• The Impact of S.L. 2021-132 on the Confidentiality of Child Protective Services Information and Records

    Download PDF

    This post is also cross posted on our Coates Canon blog.

    As the 2021 Legislative Session continues, one new session law that addresses child welfare, S.L. 2021-132, has raised a number of questions for county department of social services (“DSS”) directors and attorneys. This new session law has many elements related to child welfare court proceedings, which my colleague Sara DePasquale will address in a separate blog post. This blog focuses solely on Section 1.(c) of S.L. 2021-132, which amends G.S. 7B-302 – a law that addresses confidentiality of child protective services (“CPS”) records. The amendment allows members of the North Carolina General Assembly to access confidential social services information and records in certain limited instances.

    What does Section 1.(c) of S.L. 2021-132 allow?

    The new law adds three new subsections to G.S. 7B-302, the statute that establishes the statutory baseline for protection of all information that DSS receives in connection with its child protective services work. As of October 1, 2021, G.S. 7B-302(a3) allows an individual member or a joint legislative oversight committee of the North Carolina General Assembly to request access to certain CPS information and records, except where prohibited by federal law (including state plan requirements within federal programs).

    What type of records can the General Assembly access through the new G.S. 7B-302(a3)?

    The new right to access applies to confidential information and records maintained pursuant to Article 3 of Chapter 7B of the General Statutes. The law clarifies that these may be records maintained either by the N.C. Department of Health and Human Services (“DHHS”) or a county DSS. Importantly, the law only requires disclosure of information received or created by an agency on or after October 1, 2021. In other words, there is no retroactive application of this law to past records.

    What types of information and records are “maintained pursuant to” Article 3 of Chapter 7B?

    • Any information or records protected by S. 7B-302(a1), which is all information received by DSS in a child protective case. The protection established by G.S. 7B-302(a1) applies as soon as DSS receives a report of suspected abuse, neglect, or dependency of a juvenile, or the death of a juvenile due to maltreatment.
    • Any information or records from the central registry maintained by DHHS of abuse, neglect, and dependency cases and child fatalities that are the result of alleged maltreatment. See S. 7B-311(a).
    • Any information or records from the “Responsible Individuals List” maintained by DHHS. See S. 7B-311(b). For more information on the purpose of the Responsible Individuals List, please see this blog post by Sara DePasquale.

    It’s important to keep in mind that this new right of access only applies to the CPS records and information described above. It does not apply to other types of social services information that are maintained and protected pursuant to G.S. 108A-80 (for example, records regarding public assistance programs or adult protective services records).

    Several categories of CPS information are specifically excluded from the General Assembly’s right of access:

    • The identity of a person who submits a protective services report; and
    • Juvenile court records as set forth in Article 29 and Article 30 of Subchapter III of Chapter 7B (G.S. 7B-2900 through G.S. 7B-3001).

    Records and information in these categories should not be shared or disclosed in response to a request from a member or committee of the General Assembly. As described above, records and information received or created by an agency before October 1, 2021 also must not be requested or disclosed.

    What is the procedure for a joint legislative oversight committee or a member of the General Assembly to obtain this information?

    An individual member of the General Assembly or a joint legislative oversight committee may make a request for information directly to DHHS or to the director of a county DSS. The request must be limited to “purposes necessary for oversight of programs related to child protective services.” The information or records shared with the General Assembly must be “the minimum necessary to satisfy the request.” In other words, the request for information must be narrowly tailored to seek only what is necessary for CPS program oversight, and the response must be similarly narrow in providing only what is necessary to fulfill the request.

    Though a request may be made directly to a county DSS, the new law establishes that DHHS will be involved in supporting and assisting a county DSS in fulfilling the request. Accordingly, DSS directors should consult with DHHS as soon as they receive a request under the new G.S. 7B-302(a3). Conversely, if a request is made directly to DHHS, the law requires that a county DSS must provide DHHS with all information and records (or copies of records) requested.

    If an individual member of the General Assembly makes the request, DHHS (in coordination with the county DSS director) will make the information and records available for inspection at the county DSS. If the request is made by a joint legislative oversight committee, DHHS will assist the county DSS director with sharing the confidential information and records with the committee in a closed session.

    Does the law include safeguards on the confidentiality of the records or information being provided to the General Assembly?

    Yes. The new law prohibits members of the General Assembly and joint legislative oversight committees from retaining copies, taking photographs, or creating electronic images of any part of the information and records shared by DSS or DHHS. Moreover, the law requires that all information and records shared must be withheld from public inspection and maintained in a confidential manner. Any violation of these confidentiality requirements will be punishable as a Class 1 misdemeanor.

    Do other North Carolina state laws limit the General Assembly’s right of access in any way?

