0107.000.00 OFFICE PROCEDURES

IM-16 February 23, 2012

This section outlines various office procedures each Family Support Division Income Maintenance (FSD-IM) office must follow.

0107.005.00 STANDARD VISITOR LOG

IM-38 April 25, 2012, IM-16 February 23, 2012

All Family Support Division Income Maintenance (FSD-IM) facilities must use a Standard Visitor Log to validate all visitors to their facility. Section 4.3.2 (Controlling Physical Access to Federal Tax Information (FTI)) of the Internal Revenue Service Publication 1075 each facility containing Federal Tax Information (FTI) must have a visitor log to authenticate visitors before authorizing access to the facility.

A visitor for the purpose of this log is defined as anyone other than an employee of the State of Missouri who is housed in the facility or who has assigned responsibilities within the facility.

Only visitors, who meet this definition and enter an area of the facility where Federal Tax Information (FTI) is accessible, either by paper or electronically, must sign the Standard Visitor Log. Waiting areas and restrooms are not considered as areas that contain FTI and patrons who access only these areas of the facility do not need to sign the Standard Visitor Log. See Section 0107.005.05 Authorized Access List for information regarding regular visitors, who are not housed in the facility or who do not have assigned responsibilities within the facility, but have access to areas that contain FTI.

The Standard Visitor Log must be kept at the main entrance of each office and completed by anyone who is not an employee in that office. Each FSD-IM office must use the Standard Visitor Log. A designated official or designee within the office, such as the County Manager, must review the Standard Visitor Log quarterly to ensure the Standard Visitor Log maintains the appropriate information for all visitors.

The log contains the:

0107.005.05 Authorized Access List (AAL)

IM-38 April 25, 2012

An Authorized Access List (AAL) can be maintained for individuals who have a frequent and continuing need to enter areas containing federal tax information (FTI), but are not assigned to the area (i.e. vendors, cleaning crew, etc.).

The Authorized Access List should contain the following information:

Each month a new AAL should be posted at the front desk and those individuals should be required to sign-in on their first visit of the month. They should not be required to make an entry in the Standard Visitor Log or on the AAL on recurring visits during the month.

If identity is in question of any individual, the entry control clerk (receptionist) should verify the identity prior to permitting entry to the facility.

0107.010.00 TRANSMITTING PROTECTED INFORMATION

IM-#29, April 9, 2015, IM-16 February 23, 2012

Per Policy 2-119 Confidentiality, each DSS employee is responsible for protecting the confidentiality of information and records within his/her control, and may only release information to authorized agencies or individuals as provided for by law or DSS policy. The following sections describe methods staff must use in order to protect confidential personal information when transmitting to other authorized users of this information.

0107.010.05 EMAIL POLICY

IM-#29, April 9, 2015, IM-38 April 25, 2012, IM-16 February 23, 2012

Email is not a secure method of transmitting information. Email containing information of a confidential or sensitive nature must contain the following statement: “This communication is being transmitted by the Department of Social Services (DSS) and is confidential, privileged, and intended only for the use of the recipient named above. If you are not the intended recipient, unauthorized disclosure, copying, distribution or use of the contents is strictly prohibited. If you have received this in error, please notify the sender and destroy the material received.”

Transmitting information of a confidential or sensitive nature (i.e. Federal Tax Information (FTI), Protected Health Information (PHI), Personal Identifying Information (PII) such as SSN or DCN, etc.) via email to entities that do not have a mo.gov email address is only permitted if the email is encrypted. To encrypt an email and with or without attachments, type the following somewhere in the subject line: [encrypt].

When an email is sent using [encrypt] in the subject line, it will require decryption by the recipient of the email. Upon receiving and opening a DSS encrypted email the message instructs the recipient to open the attachment called “SecureMessageAtt.html”. When the recipient opens the attachment, they are prompted to click a button to read the message. The first time a recipient opens an encrypted message sent using the Proofpoint email encryption system, they are prompted to register with the Proofpoint email encryption system. This is a one-time registration process and is required to view the encrypted message. Detailed instructions to send or open, and to register to receive encrypted emails can be found at http://dss.mo.gov/encrypt.htm. DSS staff are encouraged to share this information with email recipients prior to sending an encrypted email.

Persons who are not State employees using a non-State email account will have the capability to send a secure email to FSD staff by following “Instruction #3: How DSS clients, business partners and end-users can send an encrypted email to DSS” found at http://dss.mo.gov/encrypt.htm.

Generally, federal tax information should not be transmitted by email. Protected information, including federal tax information, must not be transmitted by email outside of the DSS, either in the body of an email or as an attachment.

If protected information must be sent by email, staff may only send via the DSS internal email system and must ensure:

0107.010.10 FAX POLICY

IM-#104, July 28, 2017

When sending information of a confidential or sensitive nature (i.e. Federal Tax Information (FTI), Protected Health Information (PHI), Personal Identifying Information (PII) such as SSN or DCN, etc.) via facsimile to authorized persons, staff must:

0107.010.15 MAIL POLICY

IM-#29, April 9, 2015

The designee of the office sending protected information must determine the appropriate container for the materials to be sent.

If the protected material is mailed in an envelope:

If the protected material is mailed in a box:

The designee of the office receiving the protected material must safeguard the protected material immediately upon receipt.