Prepared by Abt Associates for the U.S. Department of Housing and Urban Development Homeless Management Information Systems (HMIS) Data and Technical Standards:

Slides:



Advertisements
Similar presentations
Presents: The Blue Ridge H M I S.
Advertisements

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Introduction to Homeless Management Information Systems (HMIS)
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
HMIS Data & Technical Standards: Privacy Requirements & Compliance
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Health Insurance Portability and Accountability Act (HIPAA)
HMIS Homeless Management Information System. MISSION To provide standardized and timely information to improve access to housing and services, and strengthen.
2015 Point In Time Count: Broward County CoC Plan to End Homelessness
Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.
Who Must Comply? When is a patient authorization NOT required?  As needed for the protection of federal and state elective constitutional officers and.
Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.
HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.
Supportive Services for Veteran Families (SSVF) Data
Informed Consent and HIPAA Tim Noe Coordinating Center.
Supportive Services for Veteran Families (SSVF) Data HMIS Beyond Data Collection Updated 9/14.
1 Disclosures © HIPAA Pros 2002 All rights reserved.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.
Health Insurance Portability and Accountability Act (HIPAA)
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Human Subjects Update E. Wethington, Chair, UCHS.
CONFIDENTIALITY. Three Confidentiality Laws 1.FERPA-Family Education Rights and Privacy Act (State Policy 4350: Procedures for the Collection, Maintenance.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
Violence Against Women Act of 2005: Impact on Federal Housing April 11, 2006 Naomi Stern National Law Center on Homelessness & Poverty
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Recordkeeping Requirements
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
Norm Suchar Director, Office of Special Needs Assistance Programs
Health Insurance Portability and Accountability Act of 1996
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA Administrative Simplification
HIPAA Pros - Disclosures
Disability Services Agencies Briefing On HIPAA
Employee Privacy and Privacy of Employee Information
Client Privacy and Client Security
Enforcement and Policy Challenges in Health Information Privacy
The Health Insurance Portability and Accountability Act
HUD’s Coordinated Entry Data & Management Guide
Presentation transcript:

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development Homeless Management Information Systems (HMIS) Data and Technical Standards: Complying with the Privacy Requirements in the Final Notice

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 2 HMIS Data and Technical Standards Training This is training module 3 of a 4 part series addressing the following components of the Final HMIS Data and Technical Standards – Training 1: Overview – Training 2: Participation and Data Collection Requirements – Training 3: Privacy Standards – Training 4: Security and Technical Standards Other training modules are available at

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 3 Companion Training Materials This training module features an accompanying set of training materials that includes: – Overview of the Privacy Standards – Baseline Model Privacy Notice for Homeless Organizations – Sample Community Documents Privacy Posting from the Iowa HMIS Sample Privacy Notice from Rhode Island HMIS Sample Consent Protocol from Chicago’s Enterprise Case Management HMIS Excerpts from Lake County, IL Consent Protocol on Confidentiality and Informed Consent

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 4 Overview Privacy and Applicability of the Privacy Standards HMIS, HIPAA, and Other Applicable Laws Postings and Privacy Policies 7 Steps for Developing a Privacy Notice HMIS Consent Models Funding and Consent Summary

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 5 Defining Privacy Privacy refers to the safeguarding of protected personal information in the HMIS from open view, sharing or inappropriate use Protected Personal Information (PPI) is any information that might identify a specific individual or that might be manipulated or linked with other information to identify a specific individual

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 6 Privacy Standards Framework Defines two tiers of privacy: required baseline standards and additional recommended protocols; Outlines the policy solutions and technical safeguards necessary to protect client data; and Describes how HMIS requirements relate to federal, state and local laws.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 7 Applicability of Privacy Standards Applies to all Covered Homeless Organizations (CHO) that record, use, or process Protected Personal Information (PPI) for an HMIS including: – Continuum of Care (CoC) – Homeless service provider – HMIS host or administrator, etc. Employees, volunteers, affiliates, contractors, and associates are covered by the privacy standards of the CHOs they deal with; and Privacy standards apply to all CHOs- regardless of funding source- who use the HMIS. Handout: Overview of Privacy Standards

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 8 HMIS and HIPAA Health Insurance Portability and Accountability Act (HIPAA) privacy rules take precedence over HMIS Privacy Standards HIPAA covered entities are required to meet HIPAA baseline privacy requirements not HMIS Most CHOs are not covered by HIPAA: To learn more go to

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 9 HMIS and Other Privacy Laws CHOs must comply with more stringent federal, state and local confidentiality laws; and If a conflict exists between state law and the HMIS an official legal opinion on the matter should be prepared by the state’s Attorney General and submitted to HUD’s General Counsel for Review.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 10 HMIS and Domestic Violence Shelters In January 2006, the Violence Against Women Act (VAWA) Reauthorization of 2005 became law. VAWA contains provisions that amend the McKinney- Vento Homeless Assistance Act relating to the disclosure of data to HMIS by domestic violence providers. This legislation can be found at bin/bdquery/z?d109:h3402: bin/bdquery/z?d109:h3402: HUD is analyzing the legislation to determine the most appropriate instructions and advice to convey to communities and domestic violence programs

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 11 Questions? Are you aware of any state law that requires additional provisions for confidentiality? Has your community undertaken a legal assessment of existing state laws where a conflict may exist? What has been your experience?

