Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 FFY2011 EAP Annual Training Section 5 (of 6) Presented at FFY2011 EAP Annual Training August 11 & 12, 2010 Section 5 contents: Chapter 13 Incidents Semcac.

Similar presentations

Presentation on theme: "1 FFY2011 EAP Annual Training Section 5 (of 6) Presented at FFY2011 EAP Annual Training August 11 & 12, 2010 Section 5 contents: Chapter 13 Incidents Semcac."— Presentation transcript:

1 1 FFY2011 EAP Annual Training Section 5 (of 6) Presented at FFY2011 EAP Annual Training August 11 & 12, 2010 Section 5 contents: Chapter 13 Incidents Semcac Flood CAPSH Flood Chapter 14 Data Practices & Records Security R. Gooley Change Password in eHEAT Chapter 15 Communication & Information Various Reports

2 Chapter Contents Appeals Errors and Fraud Recovery of EAP Benefit Overpayment Due to Error or Fraud Disaster and Emergency Planning Combines Fraud & Error chapter Chapter 13 Incidents

3 No changes to the handling of incidents We have clarified the processes in the manual Highlighting some of the procedures to use Incidents have gone through the ICF evolution Controls to protect program and individuals These can be difficult situations We are your partners and are here to help you Chapter 13 Incidents Handling Incidents – What to know

4 An incident is anything that happens outside of normal expected EAP operations. Incidents can be one of several things: error, fraud, complaints, vendor goes out of business, etc. When discovered fill out an incident report, provide enough facts to paint the picture for us Email the report to EAP.mail and copy to monitors DOC staff reviews incident reports every Monday at our staff meeting, unless expedience is required Chapter 13 Incidents Handling Incidents – What to know (Continued)

5 After its reported to state continue your investigation as appropriate DOC may respond with clarifying questions or direction on next steps depending on where we are in the process Take it one step at a time Dont think solution first – something unusual has happened: dont assume fraud or error when it could be either, get the facts As you investigate, collect facts & document them specifically. Date, time, talked to, they reported, etc. In general, EAP coordinator and appropriate SP supervisors should be involved EAP and other SP staff should be on a need to know basis Chapter 13 Incidents Handling Incidents – What to know (Continued)

6 Overpayment Due to Household Error or Fraud Pages 7 & 8 When Household error or fraud results in overpayment of EAP benefits use the following procedure: Document the facts of the situation. For delivered fuel vendors; recall any EAP credit on the customer account up to the amount overpaid. For connected energy vendors; recall the entire amount of the overpayment. The result may be an amount due on the households vendor account. For direct payment to households; recall the entire amount of the overpayment. Chapter 13 Incidents

7 Overpayment Due to Household Error or Fraud Page 7 & 8 Write to the client to: Notify them Request repayment of excess funds not recovered Clarify the households rights and responsibilities Offer to meet with them Try to agree on a repayment schedule as needed Allow installment payments If the household and you can agree on a reasonable timetable, include this in your repayment request to the household Chapter 13 Incidents

8 Overpayment Due to Household Error Page 7 & 8 In the case of household error (not fraud), if repayment by the household poses a hardship for the household, the Service Provider must: Terminate recovery procedures when: The household declares and describes the hardship in writing. Signs and dates their statement. Place their letter in the households file. Chapter 13 Incidents

9 Fraud In cases when it is determined that fraud has occurred procedures outlined in the manual for investigating, documenting and ultimately escalating should be followed. SP staff are encouraged to consult with their attorney DOC will advise and assist as appropriate Chapter 13 Incidents

10 Disasters – the worst incidences Disasters can and do happen This is why we ask you to include disaster plans in your local plan So you can think about disasters before they happen Susie Thompson from Semcac Scott Zemke from CAPSH lessons learned I wish I knew then what I know now…. Chapter 13 Incidents

11 Disasters Sharing Susie Thompson from Semcac Chapter 13 Incidents





16 MHFA Quick Start Loan –263 loans were processed for housing rehab or replacement. –Loans to date total > $9 million. Disaster Recovery Efforts ~Housing~

17 GMHF Loan and Grant –54 loans (totaling > $270,000) and 15 grants have been processed for income-eligible households. Weatherization –Performed weatherization 9 homes. –Replaced furnaces/water heaters at 23 homes.

