TO: Each Local Office FSM-07-10-39
FROM: Cathy G. Mobley
Interim Director
DATE: October 3, 2007
SUBJECT: IRS Safeguarding Issues
The Internal Revenue Service (IRS) requires that certain measures be taken to protect or safeguard confidential information. The Cabinet for Health and Family Services is responsible for reporting to the IRS annually regarding the Cabinet’s compliance with these safeguarding requirements. As a result the following procedures were developed. You can help avoid future confidentiality violations by following these procedures, which supersede any previous guidelines issued concerning safeguarding IRS information.
I. General Safeguarding Procedures
A. Limit access to the case record and other recipient-related information:
1. Store all case records and recipient information in locked file cabinets in a secure location (locked file cabinet in a locked room, when possible) when not working on them;
2. Do not leave case records on chairs, the floor, the top of file cabinets, etc.
3. Secure case records when absent from your desk; and
4. Ensure that all records are inaccessible before leaving the office.
B. Minimize public access to confidential information:
1. Secure work areas against unauthorized and unsupervised access;
2. Ensure that during an interview, only the case record pertinent to that individual is visible on your desktop or surrounding areas;
3. Ensure that computer terminals only display information related to that individual during interviews; and
4. Sign off or lock computer terminals when not in use or leaving your work area.
C. Keep mailed information secure:
1. Check mail trays for recipient information regularly; and
2. Do not leave recipient information in mail trays overnight.
FSM-07-10-39
October 3, 2007
Page 2
D. Properly dispose of case record material and other recipient information as follows:
1. Shred the material into 5/16 inch or smaller strips; or
2. Place in a designated box:
a. Seal the designated boxes and store in a secure location, preferably one which can be locked; and
b. Complete the Certificate of Disposal form.
E. Staff should take whatever precautions necessary to protect information that must be safeguarded, such as the following:
1. All Federal Tax Information – including Batch Match, IEVS, BENDEX, and any other information that comes from the IRS.
2. Any material containing an individual's Social Security Number, such as case records must be safeguarded.
The attached form should be placed in those file drawers or locked boxes (with the double barrier security) where any potential Federal Tax Information (FTI) is held. It should be placed on top of the records in the file so that it is visible by anyone who looks at those records.
The form should not be placed in or on all the file cabinets because they should have already been purged of potential FTI. (The process of purging all files was to have been completed by 8/1/2006.)
II. Procedures for Safeguarding IRS Information - Batch Match
A. When an IRS hit is received on the computer, complete form PAFS-7, Notification of Appointment/Request for Verification, to schedule an appointment for the recipient to come in for an interview and/or provide verification of the income or items in question. You must NOT print the screen or mention IRS in this letter or in any comments in the case.
B. The original PAFS-7 is mailed to the recipient. A copy of PAFS-7 must be kept in a locked file cabinet or locked box designated for the office/unit’s PAFS-7. DO NOT FILE FORM PAFS-7 IN CASE RECORDS.
C. The locked file cabinet or box for the PAFS-7 must be stored in a locked room. If a locked file cabinet in a locked room is not possible for a unit/office, then a locked box in a locked file cabinet or locked desk is another possible solution to meeting the IRS’s requirement of two barrier
FSM-07-10-39
October 3, 2007
Page 3
security. There should be limited access to the files. Designate one person as the responsible party for the locked file and a backup. A log should be kept that includes the date, case name and number of each PAFS-7 and who accessed the file. The log should be kept in the locked file.
D. If verification is returned concerning the request made on form PAFS-7 and there is not a claim established, file the information in the PAFS-7 file cabinet with the PAFS-7. Allowable comments in the case concerning the resolution of the hit would be “Batch Match hit dated ‘mm/dd/yyyy’ resolved, information filed in PAFS-7 files.”
E. If verification returned as a result of the request indicates the need for establishing a claim, follow normal procedures in establishing a claim. Form PAFS-7 and the procedural instructions have been revised to reflect these changes. Staff are not to use form PAFS-18 to obtain verification of IRS information, only form PAFS-7.
III. Procedures for BENDEX information
A. Do not file any BENDEX information in the case record.
B. Document in the case comments the income amount was verified by inquiry on mo/day/year.
C. If it is ever necessary to print and keep any BENDEX screen information, the same procedures specified under item II above for Batch Match information must be followed. Any BENDEX information must be stored under two barrier security. The case record may only reference where verification documentation is filed.
IV. Purging IRS Federal Tax Information Found in Case Records
Case records cannot contain any BENDEX information, IEVS information, and KASES screens containing IRS data.
A. Check all active and inactive case records for any BENDEX information, IEVS information, and KASES screens containing IRS data.
FSM-07-10-39
October 3, 2007
Page 4
B. Purge all BENDEX information, IEVS information, and KASES screens containing IRS data found in the active and inactive case records. The purged information must be disposed following the procedures in item 1.D.
V. Penalties for Failure to Safeguard IRS Information
A. Unauthorized inspection or disclosure of Federal income tax returns or return information may be punishable by a $5,000 fine, five years imprisonment, or both, plus the cost of prosecution, per Internal Revenue Code Section 7213(a);
B. A taxpayer may bring suit for civil damages in a US District Court for unauthorized disclosure or unauthorized inspection of returns and return information, per Internal Revenue Code Section 7431. This Section allows for punitive damages in case of willful inspection or disclosure or gross negligence, as well as the cost of the action; and
C. These civil and criminal penalties apply to the individual worker even if the unauthorized disclosures or unauthorized inspection were made after employment with the Agency terminated and if the individual is no longer an employee of the Commonwealth of Kentucky.
Each Field Services Supervisor (FSS) must review these procedures with staff and ensure the required security measures are being followed, by January 31, 2008. The FSS completes the attached annual self-assessment survey, and returns it to their Regional Office. The Regional Office, after ensuring the completed survey is returned from each county in their region, must forward the form electronically to by February 15, 2008.
If an improper inspection or disclosure is discovered or witnessed, report the violation to the Service Region Administration Associate (SRAA) for your Region. The SRAA forwards the report to the Division of Family Support. The SRAA takes action to ensure the violation does not occur again.
Additionally, if an improper inspection or disclosure has occurred, notify the Internal Revenue Service (IRS) by calling the Cincinnati Field Division at (513) 263-3040 or 1-800-366-4484 or by writing to:
Treasury Inspector General for Administration
P.O. Box 589, Ben Franklin Station
Washington, DC 20044-0589
If you have questions, please contact the Nutrition Assistance and Accountability Branch through your Regional Office.
KAJ/NAAB/IW/rcj
Attachments
cc: Service Region Administrators
Service Region Administrator Associates
Program Specialists
Field Services Supervisor
Office of the Ombudsman