Security and Privacy Controls Questionnaire (SPCQ)

What is the SPCQ?

This is a questionnaire that serves to outline your Organization/Agency's baseline security and privacy controls as they relate to the Intergovernmental/ Data Agreement (IGA/DSA) contractual requirements to access the Illinois Department of Human Services (IDHS) and Healthcare and Family Services (HFS)data, documents and electronic media.

  • The baseline control questions are in accordance with the Federal and State laws, policies and audit compliance regarding how IDHS/HFS provides security and privacy of our client's data and personal information.

Purpose of the SPCQ

  • The state is aligning with federal security requirements since the Integrated Eligibility System (IES) accesses the federal data hub and we receive federal funds to operate our programs.
  • DHS and HFS are working to protect our client's Personally Identifiable Information (PII) and Protected Health Information (PHI), the SPCQ allows our Security Office to assess the security and privacy protocols your agency exercises in protecting DHS/HFS information.
  • Your computer/IT system will interact with the State's system, any vulnerabilities in your system, could increase the risk to DHS/HFS client data.
  • With the launch of Phase 2 of IES, protection of information becomes especially important. In short, IDHS/HFS must adhere to federal standards pertaining to how agencies use and secure data from this system. This assessment allows them to determine if your agency is in compliance with those standards. An APPROVAL on your SPCQ means that your agency adequately protects IDHS/HFS data.  APPROVALS directly from our DHS or HFS Security Officer are a requirement for IES access. 

Annual Requirement

This Questionnaire will be an Annual Requirement of the IGA/DSA. You will be given a copy of the final, approved SPCQ to maintain for your records. Each year, you will complete the form and re-submit for approval. You may use the previous years report as a template, however you must report any changes that occur year to year.

Assistance

This slide deck will give you an overview of security requirements that agencies must comply with in order to access the Integrated Eligibility System. It will also offer guidance in completing the SPCQ.

Security and Privacy Controls Review (pdf)

SPCQ Job Aid (pdf)