Chapter 5101:9-9 Federal Tax Return Information Safeguarding Procedures

5101:9-9-14 [Rescinded] Professional education program.

Effective: 03/04/2013
Promulgated Under: 111.15
Statutory Authority: 5101.02
Rule Amplifies: 307.86
Prior Effective Dates: 4/3/98, 6/17/04, 7/7/08

5101:9-9-15 Service level agreement (SLA).

(A) The SLA is a document of understanding provided by the Ohio department of job and family services (ODJFS) office of information services (OIS). ODJFS requires county agencies to enter into an SLA to delineate responsibilities for day-to-day information technology (IT) operations between the county agency and OIS to provide quality service to end users and to maintain the health and integrity of the ODJFS network.

(B) The SLA specifies what county agencies can expect from OIS concerning equipment supply, equipment standards, equipment servicing, delivery and availability, system response, information security, problem handling, and network management. As a condition of providing services, ODJFS requires county agencies elect a service level and enter into an SLA. All ODJFS commitments are subject to the availability of state and federal funds.

(C) In addition to the delineation of responsibilities between the county agency and OIS, the SLA, through the technology and service support policy (TSSP), as detailed in rule 5101:9-9-17 of the Administrative Code, includes the delineation of financial responsibility.

(D) A county agency wishing to assume more responsibility for the operation of its local network may do so, in accordance with the established SLA levels, provided the county agency can maintain eligibility and continues to fulfill the requirements.

(E) The signatories to the SLA are the county agency director and the deputy director of OIS utilizing the SLA signature document (SLA.13). The SLA incorporates, by reference, a number of additional supporting documents. Due to the ever-changing nature of the IT environment, the supporting documents may be updated on an ongoing basis by OIS.

(F) In the event of a disagreement regarding provisions of the executed SLA between OIS and the county agency, the initial attempt at resolution will commence at the county agency technical point of contact (TPOC) and OIS liaison level. If resolution is not possible at that level, the deputy director of OIS and the director of the county agency, or their designees, will work to resolve such issues and may utilize the methodology contained in the fiscal agreements if necessary.

(G) The most current version of the SLA is available on the OIS website.

Effective: 07/01/2009
Promulgated Under: 111.15
Statutory Authority: 5101.02
Rule Amplifies: 5101.02
Prior Effective Dates: 10/1/03, 2/1/06, 7/1/07

5101:9-9-16 Negotiated service level agreement (SLA N).

(A) The negotiated service level agreement (SLA N) is a document of understanding between the Ohio department of job and family services (ODJFS) office of information services (OIS) and the county agency. A county that elects and is eligible for a SLA N is substantially different from other county agencies. Elected SLA N is available only to agencies having greater than five hundred filled, verifiable, full-time equivalent (FTE) employees and public children service agencies (PCSAs) that have never been on the ODJFS network.

While the SLA N allows for a high degree of flexibility, the universal provisions detailed in the SLA and rule 5101:9-9-15 of the Administrative Code apply to the SLA N.

(B) The intent of the SLA N is to address the flexibility required by county agencies while maintaining the integrity of the SLA program.

(C) The goal of the SLA N is to define the information technology (IT) expectations of ODJFS and the county agency and determine the appropriate level of service relative to service response, system availability, quantity of work processed, delineation of duties, and service support.

(D) Through SLA N, any ODJFS benefits, that is combinations of hardware, software, infrastructure, services, and network administration, may be negotiated as agreed upon by ODJFS and the county agency. Other county agency requirements may be negotiated as agreed upon by ODJFS and the county agency. Any state benefit is dependent on sufficient funding in the ODJFS OIS budget for the appropriate fiscal year.

(E) A county agency that elects a SLA N exercises considerable control of its county-based IT environment and the management of the county agency network.

(F) The SLA N supporting documentation identifies the scope of services performed either by ODJFS or the county agency and what is required to maintain the IT environment.

(G) In the event of a disagreement between ODJFS and the county agency regarding provisions of the executed SLA N, the initial attempt at resolution will begin at the county agency technical point of contact (TPOC) and OIS liaison level. If resolution is not possible at that level, the deputy director of OIS and the director of the county agency, or their designees, will work to resolve such issues utilizing the methodology contained in the SLA N.

(H) The most current version of the SLA N is available on the OIS website.

