Presentation is loading. Please wait.

Presentation is loading. Please wait.

HMIS Privacy and Security

Published byRosamond Miller Modified over 7 years ago

Similar presentations

Presentation on theme: "HMIS Privacy and Security"— Presentation transcript:

1 HMIS Privacy and Security
prepared by COHHIO June 2017 Updated July 2017

2 Introduction Purpose of training
Inform users of current HMIS Privacy and Security Policy Prepare users for Security Quiz Review standards for annual retesting

3 HMIS Background HUD – HMIS from concept to implementation
Data Collection was already being done agency by agency in dBase, Excel, Access, homegrown systems Standardize Data Collection Rules Enforce Uniform Security Methods Reduce Client Duplication

4 HMIS Background Data Standards 2003 HMIS Data Standards
2004 VAWA Amendment 2009 DSA VAWA Decision 2010 HMIS Data Standards 2014 HMIS Data Standards 2015 Critical Updates 2016 Critical Updates 2017 HMIS Data Standards

5 Ohio Balance of State Policy and Procedures Manual
Reiterate HUD Standards and also clarify COHHIO and DSA specific rules Data Quality Standards Manual Identify Reporting and Performance requirements of HMIS Program Data

6 Client Data Protection
Personally Identifying Information Name, DOB, SSN, Race, Ethnicity, Gender Additional Collected Data Homeless Assessment; Income, Benefits, Services Informed Consent Client preference Ability to refuse data collection

7 Client PII Why do we collect Name/DOB/SSN How PII is used/shared
To uniquely identify client and reduce duplicates How PII is used/shared PII data is only used for deduplication and coordination of services Who has access Case Managers, DSA Housing Staff, COHHIO HMIS Staff, Bowman Systems tech support staff

8 Data Collection Rules Posted Notice HMIS Data Privacy Notice & Consent
Required in a visible place at client intake HMIS Data Privacy Notice & Consent Inferred consent only acceptable for SSVF and RHY clients Client can still refuse to provide data This may make client ineligible for certain services in certain programs

9 Data Collection Rules (cont’d)
HMIS Release of Information Client can still refuse to have certain information input into HMIS This may make client ineligible for certain services in certain programs

10 Informed Consent Consent to data collection AND Release of Information
When both of these documents are signed, information is shared throughout the HMIS The exception is HOPWA and RHY clients Consent to data collection ONLY When only this document is signed, client record must be locked Client refuses to sign either form Data is entered anonymously SSVF and RHY clients DO NOT have the choice to be entered anonymously. Anonymous really means unnamed. Enter all PII as client refused except DOB- enter year designating client as adult or child and put partial DOB reported.

11 Higher quality PDF image available separately

12 Don’t Know/Refused Don’t Know Refused
All clients can respond Don’t Know if they can’t answer the question. Refused All clients can refuse to answer specific data elements. Refusal may impact eligibility for certain programs Don’t know/refused data is considered missing for the purposes of state and federal reporting

13 Protecting Client PII Handling client files
Always keep secured from unauthorized eyes Handling client data via /fax/phone Fax of client PII may be appropriate between some agencies ing of client PII is not appropriate Discussing client PII may be appropriate between certain agencies Computer Access Computer Access needs to be private or supervised during Data Entry Login Access Login Access must be secured for only HMIS authorized users

14 Protecting Client PII No account sharing
Login access between authorized users should never occur No client information leaving the building via contractors, visitors No information or data about clients being served should ever be taken out of the agency and shared in the community without client consent Notify COHHIO when users leave or stop working with HMIS COHHIO must be notified when an HMIS user leaves and agency or ceases to work with HMIS. Access must be terminated immediately

15 Computer / Network Security
Mandatory Firewall Anti-virus software No password saving/ no auto-login Optional Use Firefox or Chrome browser Anti-malware software

