Privacy and Security of HMIS

The importance of the integrity and security of HMIS cannot be overstated. Given this importance, HMIS must be administered and operated under high standards of data privacy and security. ICA and Partner Agencies are jointly responsible for ensuring that HMIS data processing capabilities, including the collection, maintenance, use, disclosure, transmission, and destruction of data comply with the HMIS privacy, security, and confidentiality policies and procedures.

Although most homeless services providers are not subject to the Health Insurance Portability and Accountability Act (HIPAA), HUD recognizes that the HIPAA privacy rule establishes a national baseline of privacy standards for most health information. The HIPAA privacy rule was used as a guide for developing the HMIS privacy standards; therefore, HMIS databases meet HIPAA regulations.

Each CoC is responsible for establishing an HMIS Privacy Policy that lays out the uses and disclosures of client-level information from HMIS. This Privacy Policy must be available to agencies, users, and clients, and should be reviewed to make updates and changes over time. Additionally, CoCs should monitor agencies in their compliance to that Privacy Policy during onsite monitoring visits.

 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles