 |
||
|
Frequently asked questions
Q. I am confused about the distinctions between confidentiality, privacy, and security. Could you explain how this is defined at DHS? A. Think in terms of your social security number. Privacy is an individual's right to keep their information protected and to determine who should have access to their social security number. Confidentiality determines how information, in this case at DHS, should be protected from unauthorized access to social security numbers. DHS information must be classified so that confidential data receives an appropriate level of protection. Security is the mechanism to ensure privacy and confidentiality. In the case of social security numbers, this would mean technology safeguards, access control, monitoring, and locked files so employee and client information is not accessed inappropriately. Back to top Q. Is securing information required? A. Yes, it is required by federal and state laws to take steps to secure confidential information. All authorized users of DHS information are required to attend a session periodically on Information Security and sign an acknowledgement. Q. What kind of things is DHS doing to make information more secure? A. The department has developed new policies and procedures around who has access to information and who it can be shared with. It is also working on more secure password and Technology-based safeguards such as encryption and firewalls. Back to top Q. I understand the need to ensure that our confidential information is secure. How can that be done in the current integrated environment? A. DHS has taken many steps to ensure that our clients are receiving the best possible service. We have implemented a service model that is open and integrated, making it easier for our clients to do business with several different parts of our organization. Delivering services through an integrated model puts the responsibility on the Department to coordinate services. To do this efficiently it is necessary to share information. We need to be aware of who we are sharing this information with and do they really need to know. Staff are expected to make reasonable efforts to secure information they are responsible for. Things like not discussing cases in the lobby or public areas, placing paper documents out of site or clearing your screen when visitors are in your work area. Taking common sense, reasonable steps. Q. What is the scope of information that DHS oversees? A. DHS operates 24 hours per day, seven days a week; runs over 120,000 production jobs and produces more than 580,000 checks and vouchers each month. The number of clients touched by DHS exceeds the number of people in the Portland metropolitan area and Salem combined. Collecting and exchanging information is necessary to do DHS work for our clients. Our information systems store sensitive information about our clients such as HIV reports, financial facts, abuse allegations, social security numbers, employment histories and more. DHS is responsible for information gathered on its employees and their families whether it is social security numbers or personnel issues. In addition, it is essential that DHS protect its information like accounting systems, financial records and all the Oregon assets it oversees. Back to top Q. How will these new information security policies impact my job? A. There will be some changes for all employees. For example, passwords will be changed more frequently, workstation procedures will be implemented like, locking your computer, shutting it off at the end of the day, and the use of password protected screensavers. DHS is working to ensure that employees use physical safeguards, such as keeping confidential papers out of view and sharing information with only those who have a need to know. Q. Why are we adding all these new policies for information security? Is there really a need? A. Yes, the need is quite real. Each day, there are more than 1,000 attempts, some accidental and some intentional, to break through the DHS network firewall. Penetrating our firewall can result in the access of confidential client information, theft of state funds, and access to employee information such as social security numbers and personnel records. Outside viruses also can result in the loss of important information and productivity. Some 200 to 300 new viruses are released each month with at least five posing viable threats. Back to top |
||