Effective: 07/01/2009
Promulgated Under: 111.15
Statutory Authority: 5101.02
Rule Amplifies: 5101.02
Prior Effective Dates: 2/1/06, 7/1/07

5101:9-9-17 Technology and service support policy (TSSP).

(A) The Ohio department of job and family services (ODJFS), in a continuing effort to improve the level of customer service and responsiveness to county agencies, developed the technology and service support policy (TSSP).

The TSSP represents a commitment by ODJFS to provide quality, cost-effective networking products, services, and solutions to the county agencies throughout the state. The TSSP operates within the framework of the service level agreement (SLA) as detailed in the SLA.04 and rule 5101:9-9-15 of the Administrative Code.

(B) The TSSP is the policy by which county agencies request information technology (IT) equipment and services from the ODJFS office of information services OIS. All county agencies' requests for network equipment, installation of third-party software applications, or OIS assistance with equipment moves to new sites, require completion of the TSSP county request form.

(C) The TSSP coordinators in OIS oversee the request process and are responsible for working with the county agencies to determine financial responsibilities and costs, verify staff levels, and track the progress of requests, and serve as the ODJFS contact for county agency information related to the TSSP.

(D) As part of completing the TSSP county request form, the county agency will estimate the financial responsibilities associated with its request and submit the information to the TSSP coordinator in OIS.

(E) Whenever financial responsibilities are determined to be greater than those submitted in the county's request, OIS will contact the technical point of contact (TPOC) in the county agency. OIS will obtain the county agency's consent before continuing the fulfillment process.

(F) Financial responsibilities are enumerated in the TSSP. All ODJFS commitments relative to networking products, services, and solutions are subject to and contingent on the availability of state and federal funds. Whenever financial responsibilities are determined to be different from those submitted in the agency's original request, OIS will notify the county agency to obtain its consent before fulfilling the agency's request. Equipment acquisitions that may affect the ODJFS network, regardless of the cost or financial responsibility, must be approved by ODJFS before the agency purchases the equipment. Approval may be obtained through the TSSP request process.

(G) ODJFS retains ownership of networking products unless ODJFS specifically transfers ownership in accordance with procedures in rule 123:5-2-01 of the Administrative Code.

(H) Through TSSP, ODJFS seeks to do the following:

(1) Ensure timely and efficient delivery of IT products and services to ODJFS's customers;

(2) Increase the flexibility for county agencies to select networking products, services, and solutions that best meet their needs;

(3) Maintain continuity of a safe, sound, and secure computer environment; and

(4) Ensure budgetary predictability and cost-effectiveness of networking solutions for ODJFS and county agencies.

(I) OIS continues to provide the workstations, software, and network access necessary for county employees to complete their state-required job functions pursuant to and in compliance with the signed and established SLA levels.

(J) ODJFS will provide the network infrastructure to enable local agency staff to connect to the ODJFS network.

(K) As a way for county agencies to have the flexibility to meet future needs, ODJFS will provide an additional allowance of workstations in an amount of up to ten per cent of the local agency's filled full-time equivalent (FTE) employees.

Beyond this baseline, counties are responsible for financing computing resources.

(L) Unless specified to the contrary in the SLA for the individual county agency, county agencies will purchase service units from ODJFS.

Service units include, but are not limited to, maintenance, service, and use of state owned equipment.

(M) Costs associated with TSSP equipment service units are determined by the initial equipment costs to ODJFS. On-going services are included as part of the service unit at the expense of ODJFS. On-going services include moves, customer support, software upgrades, and equipment services. 5101:9-9-17 2

(N) The catalogue of network services section of the TSSP displays the networking products and services available to county agencies. The catalogue details the estimated costs a county agency will be subject to when it purchases service units for the products and services specified by its financial responsibility under the TSSP.

(O) Following the fulfillment of a request, ODJFS will generate an invoice for equipment and services rendered and mail it to the county agency for all requests determined to be the financial responsibility of the county agency. The service unit cost to the county agency will be the actual invoice cost for each piece of equipment used. Available TSSP service units may be found in the catalogue of network services section of the TSSP.

(P) When a request involves recurring charges, such as monthly data line fees, the county will be invoiced on a recurring basis. These invoices will utilize the same payment process as the other TSSP invoices.