18 Disaster Recovery Efforts ~Agency Facilities~ Affected facilities –Main Building –4-plex –Senior Dinings equipment and supplies at the Tenborg Center –Semcac HousingRushford, Inc.s Rush Creek Apartments

19 Main Office Damage







26 Main Office Clean-up


28 Rushford/Winona Bus Route

29 Temporary Main Office



32 Disaster Recovery Efforts ~Agency Facilities~ Resources for recovery –Insuranceauto and partial property –Federal and State Aid applications (FEMA, SBA, MIF) –OEO, SMIF grant, Medtronic donation, Hunger Solutions (through OEO) other Community Action Agencies, WSU nursing students fundraiser, other contributions from businesses and individuals. Direct program disaster recovery aid for Head Start, EAP, Weatherization, and Transportation

33 We made it back to RushfordNever Give Up!

34 Disasters Sharing Scott Zemke from CAPSH Chapter 13 Incidents

35 35 CAPSH Office Flood 2008 Building owner failed to shut off and bleed outdoor spigot. Pipe froze and burst overnight on MLK holiday. Found by building maintenance. 2 inches of standing water. Administrative functions of agency shut down for about two weeks

36 36







43 Results of Planning Server and computing capability remained All computer equipment raised up off of the floor at all times Other program staff able to work remotely from home or other partner facilities EAP largely unaffected Shut down for 2 days while walls/carpet dried (no reconstruction needed). No access to rest of office (admin support, copier, etc.). No application processing for 2 days.

44 Results of Planning Results of Planning (cont.) Did not need to implement full disaster plan that involves co-locating at a partner organization Would have been more time consuming to move files and equipment twice than simply wait for ability to return. Changed EAP VM to state the problem, asked for patience and provided our emergency phone number EAP staff checked VM and returned calls from home

45 Collection and Maintenance of Private Data Application Documentation Sharing EAP Private Data Chapter Contents Chapter 14 Data Practices and Records

46 Third Party Requests for Information Minnesota Statues (Minn. Stat.) §216C.266 says, Data on individuals collected, maintained, or created because an individual applies for benefits or services provided by the Energy Assistance and Weatherization programs is private data on individuals and must not be disseminated except pursuant to section 13.05, subdivisions 3 and 4 Information about a data subject may only be released to a third party if the data subject consents by submitting a signed Informed Consent to Release Private Data form Service Providers commonly deny verbal requests received from the Department of Revenue and attorneys working to garnish wages Pages 2 & 9-11 Chapter 14 Data Practices and Records

47 E-Mail Data Privacy To maintain data privacy on e-mails Use only household numbers for identification when possible Use secure e-mail practices when private household data is included Use secure e-mail practices to send New Vendor information containing Tax IDs and/or Social Security Numbers Remind vendors to use only household numbers when communication via e-mail about a customer Contact DOC for help if a vendor does not cooperate with data privacy requirements, as required by the vendor agreement Page 2 Chapter 14 Data Practices and Records

48 Social Security Number for LIHEAP and WAP Applications Social Security numbers (SSNs) are used in the administration of EAP and to assure that only eligible applicants and their household members receive allowable benefits Federal law allows States to require applicants to disclose their SSN to prevent, detect, and correct fraud and abuse. See Chapter 5 – Program Eligibility Requirements for details Safe at Home (SAH) Participant SSN A participants in the States Safe at Home (SAH) program is one exception to the policy requiring primary household applicants to provide a verifiable SSN for the household to be eligible for EAP services Providers should neither require nor request the SSN for SAH participants. Page 2 Chapter 14 Data Practices and Records

49 Responsibility for Data Privacy Individuals with access to private data must be aware of their responsibilities under the MGDPA A best practice is to document regular training on data practices to each staff with access to applications or household information The Minnesota Department of Administration Information Policy Analysis Division assists individuals and entities with Minnesotas Data Practices Act. Website Chapter 14 Data Practices and Records

50 Copies of any correspondence with the applicant not documented by eHEAT Documentation of research and responses to a question, complaint or appeal not maintained in eHEAT Pertinent program forms A signed signature page from the application (or, rarely, a copy) The application Documentation of income Income calculations not completed in eHEAT Case notes if they are not kept on eHEAT Pages 3 & 4 Documents that must be in the households hard copy file or easily identified and accessed electronic file include Chapter 14 Data Practices and Records

51 Sharing Private Data with Vendors EAP data provided to vendors is limited to information necessary to obtain vendor account and consumption information and allow vendors to apply EAP benefits to customer accounts The household data required is available to vendors through their access to eHEAT The information verifies the households EAP eligibility and the amount to apply to their or their landlords account To illustrate, EAP collects household data on income and household size, but the data is not required to apply EAP payments to customer accounts. Therefore, this data is not to be provided to the vendor With the exception that EAP allows vendor employees working with affordability programs to request additional EAP private data if the household has agreed to participate in an affordability program The vendor must obtain an Informed Consent for Release of Data form signed by the household before requesting EAP household data for any other use or program Page 6 Chapter 14 Data Practices and Records

