*** The Health Care Programs Manual (HCPM) has been replaced by the Minnesota Health Care Programs Eligibility Policy Manual (EPM) as of June 1, 2016. Please refer to the EPM for current health care program policy information. ***
Effective: June 1, 2009 |
|
29.05.05 - IEVS Data Security |
Archived: June 1, 2016 (Previous Version) |
Data received from the Internal Revenue Service (IRS) have strict requirements for confidentiality and safeguarding. IRS regulations require that all employees with access to federal tax data, such as UNVI and BEER matches, are aware of the special security requirements.
Data received from the IRS can only be used to determine eligibility or the amount of benefits for Minnesota Family Investment Plan (MFIP), Food Support and Medical Assistance (MA).
It is important to keep your computer locked when you leave your desk and follow all password requirements.
See the IRS publication Tax Information Security Guidelines for Federal, State, and Local Agencies and Entities (Publication 1075) for more information on IRS data security requirements.
Penalties for Inspection or Disclosure.
Protected IRS data includes:
l The following MAXIS panels:
n UNVI and UNID.
n BEER and BEED.
n IULA and IULB if for a UNVI or BEER match.
n IDLA and IDLB if for a UNVI or BEER match.
l Case notes, if UNVI, tax record or other IRS data is mentioned.
l Any paper copies of MAXIS screens or case notes.
l Forms and/or documents referencing the tax record, such as the IEVS Difference Notice.
Do not copy IRS information unless it is absolutely necessary. There are rarely situations that require copies.
Note: To eliminate the need to safeguard case notes, do not indicate that the source of the match was UNVI, BEER, IRS data or tax records.
If IRS data is copied:
l The files containing the IRS data must be locked up at night.
l Files with IRS data cannot be left lying on your desk.
l Files and other records must be marked that the record contains protected data.
l IRS data must be separated from other file information when the file is being purged or disposed of.
l A five-year record of the destruction of federal tax data must be kept, including:
n Who supervised the data destruction.
n Method of destruction.
n Identifying information of the use of the record.
n Date of disposal.
l For mailing, the data must be double sealed, one envelope within another. The outer envelope must be marked confidential with notice that the addressee is the only person who may open it.
Do not provide IRS information to county prosecutors or the court system.
l County prosecutors and the court system can use the information after it is verified by a third party, but cannot have the original IRS tax record itself.
l Do not indicate in discussions of the information that the IRS was the source of the match.
l Do not indicate in case notes or other file documentation that the IRS was the source of the match or data.
l Do not file the first page of the IEVS Difference Notice. Shred the first page and keep only the signature page in file records.
Penalties for Inspection or Disclosure
There are federal criminal and civil penalties for both of the following:
l Unauthorized inspection of IRS tax information. Access only the data for which you are responsible. Do not inspect IRS data for any other cases.
l Unauthorized disclosure of IRS tax information.
Penalties include:
l Criminal penalties for willful unauthorized inspection include one or both of the following:
n Fine up to $1,000 plus the cost of prosecution.
n Imprisonment up to one year plus the cost of prosecution.
l Criminal penalties (felony) for willful unauthorized disclosure include one or both of the following:
n Fine up to $5,000 plus the cost of prosecution.
n Imprisonment up to five years plus the cost of prosecution.
l Civil damages if a person knowingly, or by reason of negligence, inspects or discloses returns or return information, unless it results from a good faith, but erroneous, interpretation of the law. Damages are the greater of the following:
n $1,000 for each act plus the cost of the action.
n The sum of the actual damages and possible punitive damages plus the cost of the action.
Note: There are also state data privacy requirements. See the DHS Data Practices Manual.
A worker must take a Non-Disclosure Oath prior to being granted access to BEER and UNVI information for the first time. This oath is retained for five years and is repeated annually for workers with access to federal tax data. DHS gives the Non-Disclosure Oath via MAXIS.
Legal references include:
l IRC Sec. 6103 Confidentiality and Disclosure of Returns and Return Information.
l IRC Sec. 6103 (p) (4) Safeguards.
l IRC Sec. 7213 Unauthorized Disclosure of Information.
l IRC Sec. 7213A Unauthorized Inspection of Returns or Return Information.
l IRC Sec. 7431 Civil Damages for Unauthorized Disclosure of Returns or Return Information.