(Q) County agencies and one-stops will pay the invoice by sending a check, made payable to the "Treasurer, State of Ohio," and including a copy of the invoice with the check.

(R) If payment is not received within sixty calendar days, the ODJFS office of fiscal services will notify the county agency via a memo.

(S) If payment is not received within ninety calendar days, the ODJFS office of fiscal services will recover the funds via an adjustment to the county agency's advance.

(T) County agencies shall use the JFS 02750 "Child Support Administrative Fund Monthly Financial Report" (rev. 10/2005), JFS 02820 "Child Welfare Monthly Financial Statement" (rev. 3/2004), or JFS 02827 "Monthly Financial Statement" (rev. 11/2000) to report TSSP expenditures.

(U) OIS will update the TSSP as dictated by changes in technology, service unit pricing, or available service offerings. The most current version of the TSSP is available on the OIS website.

Effective: 07/01/2009
Promulgated Under: 111.15
Statutory Authority: 5101.02
Rule Amplifies: 5101.02
Prior Effective Dates: 2/1/06, 7/1/07

5101:9-9-20 Treatment of Health Insurance Portability and Accountability Act (HIPAA) inquiries to a county agency.

(A) HIPAA is a federal law that, among other regulations, requires the protection of confidentiality and security of health data including the safeguarding, privacy, and release of protected health information (PHI).

(B) PHI includes, but is not limited to, the following individually identifiable health information of public assistance applicants, recipients, and former recipients:

(1) Information relating to past, present, or future physical or mental health or condition of an individual;

(2) Provision of health care to an individual;

(3) Past, present, or future payment for health care to an individual; and

(4) Eligibility information of an individual for the medicaid, disability medical assistance, or refugee medical assistance program, or any other plan or program that provides medical assistance or pays the cost of medical care.

(C) All current and future recipients of medicaid, disability medical assistance, refugee medical assistance, or any other plan or program that provides medical assistance or pays the cost of medical care, received or will receive a privacy notice outlining the following descriptions of uses and disclosures, and recipient procedures:

(1) A description of the types of uses and disclosures of PHI the Ohio department of job and family services (ODJFS) or its delegated entity is permitted to make, with examples to include payment, treatment, and healthcare operations;

(2) A description of other uses and disclosures permitted under HIPAA without written consent or authorization to include examples such as required by law;

(3) A statement that other uses and disclosures will be made only with the individual's written authorization;

(4) Complaint procedure;

(5) Request for restriction procedure;

(6) Request for amendment procedure; and

(7) Request for accounting procedure.

(D) If a recipient of benefits identified in paragraph (C) of this rule requests any of the procedures outlined in paragraphs (C)(4) to (C)(7) of this rule from the county agency or entity acting on behalf of ODJFS who collects and maintains the information identified in paragraph (B) of this rule through which the recipient participates, the county agency or entity acting on behalf of ODJFS shall do one of the following:

(1) Refer the recipient to the ODJFS privacy official by providing the recipient with the appropriate phone number; or

(2) Provide the recipient with a copy of the HIPAA privacy notice outlining the procedures set out in paragraphs (C)(4) to (C)(7) of this rule and notice identifying whom the recipient may contact to initiate those procedures .

http://medicaid.ohio.gov/FOROHIOANS/AlreadyCovered/NoticeofPrivacyPractices.aspx

Effective: 2/1/2015
Promulgated Under: 111.15
Statutory Authority: 5101.02
Rule Amplifies: 5101.02
Prior Effective Dates: 4/14/03, 5/23/08

5101:9-9-21 County agency records retention, access, and destruction.

(A) The following definitions are applicable to this rule:

(1) "County family services agency" has the same meaning as defined in section 307.981 of the Revised Code.

(2) "Grant" means an award for one or more family services duties or workforce development duties of federal financial assistance that a federal agency provides in the form of money, or property in lieu of money, to the Ohio department of job and family services (ODJFS) and that ODJFS awards to a county family services agency or workforce development agency. Grant may include state funds ODJFS awards to a county family services agency or workforce development agency to match the federal financial assistance. Grant does not mean technical assistance that provides services instead of money and does not mean other assistance provided in the form of revenue sharing, loans, loan guarantees, interest subsidies, or insurance.

