Medi-Cal Personal Identifiable Information (PII)

Federal law requires that a Medi-Cal client’s Personal Identifiable Information (PII) be protected and secured. As such, the California DHCS and the County of Santa Clara have entered into a “Medi-Cal Data Privacy and Security Agreement.”

All information, whether written or oral, of any individual for whom or about whom information is obtained is confidential and must be safeguarded.

Privacy and Confidentiality

Client’s information, such as name, social security number, date of birth, driver’s license or identification number, and address are confidential and shall be safeguarded.

County workers must only use or disclose client information to perform their official job-related functions.

Unauthorized disclosure is a violation of the Welfare & Institutions Code, Section 14100.2, and County Policy and is subject to disciplinary action, as well as civil and criminal sanctions.

MEDS Privacy and Confidentiality

Staff is not to share their MEDS password or User Name with anyone. Passwords must be changed immediately if revealed.

Any suspected unauthorized use of an ID or password is to be reported to the Supervisor/Manager immediately.

Any unauthorized release of confidential information will be subject to civil and criminal sanctions.

CalSAWS Privacy and Confidentiality

All CalSAWS information is confidential and must not be disclosed. Unauthorized disclosure is a violation of County Policy and a violation of law.

Information may not be accessed unless there is a legitimate business need to do so. Information may not be disclosed to anyone who does not have a legitimate business need to receive it.

Computer Security Safeguards

The “Send Secure” e-mail option must always be used in Outlook when sending messages containing information to recipients outside of our Agency. Staff must ensure that data is encrypted when using Removable Media (Jump Drives/CD/USB) to transport client information.

Staff must always log off or lock the computer (using CTRL+Alt+Delete) when away from the workstation, to avoid unauthorized access.

Physical Security

All client information must be stored in an area that is physically safe from access by unauthorized persons during working and non-working hours.

County workers must wear their identification badges at all times.

Paper Control Documents

All paperwork containing the client’s information must be discarded in the locked bins located throughout the offices. The locked bins are emptied by the document destruction vendor on a weekly basis.

Staff is not to take any paperwork and/or file containing client’s information outside the Agency except for identified routine/approved business purposes (i.e., home visit).

Faxes and copies containing client information must be promptly picked up from fax machines, as well as printers and copiers.

Client information must NEVER be left unattended at any time.

Miscellaneous

Client’s names or personal information is NEVER to be discussed with co-workers not associated with the case, friends, or family members. Staff is to avoid discussions involving personally identifiable information in hallways or public places.

Note: Persons receiving faxes containing client information in error must be notified to destroy them immediately.