TX HHS Form 0020. External Entity Information Security Risk Exception Request

The Texas Health and Human Services (HHS) Form 0020, External Entity Information Security Risk Exception Request, is a confidential document used by legal entities with contracts to identify security requirements that cannot be remediated. This form allows HHS to evaluate the reason for noncompliance, proposed compensating controls, and decide on appropriate actions to protect HHS data.

The form consists of three sections: External Entity Information, Noncompliance Description, and Risk Exception Request. In Section A, entities provide their point of contact information, including name, email address, phone number, and contract number. Section B requires a detailed description of the noncompliant security control and the reason for noncompliance. Section C requests an explanation of why the entity cannot implement the security control requirements and proposed actions to reduce the risk.

This form is essential for entities with contracts to report noncompliances and propose compensating controls to mitigate risks posed by noncompliance. By submitting this request, entities demonstrate their commitment to protecting HHS data while also highlighting areas where additional support or guidance may be necessary. The Texas Health and Human Services (HHS) issues this form as a critical tool for ensuring the security and integrity of sensitive information.