(3) "Inactive records" refers to closed case files and those records that are no longer used on a regular basis.

(4) "Pass-through entity" means a non-federal entity that provides a federal award and/or state funds to a subrecipient to carry out a federal and/or state program, function, or activity.

(5) "Record" has the same meaning as defined in section 149.011 of the Revised Code.

(6) "Record series" means records that are filed together or maintained as a unit because they relate to a particular subject or function, result from the same activity, have a particular form, or have some other relationship arising from their creation, receipt, or use.

(7) "Retention schedule" means a document that assigns a required retention period to a record series based on its fiscal, legal, or administrative value.

(8) "Subrecipient" means a non-federal entity that expends federal awards and/or state funds received from a pass-through entity but does not include an individual that is a beneficiary of such program, function, or activity.

(9) "Workforce development agency" has the same meaning as defined in section 6301.01 of the Revised Code.

(B) All county family services agency and workforce development agency records are governed by section 149.38 of the Revised Code, which establishes a county records commission for each county. The functions of the county records commission are to provide rules for the retention and disposal of county records, review applications for one-time disposal of obsolete records, and review schedules of records retention and disposal submitted by county offices. Each county family services agency and workforce development agency shall comply with all applicable federal, state, and local records retention requirements for all records related to any program, function, or activity that is funded in whole or in part by state and/or federal funds.

(C) Each county family services agency and workforce development agency shall have a records retention schedule that governs each record series maintained by the agency and that includes the requirements set forth in this paragraph. Each such records retention schedule shall at a minimum do the following:

(1) Identify the name of the record series;

(2) Describe the use and purpose of the records;

(3) Assign a retention period based on the fiscal, legal, or administrative purpose value of the record series;

(4) Establish the method of disposition of the records when the retention period expires; and

(5) Comply with any minimum records retention requirements specified by applicable state law and regulations, applicable ODJFS records retention requirements, and applicable federal law and regulations, including, but not limited to, the following:

(a)

2 C.F.R. 200;

(b) 7 C.F.R. 272.1(f) applicable to the expenditure of food stamp program funds;

(c) 29 C.F.R. 95.53 applicable to not-for-profit organizations expending department of labor funds (DOL) funds;

(d) 29 C.F.R. 97.42 applicable to government units expending DOL funds;

(e) 45 C.F.R. 75.361 applicable to not-for-profit organizations expending department of health and human services (HHS) funds;

(f) 45 C.F.R. 75.361 applicable to government units expending HHS funds; or

(g) Any other federal award requirements related to any program, function, or activity the county family services agency or workforce development agency administers that is funded in whole or in part by federal funds.

(D) In addition to having the records retention schedules required by paragraph (C) of this rule, each county family services agency and workforce development agency shall have a records retention schedule governing all records of its subrecipients that document a program, function, or activity for which the county family services agency's or workforce development agency's subrecipient receives state and/or federal funds. Each county family services agency and workforce development agency shall include in any contract or other type of agreement awarding a grant to a subrecipient all applicable minimum federal, state, and local records retention requirements for all records documenting a program, function, or activity for which the county family services agency's or workforce development agency's subrecipient receives state and/or federal funds. Any succeeding subrecipient of state and/or federal funds passed through from the county family services agency's or workforce development agency's subrecipient is subject to the same requirements stated in this paragraph.

(E) Each county family services agency and workforce development agency shall retain financial, programmatic, statistical, and recipient records and supporting documents relating or pertaining to a federal award passed through from ODJFS for a minimum of three years after submittal of the final expenditure report for the grant, or applicable ODJFS records retention requirements, whichever is longer, unless otherwise provided by any minimum records retention requirements specified by applicable state or federal law. A county family services agency or workforce development agency may establish a minimum records retention period that exceeds the minimum retention period provided by this paragraph.

(1) If any litigation, claim, investigation, criminal action, negotiation, audit, administrative review, or other action involving the records has been started before the expiration of the longer of the minimum retention period defined in paragraph (E) of this rule or before actual disposition of the records, the county family services agency or workforce development agency shall maintain the records until completion of the action and resolution of all issues that arise from it, or until the end of the longest applicable minimum retention period, whichever is later.

