MEDI-CAL PRIVACY & SECURITY AGREEMENT NO.: 19 - ____
2
purposes have access or potential access to Medi-Cal PII, whether electronic,
paper, verbal, or recorded.
3. “County Worker” means those county employees, contractors, subcontractors,
vendors and agents performing any functions for the County that require access to
and/or use of Medi-Cal PII and that are authorized by the County to access and use
Medi-Cal PII.
4. "Medi-Cal Pll" is information directly obtained in the course of performing an
administrative function on behalf of Medi-Cal that can be used alone, or in
conjunction with any other information, to identify a specific individual. Medi-Cal Pll
includes any information that can be used to search for or identify individuals, or can
be used to access their files, including but not limited to name, social security
number (SSN), date and place of birth (DOB), mother’s maiden name, driver's
license number, or identification number. Medi-Cal PII may also include any
information that is linkable to an individual, such as medical, educational, financial,
and employment information. Medi-Cal Pll may be electronic, paper, verbal, or
recorded and includes statements made by, or attributed to, the individual.
5. “Security Incident” means the attempted or successful unauthorized access, use,
disclosure, modification, or destruction of Medi-Cal PII, or interference with system
operations in an information system which processes Medi-Cal PII that is under the
control of the County or County’s Statewide Automated Welfare System (SAWS)
Consortium, or a contractor, subcontractor or vendor of the County.
6. “Secure Areas” means any area where:
A. County Workers assist in the administration of Medi-Cal;
B. County Workers use or disclose Medi-Cal Pll; or
C. Medi-Cal PII is stored in paper or electronic format.
7. “SSA-provided or verified data (SSA data)” means:
A. Any information under the control of the Social Security Administration (SSA)
provided to DHCS under the terms of an information exchange agreement with
SSA (e.g., SSA provided date of death, SSA Title II or Title XVI benefit and
eligibility data, or SSA citizenship verification); or
B. Any information provided to DHCS, including a source other than SSA, but in
which DHCS attests that SSA verified it, or couples the information with data
from SSA to certify the accuracy of it (e.g. SSN and associated SSA verification
indicator displayed together on a screen, file, or report, or DOB and associated
SSA verification indicator displayed together on a screen, file, or report).
For a more detailed definition of “SSA data”, please refer to Section 7 of the
“Electronic Information Exchange Security Requirements and Procedures for State