The Annual Reading is a requirement for ALL staff. 

It is important that you complete this in a timely manner.

Sign and date the forms, and read the booklet and answer the questions during work hours. 

Due date: December 5, 2025 

to have access to sensitive data using computer-related media (e.g., printed reports, system inquiry, on- line updates, electronic copies or any photographic or magnetic media).
By my signature below, I acknowledge my understanding a security violation may result in criminal prosecution according to the provisions of Federal and State statutes and may also result in disciplinary action against me according to the department’s Standards of Conduct in the Employee Handbook. Also by signing below, I acknowledge that I have received, read, understand and agree to be bound by the following:

• I understand the Florida Computer Crimes Act, Chapter 815, Florida Statutes, prohibits individuals from willfully, knowingly, and without authorization from deleting important data, or accessing, disrupting, denying use, destroying, injuring, or introducing a virus/malware on a computer, computer system, or computer network, or modifying or destroying computer data, computer programs, or their supporting documentation. Violations are not acceptable and may be subject to discipline up to and including separation and/or criminal charges.
• I understand Chapter 119.0712, Florida Statutes, provides that all personal identifying information contained in records relating to an individual’s personal health or eligibility for health-related services held by the Department of Health is confidential.
• I understand Chapter 119.0712, Florida Statutes, provides that personal information contained in a motor vehicle record is confidential pursuant to the federal Driver’s Privacy Protection Act (DPPA) of 1994, 18 U.S.C. ss. 2721 et seq. Such information may be released only as authorized by that act.
• I understand that 45 CFR §155.260, Privacy and Security of Personally Identifiable Information, requires the DCF workforce to comply with all policies and procedures developed and implemented by DCF to protect the privacy and security of Personally Identifiable Information.
• I understand the penalty provisions of Sections 7431, 7213 and 7213A of the Internal Revenue Code, which provide civil and criminal penalties for unauthorized inspection or disclosure of Federal Tax Information.
• I understand that Internal Revenue Code 6103(l)(7) provides confidentiality for FTI accessed for work related to the Social Security Act, the Food Stamp Act of 1977, or USC Title 38 and disclosure of this information is a confidentiality violation.
• I understand that DCF operating procedure CFOP 50-2, Security of Data and Information Technology Resources, outlines the processes for securely connecting to the department's network and securely using departmental data and other information technology resources, including how to report a security event.
• I understand it is the policy of DCF that no contract employee shall have access to Internal Revenue Service tax information or Florida Department of Law Enforcement managed Criminal Justice Information Security policy covered data (https://www.fbi.gov/file-repository/cjis- security-policy-v5_5_20160601-2-1.pdf), unless approved in writing, by name and position to access specified information, as authorized by regulation and/or statute.
• I understand it is the policy of DCF that I do not disclose personal passwords.
• I understand it is the policy of DCF that I do not obtain Department information for my own use or another person’s personal use.
• I understand the viewing of employee or client data, even data that is not confidential or otherwise exempt from disclosure as a public record, without a business need constitutes misuse of access and is not acceptable and may be subject to discipline up to and including separation.
• I understand the Department of Children and Families will perform regular database queries to identify possible misuse of access.
• I will only access or view information or data for which I am authorized and have a legitimate business reason to see when performing my job duties. I shall maintain the integrity of all confidential and sensitive information accessed.

PRIVACY ACT STATEMENT: Disclosure of your social security number is voluntary, but must be provided in order to gain access to department systems. It is protected information pursuant to Section 282.318, Florida Statutes, the Security of Data and Information Technology Resources Act. The Department requests social security numbers to ensure secure access to data systems, prevent unauthorized access to confidential and sensitive information collected and stored by the Department, and provide a unique identifier in our systems.

