Levels of security for confidentiality; comprehensive system for
limited access to information
Sec. 4. At least ten (10) levels of security for confidentiality in the
system must be maintained. The system must have a comprehensive
system of limited access to information as follows:
(1) The system must be accessed only by the entry of an
operator identification number and a person's secret password.
(2) Child welfare caseworkers and investigators must be
allowed to access only cases that are assigned to the caseworker
or investigator.
(3) Child welfare supervisors may access only the following:
(A) Cases assigned to the supervisor.
(B) Cases assigned to a caseworker or an investigator who
reports to the supervisor.
(C) Cases that are unassigned.
(4) To preserve confidentiality in the workplace, case welfare
managers, as designated by the department, may access any
case, except restricted cases involving a state employee or the
immediate family member of a state employee who has access
to the system. Access to restricted information under this
subdivision may be obtained only if an additional level of
security is implemented.
(5) Access to records of authorized users, including passwords,
is restricted to:
(A) users designated by the department as an administrator;
and
(B) the administrator's level of administration as determined
by the department.
(6) Ancillary programs that may be designed for the system may
not be executed in a manner that would circumvent the system's
log on security measures.
(7) Certain system functions must be accessible only to system
operators with specified levels of authorization as determined
by the department.
(8) Files containing passwords must be encrypted.
(9) There must be two (2) additional levels of security for
confidentiality as determined by the department.
As added by P.L.1-1997, SEC.16. Amended by P.L.234-2005,
SEC.165.
Last modified: May 24, 2006