52 Sharing Private Data for Delivery of ERR Services Sharing private data with Weatherization Assistance Program (WAP) staff and contractors providing ERR services for EAP households requires both EAP and WAP programs to be responsible for protecting private data ERR participants (Auditors, Inspectors, Heating Contractors and etc.) must be informed of data privacy requirements and provided with only the household data necessary to deliver services and do their jobs Both EAP and WAP eHEAT users export household data from eHEAT for specific business uses The eHEAT systems security is designed for the local eHEAT Administrator(s) to assign authorized users to perform only the tasks and processes necessary to deliver services and perform assigned duties. Pages 6 & 7 Chapter 14 Data Practices and Records

53 The Debtors Exemption Claim Notice Is a type of Informed Consent Form Minn. Stat. §13.05, Subd. 4 prescribes the content of the form and is consistent with the required content of the Informed Consent Request Form, as long as it is on the letterhead or otherwise names the third party recipient of the information Page 10 Chapter 14 Data Practices and Records

54 Have new users fill out agreement before access Make sure users have only the functions they need Disable users who no longer need access Managing eHEAT Security Agreements for Admin & Users Chapter 14 Data Practices and Records

55 Questionnaires & surveys used for referrals Keep them clearly separate from EAP Do not include with the Energy Programs Application Make sure the household knows the form and individual questions are optional Best Practices Ask households to check services/programs of interest Do not ask invasive questions that allow staff to recommend drug treatment, anger management, etc. Chapter 14 Data Practices and Records

56 56 Security talk and tactics Richard Gooley Chief Information Security Officer Minnesota Department of Commerce Presenter

57 Sec-UR-rity - You are at the center The only totally secure computer is offline There is no Set it and Forget it © in security 57

58 58 Today's Program Protecting Your Information Protecting Your Computer Staying Safe Online Passwords and Pass Phrases Technical Risk Assessment Free Stuff and Reference Material Stump the geek

59 Protecting Your Information What information are you protecting? –Social Security Number –Addresses –Children –Household income –Private financial information 59

60 Protecting Your Information Paper –Applications, Hand written notes, Memos, Printed emails Electronic data –PCs, Laptops –Hand held Devices, Phones, –Flash Drives, Dvds, CDs, Diskette, Tapes 60

61 Protecting Your Information What are you protecting the information from: –Unauthorized use –Modification –Destruction –Temporary or permanent loss 61

62 62 Protecting Your Computer

63 Who wants the information? –Hi-Tech cyber criminals –Worldwide Cyber crime 63

64 Protecting Your Computer 64

65 65 Protecting Your Computer Vulnerabilities - How They Attack –Vulnerabilities are flaws in computer software that create weaknesses in the overall security of the computer or network. Vulnerabilities can also be created by improper computer or security configurations. Threats exploit the weaknesses of vulnerabilities resulting in potential damage to the computer or personal data. –Used to be emails now its websites.

66 How can I tell if my computer is infected? Signs of infection –My computer is running extremely slowly –Applications won't start –I cannot connect to the Internet or it runs very slowly –When I connect to the Internet, all types of windows open or the browser displays pages I have not requested –Where have my files gone? –My antivirus has disappeared, my firewall is disabled –My computer is speaking a strange language –Programs have disappeared from my computer –My computer has gone mad... literally 66

67 Protecting Your Computer What can we do to protect your computer? –Number one Computer Security Risk Computers remain unpatched –Move to Windows 7 –Use a profile that isnt the Administrator 67

68 Protecting Your Computer What is a patch? –A patch is a piece of software designed to fix problems with, or update a computer program or its supporting data 68

69 Java and QuickTime 69

70 Java Click Start –Control Panel Java 70

71 Adobe Reader 71

72 Apple QuickTime Click Start –Control Panel QuickTime 72

73 Windows Update 73

74 74 Windows Update

75 Protecting Your Computer Microsoft Windows 7 or XP operating system? –Exploits using Windows XP as an attack vector will grow this year –Windows XP is nine years old and some patches will no longer be supported –Threat detections are down against Windows 7 75

76 Protecting Your Computer User Profiles –For everyday use have a profile that is a User or Power User Group. Instead of the default Administrators Group. Administrator is All Powerful… I can install programs. Power User Powerful… I can install a printer User… I can run applications 76

77 77 Staying Safe Online Spoofed emails – Email to me.. From me? Phishing – Nigerian email scams Spear Phishing- Your local bank wants you password

78 78 Staying Safe Online Spyware Typosquatter – – – –How many ways can you spell Netcorp registered 1,017 domain name variations on

79 79 Passwords: Longer is Stronger Examples of passwords –eX@mp13s – No longer a good password –What's my uncles phone number? wMUp#?6125356519 –Do you know my address? DUKma?45410akland

80 80 Pass Phrase: Longer is Stronger Pass Phrases – Long and complex –What's my uncles phone number? What's my uncl3s phon3 numb3r? 6513246519 –Do you know my address? D0 y0u kn0w my address? 45410akland