Support to Individuals with a Disability

Attestation Form

 

To support effective communications or reasonable modification assistance for customers or companions with a disability, Department of Children and Families (DCF), every provider and subcontractor employee is required to know or be familiar with the following:

• Name, contact information, and role & responsibility for your DCF  Contracted Agency Single Point of Contact.
• Name, contact information, and role & responsibility for the DCF ADA/504 Coordinator
• Requirements of Section 504 of the Rehabilitation Act of 1973, 29 U.S.C.794, asimplemented by C.F.R. Part 84, the Americans with Disabilities Act of 1990 (ADA),
• 42 U.S.C. §§ 12131 - 12134. et seq., as amended by the ADA Amendments Act of 2008 (ADA Amendments Act) (Public Law 110–325, 122 Stat. 3553 (2008) at 28 CFR 35. (ADAAA)
• 42 U.S.C. §§ 12181 – 12189, as amended by the ADA Amendments Act of 2008 (ADA Amendments Act) (Public Law 110–325, 122 Stat. 3553 (2008) at 28 CFR 36. (ADAAA)
• DCF Operating Procedure (CFOP)60-16, METHODS OF ADMINISTRATION: FOR FEDERAL FINACIAL PARTICIPATION, Chapter 3, entitled “Plan for Reasonable Modifications and Auxiliary Aids and Services for Individuals with a Disability”

1. This Single Point of Contact’s responsibility is to:
   Ensure effective communications and/or reasonable modification assistance with all Customers or Companions in accordance with the ADA and/or Section 504.
2. Capture the information required in the Reasonable Modification Assessment and Auxiliary Aid/Service Record described in Appendix H within each Customer’s case record.
3. Summarize the records into a report and submit to the DCF Contract Manager who will forward to the appropriate DCF ADA/Section 504 Coordinator.
4. Ensure that information is provided to any agency to which a customer or Companion with a disability is referred, about the individual’s requested modification or auxiliary aid/service.
5. Designate a Single Point of Contact as each contractual agreement with DCF is renewed.

 

The ADA/504 Coordinator’s responsibility is to:

• Disseminate specific plans and procedures to fully implement the requirements of Section 504 and the ADA.
• Analyze data collection collected in the Reasonable Modification Assessment and Auxiliary Aid/Service Record and implement any corrective action plan, if warranted.
• Provide assistance during the interactive process to determine if a modification is reasonable.
• Answer questions and provide appropriate assistance regarding immediate access to and proper use of appropriate auxiliary aids/services.
• Identify, develop, and coordinate the distribution of qualified sign language and/or oral interpreters for the Program staff.
• Keep abreast of new technology and resources for ensuring effective communication with deaf and hard-of-hearing persons.
• Submit a report describing the method for capturing all information required in the Customer or Companion Reasonable Modification Assessment and Auxiliary Aid/Service Record.
• Communicate with each Single Point of Contact concerning services to Customers or Companions with a disability (Mobility, Communications, Modifications to access, deaf and hard-of-hearing, etc.).

 

SECTION I: COMPUTER EQUIPMENT

PASSWORDS:

• ALL passwords must be kept confidential.
• Staff must sign in to ALL software applications using only their assigned agency devices, accounts, and passwords.
• Staff must sign out of all software application sessions when not in use.
• Staff is responsible for activity under their account login.
• IT completes random inventories on ALL agency devices and reports prohibited activity to the appropriate manager and HR. IT will also submit an agency Incident Report.

SOFTWARE:

• All New Horizon's computers, including iPhones, iPads, tablets, laptops, etc., shall contain only agency standard software/apps.
• Requests for non-standard software/apps must be approved by the staff's supervisor/manager and the IT Director.
• Staff is prohibited from changing configuration settings on any agency electronic devices unless approved and assisted by IT Department.
• IT completes random inventories on all agency electronic devices.Unapproved software will be removed and reported to the appropriate manager and HR. IT will also submit an agency Incident Report.

HARDWARE:

• IT installs and maintains all New Horizons electronic computer equipment.
• Program managers must coordinate the relocation of computer equipment with the IT and Facilities Departments.
• IT performs random inventories on all agency hardware electronic devices. IT reports any damage to the agency's electronic computer to the appropriate manager and HR. IT will also submit an agency Incident Report.
• IT requires staff to sign an agency Hardware Agreement form for any agency electronic mobile devices assigned to them or borrowed.
• It is against Policy to attach any personal devices to agency equipment. Devices include but are not limited to monitors, printers, scanners, webcams, cameras, microphones, access points, etc.