    No. The new G.S. 7B-302(a3) specifically states that this right of access is “notwithstanding other applicable State law.” Accordingly, laws that might normally prevent disclosure of certain child welfare information, such as those found throughout Chapter 7B of the General Statutes and Chapter 70A of Title 10A of the North Carolina Administrative Code (“NCAC”), do not restrict DHHS or a county DSS from providing information as set forth in the new law. Presumably, this language should also be read to also override the requirements of other state confidentiality laws that are not specific to child welfare. For example, North Carolina law has confidentiality requirements for information from facilities that provide mental health, developmental disability, and substance abuse services (G.S. 122C-51 to -56; 10A NCAC Subchapter 26B) and for information identifying a person who has or may have a reportable communicable disease or condition (G.S. 130A-143). If such information was found within CPS records maintained by a county DSS, the county DSS would still be obligated to disclose it pursuant to this new law (unless otherwise prohibited from doing so by federal law).

    Does federal law limit the General Assembly’s right of access in any way?

    Yes. Importantly, the new G.S. 7B-302(a3) begins with the following phrase: “Except where prohibited by federal law, including state plan requirements within federal programs….” This language means that DHHS and county DSS directors are not required to disclose any information that they are prohibited from disclosing under federal law, including federally mandated requirements for state plans (i.e. the Child Abuse Prevention Treatment Act (CAPTA), Title IV-E of the Social Security Act (SSA), etc).

    What are some of the federal laws that might limit disclosure in certain circumstances?

    1. Some (though not all) county DSS agencies may be “covered entities” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). If a DSS is a HIPAA covered entity (or part of a hybrid entity in which DSS or CPS functions within DSS have been designated as a covered component), protected health information (as defined by 45 C.F.R. § 160.103) within the requested records should not be disclosed unless an exception to HIPAA applies. DSS directors should consult with legal counsel and DHHS to determine whether HIPAA may be applicable. 
    1. Substance Abuse Confidentiality Regulations (42 CFR Part 2). Federal law contains stringent restrictions governing the disclosure of information regarding individuals who receive alcohol or substance abuse prevention or treatment services from federally assisted programs. While a county DSS is typically not the entity directly administering these programs, it will still be bound by these federal laws with respect to information and records that it receives from such a program. See 42 U.S.C. § 290dd-2; 42 C.F.R. Part 2.
    1. Federal Requirements for State Plans. Each federally funded program for social services administered or provided by a county DSS has its own set of associated federal statutes and regulations protecting the confidentiality of information about individuals who receive services or assistance. In many cases, federal law establishes requirements for “state plans” that states must create and submit to the U.S. Department of Health and Human Services in order to receive specific types of federal funding. The federal funding that specifically ties to child welfare, and therefore applies to CPS information, is provided primarily through CAPTA and Title IV-B and IV-E of the Social Security Act. Noncompliance with state plan requirements could result in the loss of federal funding for the program(s) associated with the plan, which in this case would be Title IV-B and IV-E funding for child protective services.

    How might federal requirements for CAPTA and Title IV state plans allow or prohibit this type of disclosure to the General Assembly? 

    CAPTA. A state plan for CAPTA must include an assurance that the state is enforcing a state law or is operating a statewide program that includes methods to preserve the confidentiality of all records in order to protect the rights of the child and of the child’s parents or guardians. 42 U.S.C. § 5106a(b)(2)(B)(viii). The CAPTA requirements allow disclosures of confidential records to certain individuals and entities set forth in the federal regulations, including “entities or classes of individuals statutorily authorized by the State to receive such information pursuant to a legitimate State purpose.” 42 U.S.C. § 5106a(b)(2)(B)(viii)(VI). Since this disclosure to members of the General Assembly will now be authorized by state statute (G.S. 7B-302(a3)), it would likewise be permitted by CAPTA. 

    Title IV-B and Title IV-E of the SSA. Title IV-B governs funding streams that support child welfare related services and administrative functions. Title IV-E governs funding streams that support foster care and adoption assistance programs. Title IV-B and Title IV-E state plans must comply with the same confidentiality requirements (see 45 CFR § 1355.21). These requirements are found at 42 U.S.C. § 671(a)(8). Additionally, Title IV-B and Title IV-E plans must provide for compliance with the confidentiality regulations governing the Temporary Assistance for Needy Families Program (TANF, known in North Carolina as Work First), found at 45 CFR § 205.50 (see 45 CFR § 1355.21(b); 45 CFR 1355.30(p)(3)).

