Page 11 - Privacy_Program
P. 11
DP101.7.a • Determining eligibility for programs or services;
DP101.7.b • Determining amount of assistance;
DP101.7.c • Determining the amount and type of services needed;
DP101.7.d • Administering government or other program funds;
DP101.7.e • Operating and reporting on government or other program;
DP101.7.f • Conducting audits of programs and services;
DP101.7.g • Maintaining licensing and accreditation;
DP101.7.h • Enabling employees working in the same program or working with the
same participant to do their jobs; or
DP101.7.i • Conducting investigations of programs and their participants
All Employees with DP101.8 Disclosure for Judicial and Administrative Proceedings. Staff cannot disclose
Access to PRPI Privacy Restricted Participant Data for judicial or administrative proceedings
without a determination by a judicial or administrative tribunal that the data
can be disclosed and a protective order issued by the judicial or administrative
tribunal, if one is required. All requests in this area must be reviewed by the
Director of Information Technology, Privacy and Data Security.
All Employees with DP101.9 Provide Rights to Participant’s With Respect to Their Data. Participants have
Access to PRPI the right to:
DP101.9.a • Know why their data is being requested and how it will be used
DP101.9.b • know whether GESMN has data regarding them and whether that data
is classified as Public, Private (Privacy‐Restricted under GESMN’s Data
Classification) or Confidential (Info they are not allowed to see about
themselves such as investigations, abuse reports, etc.)
DP101.9.c • Access Public or Private Data about them. Access must be provided
immediately if possible but not later than 10 business days after the
request.
DP101.9.d • Contest the accuracy or completeness of their Private Data and appeal an
adverse determination
DP101.9.e • File a complaint of a MGDPA violation
DP101.9.f • Receive notice of a security breach with respect to Private or Confidential
Data to extent required by Minn. Stat. § 13.055 (breach must be with
respect to unauthorized acquisition of data maintained by or for a State
Agency that compromises the security and classification of the data). All
suspected security breaches must be reported immediately to the
Director of Information Technology, Privacy and Data Security for
investigation. SEE DP281.A – SECURITY INCIDENT RESPONSE PLAN
All Employees with DP101.10 Additional details regarding participant rights to access their public and private
Access to PRPI information summarized in 9.a. through 9.f. above are found in DP‐170A –
SECURE ACCESS TO PARTICIPANT RECORDS regarding participant access to their
data.
GES CONFIDENTIAL 11