16 Computer Security Do not write down password to HMIS
On monitor, under keyboard, in desk drawer Computer in a publicly visible area (area must be monitored by Supervisor if used for HMIS) Ideally a computer should be private and not be visible by passing foot traffic If not, data entry must be done while area is supervised

17 Computer Security Web browser must not remember password or automatically log user into ServicePoint Do not use Wallet or Password Robot software Browser should stop at login to await user input

18 Computer Security Logout when walking away from desk
Lock desktop with password protected screen- saver

19 Security Breach Protocol
Can be viewed in full at id=54 Most common are sharing username & password and ing PII Account will be inactivated until Security Breach Quiz is passed and Security Breach Acknowledgement Form submitted

20 Questions

Download ppt "HMIS Privacy and Security"

Similar presentations

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Ohio Balance of State Continuum of Care Introduction to the 2014 HUD Data Standards July 17, 2014.

Ohio Balance of State Continuum of Care Introduction to the 2014 HUD Data Standards July 17, 2014.
Genelle Denzin, Matt Dicks, Rhonda Taylor from Coalition on Homelessness and Housing in Ohio.

Genelle Denzin, Matt Dicks, Rhonda Taylor from Coalition on Homelessness and Housing in Ohio.
CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.

CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.
HMIS Homeless Management Information System. MISSION To provide standardized and timely information to improve access to housing and services, and strengthen.

HMIS Homeless Management Information System. MISSION To provide standardized and timely information to improve access to housing and services, and strengthen.
1 EqualityCare LT101 On-Line Inquiry Benefit Specialist Training.

1 EqualityCare LT101 On-Line Inquiry Benefit Specialist Training.
Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.

Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.
HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.

HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.
Supportive Services for Veteran Families (SSVF) Data HMIS Beyond Data Collection Updated 9/14.

Supportive Services for Veteran Families (SSVF) Data HMIS Beyond Data Collection Updated 9/14.
Electronic EDI e-EDI. The EDI has been in use since 1999 using a paper-based system and computerized spreadsheets to collect and manage EDI data. Over.

Electronic EDI e-EDI. The EDI has been in use since 1999 using a paper-based system and computerized spreadsheets to collect and manage EDI data. Over.
HIPAA Privacy & Security EVMS Health Services 2004 Training.

HIPAA Privacy & Security EVMS Health Services 2004 Training.
CSP Annual Security Training Miranda Gregory, CSP Analyst Carroll County Department of Citizen Services.

CSP Annual Security Training Miranda Gregory, CSP Analyst Carroll County Department of Citizen Services.
DIRECT CERTIFICATION Patricia Winders Director’s Conference July 29, 2015.

DIRECT CERTIFICATION Patricia Winders Director’s Conference July 29, 2015.
BHSD Service Tracking and Reporting Basic System Functions

BHSD Service Tracking and Reporting Basic System Functions
Copyright © 2008 Rockwell Automation, Inc. All rights reserved. Rockwell Automation Knowledgebase Notification Signup PSAs, Product Notices, etc.

Copyright © 2008 Rockwell Automation, Inc. All rights reserved. Rockwell Automation Knowledgebase Notification Signup PSAs, Product Notices, etc.
Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.

Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.
Use of U.T. Austin Property Computers: Security & Acceptable Use The University of Texas at Austin General Compliance Training Program.

Use of U.T. Austin Property Computers: Security & Acceptable Use The University of Texas at Austin General Compliance Training Program.
HPRP Reporting Training For Quarterly Reporting Nov. 20 th 2009 1wilderresearch.org.

HPRP Reporting Training For Quarterly Reporting Nov. 20 th wilderresearch.org.
A New Way to Work For the New Century. As a result of several years’ work by you and your co-workers, we have...

A New Way to Work For the New Century. As a result of several years’ work by you and your co-workers, we have...
Supportive Services for Veteran Families (SSVF) Data Data Collection & Reporting Basics.

Supportive Services for Veteran Families (SSVF) Data Data Collection & Reporting Basics.

Similar presentations

Ads by Google