Kan. Admin. Regs. § 26-1-8
Current through Register Vol. 43, No. 52, December 26, 2024
Section 26-1-8 - Confidentiality; policies and procedures to protect information; sanctions(a) Personal information collected in the application for or delivery of services funded, in whole or in part, by the department shall remain confidential unless the disclosure meets any of the following conditions: (1) Prior written consent to disclose an individual's personal information is obtained from the individual or the individual's legal representative.(2) Disclosure is required to enable the delivery of services for which the individual or the individual's representative has requested or applied.(3) Disclosure is required for program monitoring purposes by authorized federal, state, or local agencies.(4) Disclosure is required by court order, administrative tribunal, or law.(b) Personal information shall include any of the following:(1) Street address, city, county, zip code, or equivalent geocodes;(2) telephone number, fax number, or electronic mail address;(3) social security, medical record, health plan beneficiary, and account numbers, and any other unique identifying number, characteristic, or code;(4) certificate or license number;(5) web universal resource locators (URLs) and internet protocol (IP) address numbers;(6) biometric identifiers, including fingerprints and voiceprints;(7) full-face photographic images and any comparable images;(8) validation of past and present receipt of any local, state, or federal program services;(9) validation of family, social, and economic circumstances;(10) medical data, including diagnoses and history of disease or disability;(11) income and other financial information;(12) department evaluation of personal or medical information;(13) validation of program eligibility; and(14) validation of third-party liability for payment for program services to any individual or entity.(c) Each department grantee, subgrantee, contractor, and subcontractor shall adopt and adhere to written policies and procedures to safeguard against the unauthorized disclosure of personal information about individuals collected in the delivery of services and shall identify sanctions to be imposed against an individual or organization that discloses confidential information in violation of the policies and procedures.(1) Access to confidential information shall be restricted to those individuals who specifically require access in order to perform their assigned duties.(2) All staff engaged in the collection, handling, and dissemination of personal information shall be informed of the responsibility to safeguard the information in their possession and shall be held accountable for the appropriate use and disclosure of confidential information.(d) If, after an investigation, notice, and the opportunity for a hearing, the secretary finds that any individual or organization identified in subsection (c) has disclosed or permitted the disclosure of any confidential information the disclosure of which is prohibited by this regulation or by any other state or federal law restricting or prohibiting the disclosure of information about individuals requesting or receiving services through any of the department's programs, the individual or organization shall have imposed against that individual or organization those sanctions that the secretary decides are commensurate with the disclosure under all the circumstances. Sanctions may include any of the following: (1) Denial, termination, or suspension of performance of any grant, subgrant, contract, subcontract, or other agreement;(2) denial, termination, or suspension of participation in any or all department programs;(3) referral for criminal prosecution or civil penalty assessments when provided for by law;(4) petitioning for temporary or permanent injunctive relief without prior notice;(5) exclusion from department data bases; or(6) any other sanctions permitted by any state or federal law.(e) No attorney paid through any program administered by the department to provide legal assistance to an individual shall be required by the department or the area agency to disclose the identity of any individual to whom the attorney provides or has provided legal assistance or any information protected by the attorney-client privilege.Kan. Admin. Regs. § 26-1-8
Authorized by and implementing K.S.A. 2010 Supp. 75-5908 and 75-5945; effective July 15, 2011.