 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
HMIS FAQ'sFrequently Asked Questions HMIS—WHAT IT IS AND WHAT IT DOES What is the HMIS? CLIENT DATA STEWARDSHIP: SERVICE, SECURITY AND CONFIDENTIALITY Who controls the data that clients give my agency to be put into the HMIS? HARDWARE ISSUES AND COSTS TO PARTICIPATE What does the HMIS cost to use? HMIS—WHAT IT IS AND WHAT IT DOES What is the HMIS? South Dakota Homeless Management Information System ( SDHMIS ) is a web-based data collection application designed to capture client-level information over time on the characteristics and service needs of homeless persons. The main purpose of SDHMIS is to collect information about the people that participating homeless providers serve in order to better define the problem of homelessness in South Dakota, and thus to help end homelessness. Many different types of agencies can input data into the SDHMIS at the same time and share the data, to the extent allowed by each agency, with each other. SDHMIS is meant to eventually serve all counties of the state of South Dakota . How can the HMIS help my agency? SDHMIS can help your efforts to assist homeless and low-income people on a number of different levels. SDHMIS functions as a client intake system that can eliminate most paper client records, allowing you to spend more time on direct services to clients. Once a client's information has been entered into the SDHMIS , other service providers that participate in the system and have agreed to confidentiality contracts can view that client's information on-line, unless you have opted for special confidentiality status for your agency that would further limit the information shared. In most cases there is no need to duplicate intake work because the information is already available on-line SDHMIS can also create reports on your agency's use of its resources, as well as specialized reports required by many funding agencies, including HUD's Annual Reports. With a few keystrokes you can create a report that might otherwise have take days or weeks to write. All such reports can be customized to your needs. The more agencies contributing client data to SDHMIS , the better the picture of actual homelessness SDHMIS can present, in a clear, factual and statistical way. SDHMIS can also identify unmet needs in the area of homeless services. When this factual picture of homelessness emerges, it will be used to positively influence state and local public policy towards increasing funding for homeless providers, with the ultimate goal of ending homelessness in the State of South Dakota . Who May Use the HMIS? Any public or private agency in the State of South Dakota that provides shelter or housing to homeless persons, or that provides services to homeless persons or to people at risk of homelessness, may participate in SDHMIS . These include but are not limited to:
SDHMIS participants may be of any size and make-up. We welcome any agency or organization that provides these kinds of services, regardless of whether the agency is a local church-based operation that serves one community or part of a network of agencies that serves many counties. The more homeless services of all kinds that are on line, the better SDHMIS will serve South Dakota 's need. Who pays for HMIS? The South Dakota Housing Development Authority on behalf of the SD Housing for the Homeless Consortium applied through the US Department of Housing and Urban Development (HUD) Continuum of Care grant and was recently awarded funding for South Dakota 's HMIS. Implementation funds through this grant will be made available to the agencies that are required to participate in the system. Scholarships will be made available, funds permitting, for other agencies that currently do not receive HUD funding, went to participate, but do not have the resources to pay for the system themselves. Who runs the HMIS? South Dakota Housing Development Authority (SDHDA) on behalf of the SD Housing for the Homeless Consortium will be the Administrator of SDHMIS . SDHDA formed an HMIS Committee to help oversee and make decisions about the basic structure of SDHMIS . The Committee is engaged in providing homeless services. What kind of training will be provided to teach my agency how to use the HMIS? Training is provided by SDHMIS project and system administrators. SDHMIS personnel will conduct an initial orientation session either on site or at a location convenient to multiple providers in one area. SDHMIS personnel follow this up with a one-on-one training to go over any changes needed before full implementation. After the initial training, any new users will be trained by the Super User of that Agency. If there is a new Super User, SDHMIS personnel will train that individual. Technical support is available during normal business hours from SDHDA and Simplicity Computer Solutions via a toll-free telephone number. How does HMIS fit with HIPAA (Health Insurance Portability and Accountability Act)? The SDHMIS Committee has worked to ensure that SDHMIS meets all HIPAA requirements. Generally, the confidentiality measures built into this database and the procedures the Committee has established already far exceed those required by HIPAA. Participating agencies need to be familiar with any requirement they must meet under HIPAA; when such an agency wishes to begin using SDHMIS , the agreement between SDHMIS and the agency will specify that HIPAA requirements are being met by the agency. If clients refuse to participate, would there be a penalty on the provider? No. The decision of whether or not to provide one's personal information to SDHMIS is entirely up to the individual client and no agency will be allowed or encouraged to coerce clients into providing their information. SDHMIS hopes to gain the confidence of all users and clients in the integrity and usefulness and thereby have as high a level of participation as possible; there is no basis to penalize anyone if a client does