HMIS Baseline and Additional Privacy Standards Key terms used Covered Homeless Organization (CHO) – any organization (employees, volunteers, and contractors) that records, uses or processes Protected Personal Information Protected Personal Information (PPI) – any information about a homeless client that (1) identifies a specific individual, (2) can be manipulated so that identification is possible, (3) can be linked with other available information to identify a specific individual Privacy Requirements Data Collection Limitations

Data Quality

Purpose and Use Limitations

Baseline Requirement A CHO may collect PPI only when appropriate to the purpose for which the information is obtained or when required by law A CHO must collect PPI by lawful and fair means and where appropriate, with the knowledge or consent of the individual A CHO must post a sign at each intake desk (or comparable location) that explains generally the reasons for collecting this information PPI collected by a CHO must be relevant to the purpose for which it is used. PPI should be accurate, complete, and timely A CHO must develop and implement a plan to dispose of, or, alternatively, to remove identifiers from, PPI that is not in use seven years after the PPI was created or last changed (unless a statutory, regulatory, contractual, or other requirement mandates longer retention)

Additional Restricting collection of personal data, other than required by HMIS data elements

A CHO must specify in its privacy notice the purposes for which it collects PPI and must describe all uses and disclosures

Seeking either oral or written consent for some or all processing when individual consent for use, disclosure or other form of processing is appropriate Agreeing with additional restrictions on use or disclosure of an individual’s PPI at the request of the individual if the request is reasonable. The CHO is bound by the agreement, except if inconsistent with legal requirements

A CHO may disclose or use PPI only if the use or disclosure is allowed by this standard and is described in its privacy notice. May infer consent for all uses and disclosures specified in the notice and for uses and disclosures determined by the CHO to be compatible with those specified in the notice Except for first party access to information and any required disclosures for oversight of compliance with HMIS privacy and security standards, all uses and disclosures are permissive and not mandatory. Uses and disclosures not specified in the privacy notice can be made only with the consent of the individual or when required by law

2008 HMIS Training: HMIS 101 - U.S. Department of Housing and Urban Development

Collecting PPI only with the express knowledge or consent of the individual (unless required by law) Obtaining oral or written consent from the individual for the collection of personal information from the individual or a third party None defined Quality (accurate, complete, timely) not defined

Limiting uses and disclosures to those specified in its privacy notice and to other uses and disclosures that are necessary for those specified

Page 9

HMIS Baseline and Additional Privacy Standards Privacy Requirements Purpose and Use Limitations (continued…)

Baseline Requirement

Openness

A CHO must publish a privacy notice describing its policies and practices for the processing of PPI and provide a copy of its privacy notice to any individual upon request A CHO must post a sign stating the availability of its privacy notice to any individual who requests a copy A CHO must state in its privacy notice that the policy may be amended at any time and that amendments may affect information obtained by the CHO before the date of the change. An amendment to the privacy notice regarding use or disclosure will be effective with respect to information processed before the amendment, unless otherwise stated

2008 HMIS Training: HMIS 101 - U.S. Department of Housing and Urban Development

Additional Committing that PPI may not be disclosed directly or indirectly to any government agency (including a contractor or grantee of an agency) for inclusion in any national homeless database that contains personal protected information unless required by statute Committing to maintain an audit trail containing the date, purpose and recipient of some or all disclosures of PPI Committing to make audit trails of disclosures available to the homeless individual Limiting disclosures of PPI to the minimum necessary to accomplish the purpose of the disclosure Making a reasonable effort to offer a copy of the privacy notice to each client at or around the time of data collection or at another appropriate time Giving a copy of its privacy notice to each client on or about the time of first data collection. If the first contact is over the telephone, the privacy notice may be provided at the first in-person contact (or by mail, if requested) Adopting a policy for changing its privacy notice that includes advance notice of the change, consideration of public comments, and prospective application of changes

Page 10

HMIS Baseline and Additional Privacy Standards Privacy Requirements Access and Correction

