When communicating client information electronically always use the least amount of information needed to identify the person to the receiving party. The standard the agency has set for the maximum amount of client personal identifying information that may be included in any electronic communication is (1) the first name initial, (2) the full last name, and (3) the last 4 digits of the social security number (SSN).

It may be necessary to exceed the standard in some situations where conducting agency business would be interrupted, where a third party requires more personal information than the agency standard and there is not a feasible alternative, or where the communication will not be effective by following the standard. To the extent possible, such information should be encrypted before being sent. Exceptions will be established by agency policy and not by field staff discretion.

Encryption: Stored in such a way that a password is required in order to access the file.

A mobile device like a laptop, an iPad, flash drive, portable storage drive, and disk is inherently no more or less secure than a computer. However, due to their portable and mobile nature, they are much easier to misplace than a regular computer. Extra attention must be paid to secure handling of such devices. Not leaving these devices unattended will ensure that client data, and therefore confidentiality, is not stolen or breached. The loss of confidential information like name, address, phone number, disability, etc. would be in violation of our agency policy. The loss of unencrypted SSN information would be a violation of SSA (Federal) laws with consequences.

Standards

Emails

Emails sent inside or outside the Nebraska State Government network shall be limited to no more than (1) the first name initial, (2) the full last name, and (3) the last 4 digits of the social security number. Assure in the body of the email or any attachments that the person’s full name is not used. In addition, prior to replying to or forwarding an email assure the previous information adheres to this standard.

While the transmission of a nebraska.gov to nebraska.gov email is secure, once that email enters a user’s Mailbox, is saved to a user’s computer, or an attachment lands in a user’s Mail Downloads folder, the information is no longer secure unless it is in an encrypted document or stored in an encrypted volume. If information is to be sent that exceeds the agency’s minimum standard, the information should always be encrypted.

For assistance with encryption, please submit a Help Desk ticket. vrhelpdesk.vr.ne.gov

Drop Box:

While the use of the Drop Box has been encouraged as a way to share secure information between VR computer users, the Drop Box is not completely secure. Unencrypted confidential information that sits in a Drop Box or is saved to other folders on the computer can be easily viewed and taken from a stolen or lost device or an unlocked computer.

Electronic Calendar

Exchange (Outlook) has the same security as internal emails within the state’s email system. Since our calendaring program is an organizational tool for staff and a documentation tool for agency management, the agency does allow for the client’s full name, telephone contact number, and purpose of the appointment to be entered in the calendar. However, never use any feature or text box of a calendaring program to convey any other client personal or confidential information such as impairment, address, full SSN, etc.

iChat/Texting

iChat/texting does not have the same internal security as the state’s email system. Therefore, iChat and other text messaging applications should never be used to request or provide personal information that exceeds the Agency Confidential Electronic Information Standard including the transmittal of documents that contain client personal or confidential information.

NDE Student ID Number

Requests to Tessa Ferguson to search the NDE database for Student ID Numbers should only be made through email (xxx.xxxxxx@nebraska.gov to tessa.ferguson@nebraska.gov). Do not use iChat or other texting apps. The request should only include First Name Initial, Full Last Name and Date of Birth.

Electronic FAFSA

The SFAR-E has been modified to only require the first name initial, full last name and the last 4 digits of the social security number. The schools currently using the SFAR-E have agreed to this change. As new schools agree to use the SFAR-E, they must agree to this condition.

Performance Report

The Performance Report used with the Behavioral Health Agreements has being modified to remove the social security number column and to require only the first name initial rather than the full first name along with the full last name. The Behavioral Health Programs have the option of mailing this form or sending it electronically.

Resumes

Resumes prepared for clientss may be provided to them as an Email attachment if requested by the client. Resumes should never include a Social Security Number or a Date of Birth.

ATP Referral Form

The completed electronic ATP Referral Form can either be emailed as an attachment to atp.referrals@nebraska.gov or faxed to ATP (402.471.6052). The form no longer requires a SSN.

The Abilities Fund

The Abilities Fund referral forms available on their website (1) Exploring Entrepreneurship Workshop Referral Form and (2) Nebraska Self Employment Services are to be submitted only by mail or fax.

Kenexa

When using the online Kenexa assessment with a client, the client’s personal identifying information should not exceed the first name initial and the full last name.