A. PROGRAM SPECIFIC POLICIES AND PROCEDURES
The Provider will provide the services detailed in item 2 of this Program Manual and will agree to act in accordance with all state and federal statutes and administrative rules applicable to the provision of services pursuant to this Agreement, including use of the Management Information Systems.
i. Copies of applicable manuals are available upon request.
ii. Key State and Federal Statutes and Administrative Rules
a) Federal Rules
- 42 CFR 430 et seq.: Medicaid provisions of Title XIX of the Social Security Act
- 42 CFR 431.300 - 431.307: Medicaid provisions of Title XIX of the Social Security Act, specifically provisions regarding "Safeguarding Information on Applicants and Beneficiaries
- 45 CFR Part 96.70 - 96.75: Social Services Block Grant
- Federal Statutes
- 42 U.S. Code 5101 et seq.: Child Abuse Prevention and Treatment Act
b) State Rules
- Title 77 Illinois Administrative Code Part 630: Maternal and Child Health Services Code
c) State Statutes
- 325 ILCS 5: Abused and Neglected Child Reporting Act
- 405 ILCS 95: Perinatal Mental Health Disorders Prevention and Treatment Act
- 410 ILCS 212: Illinois Family Case Management Act
iii. Management Information System Acceptable Use or Business Services Agreement
- The purpose of this policy is to present the responsibilities of DHS-funded agencies for using Cornerstone. Cornerstone is required for delivering direct client services of the programs of the Bureau of Maternal and Child Health. Agencies contracted to provide these services must use Cornerstone to document performance and to provide the data outlined in the Contract Exhibits.
- The Agency must purchase and maintain a business class contract with an Internet Service Provider (ISP).
- Interruption of communication and/or connectivity must be reported within 24 hours to the agency's ISP and the Cornerstone Service Desk.
- Cornerstone User access must be approved and terminated by an appropriate section manager responsible for Cornerstone security management with the Cornerstone MIS/Section
- Security training is required before Cornerstone users are allowed access to the system and annually thereafter.
- Reasonable action, due care, and due diligence must be taken to prevent inappropriate use, disclosure, destruction or theft of Cornerstone-designated IT resources. Reasonable actions include but are not limited to prevention, detection and corrective measures such as encryption, anti-viral software and application of security patches.
- Disclosure of Cornerstone information is restricted only to authorized parties and, in a manner, consistent with the form of data classification.
- Cornerstone-designated IT resources must be for approved use only. Approved use is limited to authorized users, sanctioned Cornerstone business and job responsibility.
- Cornerstone-designated IT resources must use software and hardware authorized by the DHS-funded agency to which this agreement applies.
- Users are not authorized to run software that has not been approved by the DHS-funded agency to which this agreement applies.