Supervisors’ (Board) approval to ratify the California Department of Social Services (CDSS) Privacy and Security Agreement (PSA) and the Department of Health Care Services (DHCS) PSA, both effective from September 1, 2019, through September 1, 2022. On August 6, 2019, SSA received an extension of 90 days to complete and submit the PSAs.

The Board previously approved the 2017 PSA with CDSS on April 11, 2017, for the period of July 10, 2017, through October 1, 2019. The Board also previously approved the 2016 PSA with DHCS on July 26, 2016, for the period of August 29, 2016, through September 1, 2019.

On June 20, 2019, CDSS issued All County Letter (ACL) No. 19-56 to notify County Welfare Directors of the requirement to sign and abide by the provisions of the new 2019 CDSS PSA. Additionally, on June 21, 2019, DHCS issued ACL No. 19-16 to notify County Welfare Directors of the requirement to sign and abide by the provisions of the 2019 DHCS PSA. The PSA specifies the term of the Agreement shall be September 1, 2019, through September 1, 2022. The purpose of the PSA between CDSS, DHCS and each county department respectively is to ensure the security and privacy of Personally Identifiable Information (PII) contained in the Medi-Cal Eligibility Data System (MEDS), Applicant Income and Eligibility Verification System (IEVS), data received from the Social Security Administration and other sources. Entering into the PSA with CDSS will ensure that SSA continues to receive transmission of MEDS, IEVS and Social Security Administration data used to administer CDSS programs.

The 2019 PSAs impose an extensive set of administrative, technical and physical security requirements on County agencies designed to ensure the security and privacy of PII contained in the MEDS, IEVS and in data received from the Social Security Administration. PII is directly obtained in the course of performing an administrative function through the MEDS or IEVS on behalf of these programs, which can be used alone or in conjunction with any other reasonably available information to identify a specific individual. PII includes any information that can be used to search for or identify individuals or can be used to access their files, including, but not limited to name, social security number, date and place of birth, mother’s maiden name, driver's license number or identification number. PII may also include any information that is linkable to an individual, such as medical, educational, financial and employment information. PII may be electronic, paper, verbal or recorded and includes statements made by, or attributed to, the individual.

Due to the delayed receipt of the PSA Agreements and notifications, SSA is submitting this item for your Board's approval after the effective date of the Agreements.

Subcontracts

These contracts do not currently include subcontractors or pass through to other providers. See Attachments G and H for Contract Summary Forms.

FINANCIAL IMPACT:

N/A

STAFFING IMPACT:

N/A

ATTACHMENT(S):

Attachment A - 2019 California Department of Social Services Privacy and Security Agreement
Attachment B - 2019 California Department of Social Services Privacy and Security Agreement (Redline)
Attachment C - 2019 Department of Health Care Services Privacy and Security Agreement
Attachment D - 2019 Department of Health Care Services Privacy and Security Agreement (Redline)
Attachment E - California Department of Social Services All County Letter No. 19-56
Attachment F - Department of Health Care Services All Welfare Directors Letter No. 19-16
Attachment G - Contract Summary Form (CDSS)
Attachment H - Contract Summary Form (DHCS)