(2) If final payment after closeout of the federal award has not been made before the expiration of the longer of the minimum retention period defined in paragraph (E) of this rule or before actual disposition of the records, the county family services agency or workforce development agency shall maintain the records until final payment is made and resolution of all issues that arise from it, or until the end of the longest applicable minimum retention period provided in paragraph (E) of this rule, whichever is later.

(3) Each county family services agency and workforce development agency shall maintain a current file of all records that have been subject to a federal or state audit, administrative review, or other action, and must refer to that file before requesting approval from the county records commission to destroy any record.

(F) Each county family services agency and workforce development agency shall annually provide or make available to ODJFS the agency's records retention schedules, including any records retention schedule adopted pursuant to paragraph (D) of this rule. Each county family services agency and workforce development agency shall make its current records retention schedule readily available to the public.

(G) Each county family services agency and workforce development agency shall establish policies and procedures for the transfer and storage of inactive records that comply with all applicable state, federal, and local requirements. Secondary locations used for storing inactive records must provide adequate security and allow for the prompt and efficient retrieval of requested records.

(H) The requirements regarding access to records are as follows:

(1) Each county family services agency and workforce development agency shall adopt a public records policy for responding to public records requests in accordance with section 149.43 of the Revised Code.

(2) All records documenting a program, function, or activity for which the county family services agency and workforce development agency receive state and/or federal funds must be made available to authorized governmental agencies, including, but not limited to, ODJFS, the auditor of state, and other Ohio funding sources and federal funding sources upon request. This access to records includes, but is not limited to, all financial and programmatic records, supporting documents, statistical records, and other records of recipients, subrecipients, contractors, and subcontractors. This right of access is not limited to any required minimum retention period if the records are still being retained and have not been disposed at the time of the request.

(3) All information and records concerning an applicant, a recipient, or a former recipient must be safe guarded from release as specified by applicable state and federal law and regulations, including, but not limited to, rules 5101:1-1-03 , 5101:4-1-13 , and 5160:1-1- 51.1 of the Administrative Code, and section 5101.27 of the Revised Code, and are subject to all applicable intercounty transfer requirements, including, but not limited to, rules 5101:1-1-13, 5101:4-8-09 and 5160:1-1-51 of the Administrative Code .

(4) All public records as defined in division (A)(1) of section 149.43 of the Revised Code must also be made available for inspection or copying to any person at all reasonable times during regular business hours, as specified in division (B) of section 149.43 of the Revised Code.

(5) Each county family services agency and workforce development agency shall maintain its records in such a manner that the agency can fulfill its records access obligations promptly and efficiently.

(I) Each county family services agency and workforce development agency shall obtain approval from the county records commission before destruction of any records in accordance with section 149.38 of the Revised Code. Pursuant to section 149.38 of the Revised Code, the county records commission approval must in turn be reviewed by the Ohio historical society, and upon the Ohio historical society's review of the request to dispose the records, the auditor of state must approve or disapprove the request.

(J) After permission to destroy the records has been obtained, each county family services agency and workforce development agency shall follow the requirements established by the county records commission for disposal of county records.

(K) Notwithstanding the provisions in this rule, each county family services agency and workforce development agency shall continue to follow any minimum applicable ODJFS, state, and federal records retention requirements requiring a longer minimum retention period than the general three-year retention period stated in paragraph (E) of this rule, such as children services case records retention requirements set forth in rule 5101:2-33-23 of the Administrative Code, and any other program-specific records retention requirements established by other state or federal law, unless directed to comply with the minimum records retention requirements provided in this rule.

Effective: 3/1/2015
Promulgated Under: 111.15
Statutory Authority: 5101.02
Rule Amplifies: 329.04 , 329.05 , 5101.27 , 5101.28
Prior Effective Dates: 3/7/82, 4/1/88 (Emer.), 6/30/88, 2/15/96, 11/1/96, 8/23/08.

5101:9-9-21.1 Public assistance records: retention periods.

[This rule designated an internal management rule]

(A) The following definitions are applicable to this rule:

(1) "Inactive records" means closed case files and those records that are no longer used on a regular basis.

(2) "Public assistance record" means any record maintained in a case file related to an Ohio works first (OWF), a food stamps, a prevention, retention, and contingency (PRC), a disability financial assistance, or a refugee cash assistance group (AG).

(3) "Record" has the same meaning as defined in section 149.011 of the Revised Code.