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 12 Privacy Postings Every CHO must post the following information at each intake desk or comparable location: – General explanation of reasons for collecting information; and – Privacy policy/notice is available upon request. Handout: Sample Privacy Posting from Iowa HMIS

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 13 Privacy Policy & Consent A CHO must adopt a privacy policy consistent with CoC privacy protocols. – If a CHO has a website it can post its privacy notice there. Once a CHO adopts its privacy policy - it may infer client consent from the protocols and practices described in the policy.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 14 7 Steps to Develop a Baseline Privacy Notice Step 1: What the Notice Covers Step 2: How and Why Personal Information is Collected Step 3: Uses and Disclosures of Personal Information Step 4: Inspection and Correction of Personal Information Step 5: Quality of Data Step 6: Complaints and Accountability Step 7: History of Changes Handout: Baseline Privacy Notice

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development What the notice covers Name and address of CHO; Description of programs covered by the notice; Definition of personal protected information (PPI); Purpose of the notice; Amendment policy; and Right to receive a copy of the notice.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development How and Why Personal Information is Collected Purpose(s) of capturing personal information; Lawful and fair means to collect personal information; Consent protocol; Sources of client information; and Reasons for asking for information—posted sign at intake desk.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development Uses and Disclosures of Personal Information Describe uses and disclosures that may be used including: – To provide or coordinate services; – Payment or reimbursement for services; – Carry out administrative functions; – Create de-identified (anonymous) data; – When required by law; and – To avert a serious threat to health or safety.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development Uses and disclosures (cont.) Describe uses and disclosures that may be used including: – To report abuse, neglect, or domestic violence to a governmental authority; – For academic research purposes; – For law enforcement purposes; and – All other uses and disclosures will require consent.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development Inspection/Correction of Personal Information The Privacy Notice should also include: – Procedure for inspection, access to a copy, or correction by a client with an explanation; – Protocol for requesting correction; and – Protocol for denial or request to correct.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development Data Quality Information is used for the purpose for which it is collected. Seek to maintain only personal information that is accurate, complete, and timely. Policy for disposal and/or removal of identifiers after 7 years of non-use. Policy for maintenance of information if required by statute, regulation, contract or other requirements.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development Complaints and Accountability Describe complaint procedure for questions or concerns about privacy and security policies. Signed receipt of compliance with privacy notice by all staff including employees, volunteers, affiliates, contractors, and associates.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development History of Change A version control system should be used and summarized. Example: – Version 1.0 Sept 10, First adopted. – Version 1.1 Oct 21, Added Accountability to Access and Correction. – Version 1.2 Nov 23, Clarified compliant procedure.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 23 Additional Privacy Considerations Each baseline requirement has additional privacy protections that can be implemented and should be included in the privacy notice. Additional protections may include: – Amendment procedures; – Provision of notice; – Collection purpose; – Uses and Disclosures; and – Access/Correction procedures.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 24 HMIS Consent Models Inferred Consent: – Baseline Requirement; and – Client’s consent to release information is inferred from the privacy posting. Implied/Informed Consent: – Verbal or physical consent is required. Written Consent: – Client must sign a release of information (ROI).

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 25 Levels of Consent Consent to use data within an agency for program or agency operations. Consent to share personal identifying information for de- duplication purposes across the CoC. Consent to share additional information across programs to coordinate case management and service delivery.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 26 HMIS Consent Examples Chicago: – Inferred consent to share personal identifiers with an opt- out to share additional information. Michigan: – Inferred consent/ written consent for those at risk. Lake County, IL: – Informed consent at agency and written consent for data sharing.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 27 Inferred Consent with Opt-out: Chicago A notice informs clients of how personal information is used and disclosed. – Personal identifiers are disclosed to central server and typically shared with other providers for unduplication purposes. The notice offers clients the ability to opt-out of some disclosures to other agencies. – Clients can request that personal identifiers NOT be shared; and – Clients are asked affirmatively to consent to additional information sharing for case management purposes. Handout: Sample Consent Protocol from Chicago’s Enterprise Case Management HMIS

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 28 Informed Consent with Risk Assessment: Michigan All clients receive oral explanation and copy of privacy notice- consent is inferred for data entry into HMIS. Every client is screened using a risk assessment tool to assess risk for data sharing for: – Clients with friends or family who may have access to HMIS records; and – Domestic Violence Victims. Handout: Risk Assessment Paper

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 29 Informed Consent with Risk Assessment: Michigan (continued) When risk is assessed to be high, the client is informed of options to participate and asked to consent to: – Entering data into HMIS; – Sharing identifiers with other providers; and – Sharing data more broadly with other providers for case management.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 30 Written Consent: Lake County, IL Informed consent for entering personal information into HMIS. Sharing of personal information between agencies requires written consent of client (or legal guardian). Sharing information on prior residence, income, health, criminal record or social services records requires a separate signed release of information. Handout: Excerpts from Lake County, IL Consent Protocol on Confidentiality and Informed Consent

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 31 Funding and Consent Funder data collection, record keeping, and reporting requirements often affect the scope of client consent. HUD funded programs can infer consent from a client to participate in HMIS with appropriate baseline privacy protections in place (i.e. posted sign, privacy notice, etc.). Other funding sources may have similar programmatic requirements.

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 32 Summary Must also comply with other federal, state, and local confidentiality law Must comply with limits to data collection (relevant, appropriate, lawful, specified in privacy notice) Must have written privacy policy and post on web site (if applicable) Must post sign at intake or comparable location with general reasons for collection and reference to privacy policy May infer consent for uses in the posted sign and written privacy policy

Prepared by Abt Associates for the U.S. Department of Housing and Urban Development 33 Additional Resources Final Notice: – HMIS Related Info: – –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.