DATE: April 11, 2023
TO: Board of Supervisors
SUBMITTED BY: Sanja Bugay, Director, Department of Social Services
SUBJECT: Retroactive Amendments to Agreements for Medi-Cal Privacy and Security and Data Privacy and Security
RECOMMENDED ACTION(S):
TITLE
1. Approve and authorize the Chairman to execute a retroactive first Amendment to Agreement with the California Department of Health Care Services, to extend the term by one year from February 28, 2023 through March 1, 2024 or upon a successor Agreement is executed, whichever occurs first ($0).
2. Approve and authorize the Chairman to execute a retroactive first Amendment to Agreement with the California Department of Social Services, to extend the term by one year from February 28, 2023 through March 1, 2024 or until a successor Agreement is executed, whichever occurs first ($0).
REPORT
Approval of the recommended actions will ensure the Department of Social Services (DSS) has continued access to sensitive and confidential Personally Identifiable Information (PII) obtained for the administration of Social Services programs and obligates the DSS to safeguard the PII obtained from the Department of Social Security Administration (SSA), Medi-Cal Eligibility Data System (MEDS), and the Applicant Income and Eligibility Verification System (IEVS), with no Net County Cost. This item is countywide.
ALTERNATIVE ACTION(S):
There is no viable alternative actions. Should your Board elect not to approve the recommended actions, it would result in the DSS losing access to information required to administer essential Social Services programs.
RETROACTIVE AGREEMENT:
The recommended amendments are retroactive to March 1, 2023 due to a delay in obtaining the amendments from the state partners. The DHCS amendment was received on November 30, 2022 and the CDSS amendment was received on February 16, 2023. DSS intended to send these amendments simultaneously, however, the amendment was delayed to add the CDSS amendment once it received. The Privacy and Security Agreements are required by the state partners to comply with the data sharing requirements. As the amendment did not include an effective date, it will become effective once signed by both parties.
FISCAL IMPACT:
There is no Net County Cost associated with the recommended actions.
DISCUSSION:
On November 15, 2016, your Board approved the agreement with DHCS for Medi-Cal Privacy and Security, and on May 2, 2017, your Board approved the agreement with CDSS for Data Privacy and Security. The purpose of these agreements was to ensure the security and privacy of Medi-Cal Eligibility Data System (MEDS), the Applicant Income and Eligibility Verification System (IEVS), and in data received from the Social Security Administration (SSA) and other sources.
To administer social service programs, DSS utilizes SSA, MEDS, IEVS, and other confidential data for client benefit determinations. DSS is required to safeguard client data through a variety of personnel, physical, technical, and administrative controls. DSS has extensive protocols in place as well as reporting mandates in case of a breach of protected information.
PII is information that can be used alone, or in conjunction with any other reasonably available information, to identify a specific individual. PII includes but is not limited to an individual’s name, Social Security Number, driver’s license number, identification number, biometric records, date of birth, place of birth, or mother’s maiden name. PII may be electronic, paper, verbal, or recorded.
With the difference being the programs administered by each agency, the DHCS and CDSS amendments closely resemble each other. The recommended DHCS amendment applies to information obtained in the course of administering the Medi-Cal program while the recommended CDSS amendment applies to information obtained in the course of administering the other eleven Social Services programs.
This amendment will allow DHCS and CDSS more time to finalize the renewal of Privacy and Security with the County Welfare Directors Association (CWDA) and its county partners. Therefore, the amendment is not effective until it has been signed by the Counties and state partners. DHCS and CDSS have indicated they understand counties have lengthy processes to approve these amendments, therefore the timeline to execute these amendments after March 1, 2023 is acceptable to the state partners.
Both the DHCS and CDSS amendments deviate from the standard County agreement template, as they were drafted by the respective agencies.
With your Board’s approval, the recommended amendments will be retroactive to March 1, 2023 and sent to DHCS and CDSS for their signature and execution.
REFERENCE MATERIAL:
BAI #47, August 20, 2019
ATTACHMENTS INCLUDED AND/OR ON FILE:
On file with Clerk - Amendment to agreement with DHCS
On file with Clerk - Amendment to agreement with CDSS
CAO ANALYST:
Ronald Alexander