not want to participate. Client Data Stewardship: Service, Security and Confidentiality Who controls the data that clients give my agency to be put into the HMIS? Contrary to what one might assume about a large centralized data system like the HMIS, SDHMIS does not ‘take control' of people's information when it is entered into the database. With regard to the personal, identifying information that clients give, quite the opposite is true. Under the rules set by the HMIS Committee, clients control their own information. All clients have the right to give and revoke permission to use their personal data in SDHMIS at any time. The Partner Agencies that receive information from their clients have a contractual responsibility with SDHMIS to protect the confidentiality of client information; to give client information to anyone outside the HMIS only with the client's written and specific permission; and to use the client's information in the most effective manner possible to provide needed services and shelter. Aside from individual client information, there is a second type of information that resides in SDHMIS . All data put into the system also contributes to an aggregate picture of homelessness in the state; this aggregate data omits personal information while pooling demographic information received from clients. The Central Server will be located in an undisclosed secure location with professional IT Staff in charge of the protection of the server. The SDHMIS staff designated as administrator of the server will have a contract with agencies which would require this staff also to maintain the confidentiality of client information received. What information is collected by the HMIS? The general types of information that are accommodated by SDHMIS include:
For a review of HUD's required standards for SDHMIS click here. What if a client doesn't want to allow their information to be put in HMIS? A Client's personal information may not be added to SDHMIS unless the client signs a Client Consent form authorizing the use of their information. This consent can be revoked at any time. A client is not disqualified from receiving assistance merely because he or she chooses not to sign the consent form. SDHMIS cannot, and would not, require clients to provide their personal information in order to receive services. When a client revokes his or her consent to have their information added to SDHMIS , all existing information about that client is rendered invisible to all users of the database, including the agency that originally entered the information. The information collected up to the point of revocation remains a part of SDHMIS for purposes of contributing to the aggregate data collected for reporting on homelessness services, and employees of SDHMIS , in the normal course of their database maintenance duties, could still view that client's data. As stated above, SDHMIS staff is contractually bound to maintain the security and confidentiality of all client data. Who will have access to my agency's data? The only people that have access to client data, besides the administrators of the server are clients themselves and the agencies enrolled in SDHMIS . Clients may of course see their own information at any time if they request to do so, but they may not see other clients' data. As for agencies, client data is shared among them in two different ways. Some agencies may designate themselves as “blind” agencies if they have special confidentiality needs. Those agencies typically include domestic violence shelters and any agency covered by HIPPA. If an agency opts to be blind, it means only that agency can see the data it enters into the HMIS; other agencies simply do not have access to it and don't know it's even present. “Non-blind” agencies—those that have normal confidentiality needs such as general population shelters—enter client data that can be seen and shared by all other agencies enrolled in SDHMIS . This information sharing is one of the major benefits of the HMIS, because it allows participating agencies better planning for their services based on knowing how many clients are in their area. It also helps clients because it saves them from having to provide their personal information repeatedly at every agency from which they seek assistance. Is my agency's client information 100% secure from theft and misuse while in the HMIS? Any shared database has point of potential vulnerability. SDHMIS has striven to ensure that security controls are in place wherever possible. The following section discusses the various points of access to the system and how security is maintained at each one. Individual Users. Experience across the country has shown that the most vulnerable parts of any data system are users who do not follow the protocols of security and confidentiality. SDHMIS requires all system users to sign a User Agreement that outlines our requirements regarding the handling and protection of client data by the User. These requirements include, among many other things, shielding HMIS screens from casual view by the public, secure storage of any HMIS printouts, and taking precautions to keep passwords secret. Those who cannot or will not comply with our established security protocols will be subject to the disciplinary procedures in place with the HMIS Committee and at the agency that employs them. Naturally, this is something we want to avoid, and we readily make assistance available to help Users and Agencies comply with best practices. Partner Agencies . As with individual Users, SDHMIS Partner Agencies must sign an agreement before enrolling in the system that contractually obligates the agency to maintain security and confidentiality protocols described in the agreement, including ensuring that all its Users are aware of the need for information security and how to maintain it. Any agency that defaults on the agreement by experiencing a documented security breech will have its access to SDHMIS