DATA SECURITY:

• Staff must store documents (Excel, Word, PowerPoint, etc.) in the agency's cloud-based storage application, "Egnyte." IT cannot ensure the safety or security of documents saved on a local device. For assistance, managers should contact the IT Department.
• All portable media, i.e., USB drives, tablets, iPads, iPhones, and CDs used to transport documents with client PHI, must be protected with a password or encryption.
• Do not store data with unique identifiers, i.e., names, addresses, and social security numbers, on portable media. IT performs random inventories on all mobile equipment. If data with identifiers are found on media, IT will report their findings to the appropriate manager and HR. IT will also submit an agency Incident Report.
• Transferring personal files and documents to agency electronic computer equipment is prohibited.
• IT will not configure agency email accounts on personal devices, i.e., phones, tablets, iPads, laptops, etc.
• The use of personal electronic computer devices for work-related purposes is prohibited. This includes personal cell phones, tablets, laptops, etc.

SECTION II:

INTERNET USE:

• The Internet is an electronic telecommunications network that provides resources to all Internet users.
• Agency Internet use shall be consistent with New Horizons' mission, policies and procedures, and guidelines.
• Staff must regard agency Internet use as a shared resource and conduct themselves professionally, responsibly, ethically, and legally while using the network.
• Internet use for illegal, inappropriate, or obscene purposes or in support of such activities is prohibited. Illicit activities are a violation of local, state, and or federal laws.
• Improper use of the Internet or agency equipment is a violation of New Horizons policy and procedures.
• The rules and regulations for Internet use also apply to other agency data traffic across any network, such as electronic fax software, email, phones, texts, ASL interpreting, and Telehealth.

PASSWORDS:

•  ALL passwords, i.e., intranet access, email, cloud storage, and EMR software, MUST be kept confidential.
• Staff is responsible for activity under their agency-assigned account logins. ALL prohibited activity will be reported to the appropriate manager and the HR Department. An agency Incident Report will also be submitted.
• All communications via agency Internet are the property of New Horizons.

INTERNET ACTIVITY:

• All Internet use must comply with HIPAA Privacy/Security regulations (HHS 45 CFR) and DCF (CF-114).
• Staff MUST protect privacy information and client PHI information with a password or encryption on all outgoing emails.
• Unique identifiers, such as names, addresses, social security numbers, tax IDs, etc., must be password protected or encrypted.
• Personal Internet use, i.e., personal email accounts, chat rooms, dating services, Facebook, Instagram, Twitter, Snap Chat, YouTube, music or video streaming, games, downloading of any kind, and other non-business files and software are prohibited. Violations may result in disciplinary action up to and including termination.
• Personal Internet use for commercial purposes, advertisement, gambling, or political lobbying is prohibited.
• All Internet use shall adhere to the rules of copyright regarding software, information, and authorship.
• No guarantee is made for the privacy of any communication on the network. (Authorized administrators may access private correspondence and or files if a user is believed to have violated Policy.)
• The use of personal devices (i.e., tablets, cell phones, laptops, etc.) to access agency software applications (i.e., Electronic Medical Records, insurances, ASL Interpreting, Zoom, Telehealth, etc.) is prohibited. This Policy also applies to any website which may contain our client’s PHI information.
• New Horizons uses software to monitor the agency's internet traffic. IT reports ALL violations to the manager and HR and submits an agency Incident Report.

WIRELESS ACCESS (WI-FI):

• The agency Wi-Fi is for agency equipment use only. IT will not connect personal or non-agency devices to the agency's Wi-Fi.
• IT will not connect agency devices purchased without IT’s input or consultation.

SECTION III: TRAINING

All employees are required to complete the following at orientation and yearly thereafter.

• DCF HIPAA Training
• DCF Security Training
• DCF 114 Security Form

SECTION IV: LIMITATIONS ON USER’S RIGHTS

• The issuance of a password, or other means of access, ensures appropriate confidentiality of NHTC data and information. It does not guarantee privacy for personal or improper use of NHTC equipment or facilities.
• NHTC provides reasonable security against intrusion, viruses, and damage to agency data. However, NHTC is not responsible for unauthorized access by other users or loss due to power failure, fire, floods, etc.
• NHTC makes no warranties concerning Internet services. It expressly assumes no responsibilities for the content of any advice or information received by a user using NHTC computer systems or networks.

ACKNOWLEDGEMENT

By signing this form:

• I acknowledge that I have read, understand, and will abide by New Horizons' Computer Security, Safety & Compliance Policy.
• I acknowledge that should I commit any violation of this Policy, an agency Incident Report will be completed, and my access privileges may be revoked.
• I acknowledge that should I commit any violation of this Policy, it may result in disciplinary action, up to and including dismissal, and or appropriate legal action.