Revision 24-3; Effective Sept. 1, 2024
Federal Tax Information (FTI) includes tax returns or return information received directly from the Internal Revenue Service (IRS) or obtained through an authorized secondary source, such as the Social Security Administration. Staff must protect digital and non-digital media containing FTI from unauthorized inspection and disclosure. Digital media includes computers, mobile devices and removable storage, such as CDs, DVDs and external hard drives. Non-digital media includes a paper form, report and log.
HHSC limits FTI access to staff whose duties require access. HHSC agency and non-agency staff access FTI physically and through the Automated System for Office of Inspector General (ASOIG). Staff must handle FTI using the following policies to ensure information does not become misplaced, stolen or made available to unauthorized personnel.
HHSC Income Eligibility Verification System (IEVS) staff must retain electronic IEVS worksheets for five years. Staff may log and destroy any printed IEVS module records using IRS safeguarding requirements once they are no longer needed because the electronic records are available and kept in ASOIG for the applicable retention period.
The following forms must be kept for five years from the date of the last entry on the form:
- Form H1861, Federal Tax Information Record Keeping and Destruction Log;
- Form H1862, Federal Tax Information Transmittal Memorandum;
- Form H1863, Federal Tax Information Removal Log;
- Form H1864, Federal Tax Information Fax Transmittal; and
- Form H1866, Federal Tax Information Visitor Access Log.
C-2310 IRS FTI Security and Awareness Training
Revision 24-3; Effective Sept. 1, 2024
HHSC and non-HHSC staff who access or may potentially encounter FTI must take and pass the annual Safeguarding IRS Federal Tax Information training to receive and maintain their access permissions to ASOIG. HHSC staff access the training course under System Training Solutions (STS) in the Centralized Accounting and Payroll/Personnel System (CAPPS). Non-HHSC staff may contact the HHSC IRS Coordinator by email at the HHSC AES Federal Tax Info Training Mailbox to get a copy of the training.
HHSC developed the Safeguarding IRS Federal Tax Information training with role-based job aids as an agency resource for security and privacy awareness. HHSC updates this training on an annual basis to reflect any system and policy changes and address audit findings.
HHSC staff submit a confirmation of understanding in STS once the Safeguarding IRS Federal Tax Information training is complete. The confirmation acknowledges staff completed a thorough review of the web-based training and job aids in the resources tab relevant to their professional role. Additionally, it confirms understanding of incident reporting requirements. STS maintains a record of completion for each employee. Non-HHSC staff must review a PDF version of the training, sign Form H4096, Safeguarding Information Certification, and submit the form to their management. The form confirms completion and understanding of the material within the training, as well as the penalties involved for any unauthorized inspection and disclosure of FTI. Non-HHSC management must maintain a copy of the Form H4096 in the employee’s file.
HHSC staff must also complete the HHS Information Security/Cybersecurity Awareness Training and the HHS Privacy Training within 30 days from their hire date and before accessing ASOIG. These trainings are available in STS in CAPPS.