(B) The minimum retention period for public assistance records is seven years, except as provided in paragraphs (C) and (D) of this rule.

(C) The following records may not be destroyed while the AG is active, and must be maintained for a minimum of three years from the date the AG becomes inactive:

(1) Enumeration verifications;

(2) Application forms and verifications that established initial program eligibility; and

(3) Documents that establish eligibility factors such as incapacity, limiting physical factors, and eligibility for supplemental security income (SSI).

(D) Any records existing in the AG file on the date the AG becomes inactive must be maintained for a minimum of three years from the date the AG becomes inactive, regardless of the age of the records.

(E) Rule 5101:4-1-05 of the Administrative Code governs the retention of food stamp records and must be followed in conjunction with the requirements of this rule.

(F) Counties that wish to selectively destroy documents from public assistance AG records in accordance with the requirements of this rule must specify the retention periods of the affected documents on the appropriate retention schedules.

Replaces: 5101-9- 21.1

Effective: 08/23/2008
Promulgated Under: 111.15
Statutory Authority: 5101.02
Rule Amplifies: 329.04
Prior Effective Dates: 2/15/96

5101:9-9-25 Federal tax return information safeguarding procedures.

[This rule designated an internal management rule. For a copy of this rule, contact the Ohio Legislative Service Commission.]

5101:9-9-29 Ohio department of job and family services (ODJFS) audit function.

(A) "Auditing" is the systematic application of procedures to compare historical data to established criteria to prepare an attestation as to the degree of correspondence between the two.

(B) "Historical data" consists of management representations, either explicit or implicit. Management representations include, but are not limited to, representations as to characteristics of information such as completeness or accuracy, the occurrence or non-occurrence of transactions or events, the existence or non-existence of tangibles, intangibles, rights and obligations, the valuation or allocation of tangibles and intangibles, rights and obligations, compliance or non-compliance with laws or regulations, and operational characteristics.

(C) "Criteria" may be financial or non-financial. Applicable criteria may include, but are not limited to, accounting and auditing standards and principles, state, federal and local laws, regulations, administrative rules, ordinances and court opinions, and generally accepted principles of accounting and administrative control.

(D) "Person" means an individual, corporation, business trust, estate, trust, partnership, or association as used in any statute, unless another definition is used in such statute or a related statute.

(E) "Public office" means any state agency, public institution, political subdivision, or other organized body, office, agency institution, or entity established by the laws of this state for the exercise of any function of government.

(F) Audits performed by ODJFS include, but are not limited to:

(1) Any examinations or review of books , records or any other evidence relating to the collection, receipt, accounting for use, claim, or expenditure of state or federal funds received from or through ODJFS.

(2) Any examination or review to determine whether any person, public office, vendor, sub-recipient, or provider of goods or services to ODJFS has complied or is in compliance with the federal statute or regulation, state statute or administrative rule, ordinances, or orders pertaining to the collection, receipt, accounting for, use, claim or expenditure of state or federal funds from or through ODJFS.

(3) Any examination or review of any person, public office, vendor, sub-recipient, or provider of goods or services to ODJFS ; collecting, receiving, accounting for using, claiming, or expending state or federal funds from or through ODJFS ; or submitting to the department data which serves as the basis for funding from or through the department.

(4) Any financial statement, financial-related, performance, economy and efficiency, or program results audits of organizations, agencies, programs, activities, or functions under the authority, aegis, or oversight of ODJFS.

(5) Any examination, review, investigation, or financial statement, financial-related, performance, economy and efficiency, or program results audits required or intended to address federal or state audit, monitoring, or review requirements.

(G) ODJFS may perform or provide for the performance of any audits within the scope of this rule. The timing, frequency, scope, and objectives of audits may vary with ODJFS' assessment of audit needs and the available resources of ODJFS.

(H) ODJFS may develop and implement policies and procedures at variance with the provisions of this rule as necessary to comply with the requirements of federal statute or regulation, or state statute or administrative rule.

(I) For the purpose of audits performed by or provided by ODJFS, auditees must maintain documentation conforming to all requirements prescribed by ODJFS, federal statute or regulation and state statute or administrative rule. Auditees must prepare and maintain documentation to support all transactions and to permit the reconstruction of all transactions and the proper completion of all reports required by state and federal law and regulations, and which substantiates compliance with all applicable federal statutes or regulations, state statutes or administrative rules.