suspended until it receives technical assistance from SDHDA that will prevent such future lapses. Repeated lapses may result in termination from the HMIS database. In addition, the Partner Agencies (and their Users) are subject to HMIS audit procedures, which can be initiated by any HMIS Client, the System Administrator or the Program Administrator. Audits retrieve records stored by the HMIS showing which system users have accessed and/or changed which client records. This is a feature required by HUD for all homelessness data management systems that helps agencies investigate allegations of misuse of the system and breaches of security. The Software and Hardware (Simplicity Computer Solutions). As described above, the SDHMIS allows an agency with special confidentiality needs to block all their client data from the view of all other agencies sharing the HMIS database. Thus, agencies can choose the level of security they feel is required for their clients. From a software aspect, this feature provides 100% security for those clients of “blind” agencies. The HMIS Committee believes that it has made every reasonable effort to ensure the security of the data put into the HMIS database. Can it be said to be 100% foolproof? Taken as a whole to include the element of human fallibility, no, it cannot. SDHMIS has made and will continue to make very clear to agencies and users alike how vital client confidentiality and data security are, so we believe that the chance of a breach of data security is extremely small. Controls will be implemented to ensure that new staff will have been trained and signed the proper confidentiality agreements before using the system. What policies and procedures are in place to address requests for HMIS data from outside agencies or persons? SDHMIS anticipates two types of request for data from agencies and persons outside the HMIS and its partner agencies: requests for aggregate data reports, and requests or legal demands for client-level identifying data. In responding to such requests, the HMIS Committee and its representatives attempt to balance the need for public information about homelessness, the need to guard against a misuse of such information, and SDHDA's own legal obligations and responsibilities. SDHMIS is set up to produce many standardized reports that can be run by individual agencies on their own activities. The partner agencies are free to produce and distribute such reports as they see fit. Other standardized reports pertain to activity within the HMIS as a whole, and SDHDA, as Program Administrator, reserves the right to distribute such reports as it deems appropriate. A request from a partner agency for a non-standard report, for example, on covering the activities of many agencies in a given region, is subject to review and approval: All such request are reviewed by the SDHMIS Project Administrator; Non-routine requests for aggregate information would be submitted by the Project Administrator to the HMIS Committee for discussion and approval; and Requests that elicit special concerns are submitted to the HMIS Committee for consideration. If the information request poses liability issues for SDHDA as a whole, the request would be submitted directly to SDHDA's Executive Director for consideration. Are entries to and inquiries in the system tracked in the event that a confidentiality breach needs to be investigated? Yes, SDHMIS' software maintains a complete record of the use of the database by all users based on their password and user identity. As long as password security is maintained by your agency, SDHMIS can accurately track who is using the system, what inquiries they are making, and what information is being input into the system by which user. The HMIS Committee is creating a formation process whereby any SDHMIS partner agency or staff member may request an audit to track suspected abuse of the system. HARDWARE ISSUES AND COSTS TO PARTICIPATE What does the HMIS cost to use? We are working on producing our prices. My agency receives HUD funding; are we required to participate in the HMIS? Yes. HUD has made participation in SDHMIS a condition of receiving McKinney-Vento funding. McKinney-Vento funds include Shelter Plus Care, Supportive Housing Program, and the Emergency Shelter Grant Program. The “Homeless Management Information Systems (HMIS); Data and Technical Standards Final Notice” published by HUD on July 30, 2004, states: 1.5 Other HMIS Provisions 1.4.1. Participation Requirement for Providers Receiving HUD McKinney-Vento Act Funding Given the benefits of an HMIS for providing accurate estimates of the homeless population and its needs and improving housing and service provision at the local level, all recipients of HUD McKinney-Vento Act program funds are expected to participate in HMIS. The HUD McKinney-Vento Act programs include ESG, SHP, S+C, and Section 8 Moderate Rehabilitation for SRO. Many agencies in South Dakota that receive McKinney-Vento funds are domestic violence shelters and since confidentiality is the cornerstone for the programs they run, HUD has made exceptions in the way that domestic violence shelters participate in HMIS, as described in HUD's Clarification and Additional Guidance for Domestic Violence Provider Shelters. Any homelessness services agency, regardless of its funding sources, may participate in the HMIS. What kind of computer does my agency have to provide to get on-line with HMIS? Agencies participating in the HMIS need to have a Pentium II-class machine and a modem (Internet) connection of at least 28k. What if my agency is so small that it can't afford a computer? The HMIS Committee has set up a Scholarship Program, while funds last, to help agencies that want to participate in the program, but lack finances for new equipment and/or license fees. For more information on the Scholarship Program contact Lisa Bondy. For more information on how to get involved, contact: Housing for the Homeless Consortium
|