Baseline Requirement A CHO must allow an individual to inspect and to have a copy of any PPI about the individual

A CHO must offer to explain any information that the individual may not understand A CHO must consider any request by an individual for correction of inaccurate or incomplete PPI pertaining to the individual. A CHO is not required to remove any information but may, alternatively, mark information as inaccurate or incomplete and supplement it with additional information

Additional A CHO should reserve the ability to rely on the following reasons for denying requests: information compiled in reasonable anticipation of litigation or comparable proceedings, information about another individual (other than a health care or homeless provider), information obtained under a promise of confidentiality (other than a promise from a health care or homeless provider), if disclosure would reveal the source of the information, or if the disclosure of information would be reasonably likely to endanger the life or physical safety of an individual Accepting an appeal of a denial of access or correction by adopting its own appeal procedure and describing the procedure in its privacy notice Limiting the grounds for denial of access by not stating a recognized basis for denial in its privacy notice

Allowing an individual whose request for correction has been denied to add to the individual’s information concise statement of disagreement. A CHO may agree to disclose the statement of disagreement whenever it discloses the disputed PPI to another person. These procedures must be described in the CHO’s privacy notice Providing to an individual a written explanation of the reason for a denial of an individual’s request for access or correction

2008 HMIS Training: HMIS 101 - U.S. Department of Housing and Urban Development

Page 11

HMIS Baseline and Additional Privacy Standards Privacy Requirements Accountability

Baseline Requirement A CHO must establish a procedure for accepting and considering questions or complaints about its privacy and security policies and practices

Additional Requiring each member of its staff (including employees, volunteers, affiliates, contractors, and associates) to undergo (annually or otherwise) formal training in privacy requirements

A CHO must require each member of its staff (including employees, volunteers, affiliates, contractors, and associates) to sign (annually or otherwise) a confidentiality agreement that acknowledges receipt of a copy of the privacy notice and that pledges to comply with the privacy notice

Establishing a method, such as an internal audit, for regularly reviewing compliance with its privacy policy

Establishing an internal and external appeal process for hearing an appeal of a privacy complaint or an appeal of a denial of access or correction rights Designating a chief privacy officer to supervise implementation of the CHO’s privacy standards

2008 HMIS Training: HMIS 101 - U.S. Department of Housing and Urban Development

Page 12

CONFIDENTIALITY AND THE MAINE HOMELESS MANAGEMENT INFORMATION SYSTEM (HMIS) By requesting and accepting services from this program, you are giving consent for us to enter your personal information into the MAINE HMIS. The collection and use of your personal information by us is guided by strict standards of confidentiality as outlined in our privacy policy. A copy of our privacy policy is available upon request for your review. We will not use or disclose your information without your consent, except when required by our funders, by law, or for administrative uses. We may also may provide data, with your identifying information such as social security number and name removed, for appropriate research purposes. If you have questions about our confidentiality policies please ask. DRAFT 11/10/2008

It seems communities can exercise considerable flexibility, including inferred consent, with respect to data purpose and use as long as those limitations are included in their privacy notice. From experience, I've worked in communities that allow agencies to opt for informed consent when a higher standard can better satisfy program objectives: a.

Inferred (baseline): The agency must post a visible HMIS Consumer Notice and HMIS Privacy Policy in the reception area and at each intake station.

b.

Informed Written: The client may sign a release of information (ROI) form stored on location.

c.

Informed Verbal: The client may give oral permission to Agency personnel with written documentation of consent by witness.

Daniel Gore HMIS Administrator Westchester County, NY

Implied consent, as I understand it, applies to collecting and storing the data. In order to share data, a client would still have to sign a release of information form to allow that. We chose to do it in this manner (separately), so that data sharing (or lack thereof) didn’t affect what was able to be recorded.