(J) Auditees must make available to ODJFS personnel all records necessary to document all transactions. Records must include sufficient detail to disclose:

(1) Services provided to program participants;

(2) Administrative cost of services provided to program participants;

(3) Charges made and payments received for items identified in paragraphs (J) (1) and (J) (2) of this rule;

(4) Cost of operating the organizations, agencies, programs, activities, and functions.

(K) Auditees must maintain adequate systems of internal control to ensure:

(1) Accurate and reliable financial and administrative reports;

(2) Efficient and effective use of resources;

(3) Compliance with laws and regulations.

(L) Audits performed by other public or private audit organizations on behalf of ODJFS will be reviewed and released by ODJFS. Audit reports for audits performed by ODJFS or by other public or private audit organizations on behalf of ODJFS may be the basis for action by ODJFS as authorized by federal statute or regulation, state statute or administrative rule, including, but not limited to, section 5101.24 of the Revised Code.

(M) A certified copy of any portion of any audit report released by ODJFS containing factual information is prima facie evidence of the facts contained therein for the purpose of any administrative appeal or proceeding.

(N) At the conclusion of an audit, ODJFS will normally conduct an exit conference with the auditee. However, an exit conference is not required where the auditee fails to respond, within a reasonable period of time, to a request by ODJFS to schedule an audit, where an audit conference would impair, impede, or otherwise threaten the ability of ODJFS to satisfy legal requirements that it supervise the auditee or direct compliance with state and federal law, or where the subject matter of the audit is currently the subject of another state or federal audit or criminal investigation. Objectives of exit conferences include:

(1) To provide ODJFS with an opportunity to present the results of the audit and obtain the response of the auditees;

(2) To provide the auditee with an understanding of the audit findings;

(3) To obtain relevant information with respect to issues raised by the audit.

ODJFS will evaluate any written response of an auditee and will consider whether the proposed audit report should be revised based upon the response. When an auditee submits a written response and ODJFS concludes that no revision of the draft audit report is appropriate or warranted, the response shall be attached to or summarized in the final report.

Effective: 2/1/2015
Promulgated Under: 111.15
Statutory Authority: 5101.02
Rule Amplifies: 329.04 , 329.042 , 5101.16 , 5101.161 , 5103.07 , 5107.02
Prior Effective Dates: 10/19/81, 7/20/86, 11/1/97, 10/1/03

5101:9-9-37 Data system security.

The following requirements ensure the security of departmental data and must be followed by all county employees who access the office of information technology (OIT) and the Ohio department of job and family services (ODJFS) local area networks.

(A) Users are responsible for system inquiries and activities executed with their system user indentification (USER-ID).

(B) Passwords must remain confidential and be between four and eight characters in length.

(C) A terminal or personal computer must never be left unattended or unsecured when logged onto the network.

(D) Only the files which are required to perform job duties shall be accessed.

(E) Passwords are valid for a maximum of thirty days and shall not be repeated for a twelve month period.

(F) The county liaison must contact the ODJFS security officer to have a forgotten password reset. The user will then supply a new password on their next access.

(G) Users must not change their passwords more than once per day.

(H) Users must comply with all items included on the JFS 07078 "Ohio Department of Job and Family Services Code of Responsibility" (Rev.3/03).

(I) An original signed JFS 07078 must be submitted to ODJFS with every county request for a USER-ID or user access to the OIT and ODJFS local area networks.

(J) Temporary access may be granted at the discretion of ODJFS upon receipt of a faxed request and signed JFS 07078. Failure to submit a signed original JFS 07078 to ODJFS within fourteen days will result in termination of access.

(K) The JFS 07078 is required for every new employee accessing the system, and for making changes to an existing employee's access.

(L) Counties must not modify the JFS 07078.

Replaces: 5101-9-37

Effective: 07/01/2005
Promulgated Under: 111.15
Statutory Authority: 5101.02 , 329.04
Rule Amplifies: 5101.02 , 329.04
Prior Effective Dates: 3/18/88 (Emer.), 6/10/88, 6/15/98

5101:9-9-38 County electronic data usage.

[This rule designated an internal management rule. For a copy of this rule, contact the Ohio Legislative Service Commission.]