81 Risk Assessment What is a Risk Assessment? –A report that shows assets, vulnerabilities, likelihood of damage, estimates of the costs of recovery, summaries of possible defensive measures and their costs and estimated probable savings from better protection. 81

82 Risk Assessment Determine a risk assessment strategy that best suits the needs of your organization. A risk assessment is a useful tool. Non-profit has special needs to consider when devising a risk assessment. Know and address these needs to allow for a more accurate and detailed risk assessment. 82

83 83 Tools and Reference Material

84 84 Useful Tools Tools to wipe drives when disposing computer – – Free tools – – – Restore disks –http://www.restoredisks.com

85 85 Reference Resources - Information Sharing and Analysis Center - Disaster Recovery Journal - Family Emergency Preparations – Security Training, Certification and Research – Help Choosing Security Products – Microsoft Technical Information

86 86 Conclusion Security is a daily practice Patch your computer at work and home Thank you!

87 Password Reset Chapter 14 Data Practices and Records

88 All entered info must match what is in eHEAT Password Reset (Continued) Chapter 14 Data Practices and Records

89 Keep User Profile Current Chapter 14 Data Practices and Records

90 90 Chapter Structure Information and Reporting Federal Leveraging Incentive Fund DOC Communication Tools Service Provider Communication Requirements Chapter 15 Communication, Information & Reports

91 91 General Chapter Changes Chapter combines former Information & Reporting chapter with Communication information from the former Overview of Service Provider Admin Responsibility chapter Federal Leveraging chapter also part of this new chapter Chapter 15 Communication, Information & Reports

92 92 Specific Chapter Changes Due Date Change: FSR submission date is now the 5th of the month The due date for FSR submission was 5th of the month in WAP contract last year, so EAP FSR due date has been changed for DOC consistency. Chapter 15 Communication, Information & Reports Page 3

93 93 Specific Chapter Changes Addition: Service Provider staff members who provide back-up during a coordinators absence must know under what circumstances it is necessary to contact their Field Representative, or Chapter 15 Communication, Information & Reports Page 7

94 94 Specific Chapter Changes New Section Service Providers Other Reportable Conditions If SP becomes aware of the existence (or apparent existence) of fraud, waste, or abuse related to the organizations activities, grants or use of grant funds including non-DOC grants, it must report this information to DOC The purpose of this is to inform DOC of situations that may impact the SP general administrative capability Chapter 15 Communication, Information & Reports Page 8

95 95 Specific Chapter Changes Report Name Change Expenditure Detail Report is the new name for the Budget Summary Chapter 15 Communication, Information & Reports Appendix 15B

96 96 Related Changes Added "Leveraged Activities" to Advocacy Services reason list in A16 in eHEAT to help with tracking (thanks to suggestion from Gayle at Inter-County) Reminder that the Leveraging Report is coming up. Mailed September 24 Due to DOC October 22 Chapter 15 Communication, Information & Reports

97 97 Related Changes Increasing use of the DOC website for SP For forms & appendices that used to be attached to the Policy Manual Increasingly well direct you to the web to find documents, as we did with the Local Plan Check website first Chapter 15 Communication, Information & Reports

98 Crisis Benefit Report Agency Application Count Comparison SP Payments By County Household Additional Info Application Search Report Highlights/Review eHEAT Report Highlights/Review

99 Crisis Benefit Report Report Highlights/Review eHEAT Report Highlights/Review

100 Crisis Benefit Report Export includes fields not shown on screen Both mailing address and hh address included in export Vendor information is included if criteria is checked CRISISAWARDEDAMT and CRISISPAIDAMT field is for application and are the totals awarded and paid for application not event Report Highlights/Review eHEAT Report Highlights/Review

101 Agency Application Count Comparison Report Highlights/Review eHEAT Report Highlights/Review

102 Agency Application Count Comparison Counts of states at point in time Compares to previous years on the same date Data is live Report Highlights/Review eHEAT Report Highlights/Review

103 SP Payments By County Report Highlights/Review eHEAT Report Highlights/Review

104 SP Payments By County Can not span program years with dates Definitions of $ are on hover note Data is live Previous program data is available Report Highlights/Review eHEAT Report Highlights/Review

105 Household Additional Info Report Highlights/Review eHEAT Report Highlights/Review

106 Household Additional Info Allows access to letters to Denied households Includes Request Date and Processed Date Report Highlights/Review eHEAT Report Highlights/Review

107 Application Search ROFW added Both Addresses included in export Label Refund Process Address added to export Report Highlights/Review eHEAT Report Highlights/Review

Download ppt "1 FFY2011 EAP Annual Training Section 5 (of 6) Presented at FFY2011 EAP Annual Training August 11 & 12, 2010 Section 5 contents: Chapter 13 Incidents Semcac."

Similar presentations

Ads by Google