    Requirements Under 42 U.S.C. § 671(a)(8) – The State Plan:

    • Under this federal statute, a state plan must restrict the disclosure of information concerning individuals assisted through Title IV-B or Title IV-E funds. Specifically, the statute names five authorized “purposes” for such disclosures. There is only one “purpose” authorized under the statute that might arguably align with the program oversight purposes of the new North Carolina law (G.S. 7B-302(a3)). The purpose is for “any audit or similar activity conducted in connection with the administration of any such plan or program by any governmental agency which is authorized by law to conduct such audit or activity.” 42 U.S.C. § 671(a)(8)(D). It’s unclear that this exception would allow information sharing with the General Assembly as contemplated under the new law. First, the General Assembly’s inquiry is not necessarily “conducted in connection with” the administration of Title IV-B or Title IV-E plans or programs. In North Carolina, these programs and services are directly administered by local county social services agencies and supervised by DHHS. Though the legislative branch creates and shapes laws that impact social services agencies, it does not directly administer or supervise social services programs. Moreover, 42 U.S.C. § 671(a)(8)(D) refers to an audit by a “governmental agency.” An individual member of the General Assembly—or even a joint legislative oversight committee—is arguably not a governmental agency.
    • Notably, the language of 42 U.S.C. § 671(a)(8) goes on to say that the safeguards in a state plan must prohibit disclosure of any information which identifies any recipient of services by name or address to any committee or legislative body, unless the information is being disclosed to an agency conducting an “audit or similar activity” described above. See 42 U.S.C. § 671(a)(8)(E).

    Requirements Under 45 CFR § 205.50 – The State Plan:

    • Similar to the statute described above, the regulation at 45 CFR § 205.50 requires a state plan to safeguard disclosure of information concerning individuals assisted by Title IV-B or Title IV-E funds, and only names seven authorized purposes for such disclosures. The only “purpose” for disclosing information authorized under the statute that might arguably align with the program oversight purposes of the new North Carolina law is for “[any audit or similar activity, e.g., review of expenditure reports or financial review, conducted in connection with the administration of any such plan or program by any governmental entity which is authorized by law to conduct such audit or activity.” 45 CFR § 205.50(a)(1)(i)(E). As noted above, the General Assembly’s requests for information arguably are not conducted “in connection with the administration of any such plan or program,” as the legislative branch does not administer or supervise the provision of Title IV-B or Title IV-E services in North Carolina.
    • Additionally, unlike the statute described above, the regulation in 45 CFR § 205.50(a)(1)(i)(E) actually describes examples of what the phrase “audit or similar activity” means. Specifically, the regulation states that “an audit or similar activity” would include review of expenditure reports or financial review. That list of examples is not exhaustive, but it does suggest that the “audit” purpose contemplated in the regulation is in the nature of financial oversight. Moreover, there are extensive federal regulations describing the audit process for Title IV-B and Title IV-E programs (found in 45 CFR part 75). Reading these regulations in tandem with 45 CFR § 205.50 suggests that an “audit or similar activity” likely involves an auditor who is a public accountant or a Federal, state, local government audit organization, which meets the general standards specified for external auditors in generally accepted government auditing standards. See 45 CFR § 75.2. Moreover, the plain meaning of “audit” as defined by the Oxford English Dictionary relates to a financial examination or inspection of accounts.
    • Like the statute described above, 45 CFR § 205.50 explicitly prohibits disclosure of any information which identifies any recipient of Title IV-B or Title IV-E funded services by name or address to any federal, state, or local committee or legislative body, unless the information is being disclosed to a government entity conducting an “audit or similar activity” described above. See 45 CFR § 205.50(a)(1)(iii). Moreover, the regulations require that the same policies for safeguarding confidential information must be “applied to requests for information from a governmental authority…as from any other outside source.” See 45 CFR § 205.50(a)(2)(v).

    Both 42 U.S.C. § 671(a)(8) and 45 CFR § 205.50 include as permitted purposes for disclosures of confidential information: (1) the administration of the Title IV-B and Title IV-E state plans and programs, and (2) any investigation conducted in connection with the administration of any such plan or program. Again, since North Carolina has a county-administered and state supervised social services system, inquiries from the General Assembly as contemplated by the new G.S. 7B-302(a3) arguably do not fall within these categories. To the extent that any investigations are authorized as part of Title IV-B or Title IV-E program administration at the state level, the responsibility for such investigations falls to DHHS as the supervising state agency.

    Conclusion

    The federal requirements for Title IV-B and Title IV-E state plans arguably prohibit disclosures of information regarding individual CPS cases to members of the General Assembly. Reading the new state law with the federal laws and regulations raises several questions. When county DSS directors receive requests for information from legislators under the new G.S. 7B-302(a3), they should consult and coordinate with DHHS regarding how to respond to such requests.

^ Back to Top