Regards,

Daniel Fox | Economic Development Analyst 2 & PA HMIS System Administrator PA Department of Community & Economic Development Center for Community Financing, Technical Support & Program Development Division Commonwealth Keystone Building

HMIS Privacy & Implied Consent Examples.pdf

Requiring each member of its staff (including. employees, volunteers, affiliates, contractors, and. associates) to undergo (annually or otherwise). formal training ...
Download PDF
339KB Sizes 0 Downloads 260 Views
Report

Recommend Documents

HMIS Privacy & Implied Consent Examples.pdf
Protected Personal Information. Protected Personal ... with HMIS privacy and security standards, all uses ... A CHO must post a sign stating the availability of.
HMIS Privacy Policy 2013-06-01.pdf
The current regulation provides protection for. paper, oral, and electronic information. 3. The Agency will abide specifically by Maryland Confidentiality of Medical ...
HMIS Client Consent Form 2014-02-06.pdf
their data management tool to collect information on the clients they serve and the services they provide. This system benefits you because you will not have to ...
HMIS Privacy Policy 2013-01-02.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. HMIS Privacy ...
BCDP Street Map (HMIS).pdf
BCDP Street Map (HMIS).pdf. BCDP Street Map (HMIS).pdf. Open. Extract. Open with. Sign In. Details. Comments. General Info. Type. Dimensions. Size. Duration. Location. Modified. Created. Opened by me. Sharing. Description. Download Permission. Main m
Cheap privacy filter 14 inch Laptop Privacy Screens Anti Privacy ...
Cheap privacy filter 14 inch Laptop Privacy Screens A ... Monitor 31.0df17.4cm Privacy Anti-Spy Screen 16-9.pdf. Cheap privacy filter 14 inch Laptop Privacy ...
CONSENT FORM.pdf
global software development. organizations. 9. SPIIMM could help an on. organization to understand weak. and strong areas of process. improvement. 10.
Fickle consent - Springer Link
Tom Dougherty. Published online: 10 November 2013. Ó Springer Science+Business Media Dordrecht 2013. Abstract Why is consent revocable? In other words, why must we respect someone's present dissent at the expense of her past consent? This essay argu
Parental Consent Form - GitHub
Best,. Team #FlawlessHacks. Child's Name. Parent's Name. Email. Phone Number. Emergency Contact Details. Same as above. Name. Email. Phone Number.
HUD HMIS Fact Sheet.pdf
HMIS can help HUD and Congress understand: how many people are homeless in the United States; .... HUD HMIS Fact Sheet.pdf. HUD HMIS Fact Sheet.pdf.
Disasters Implied by Equity Index Options - LSE
value options as well as equity, and compare these option prices to those of an estimated ...... The line labeled “disasters” incorporates the jump component. The difference ...... in option prices, Journal of Business 51, 621–651. Broadie, Mar
Implied Correlations in CDO Tranches
default probability for each name CreditRisk+ produces tails which are fat enough to meet market tranche losses. Additionally, we find that, similar to the correlation skew in the large pool model, ... man Academic Exchange Service (DAAD). ∗ Corres
Disasters Implied by Equity Index Options - LSE
analytical tools used in the paper, that is, cumulant-generating functions, en- tropy, and their connection to the pricing kernel. Section II illustrates the tools.
Consent Form 1
The photos may go on our new website (yet to be launched) or our Facebook page. They may also appear on any marketing material such as leaflets and advertisements. I/we. Pll LL6 Chr2 issued CCT - - - - - - - - - - - - - - - - - - - -the parent(s)/gua
Parent-Consent Form.pdf
Page 1. Parent-Consent Form.pdf. Parent-Consent Form.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying Parent-Consent Form.pdf. Page 1 of 1.
HMIS Governance Model 2013-09-18.pdf
community data quality standards. Page 3 of 3. HMIS Governance Model 2013-09-18.pdf. HMIS Governance Model 2013-09-18.pdf. Open. Extract. Open with.
SAT consent form.pdf
Page 1 of 1. Page 1 of 1. SAT consent form.pdf. SAT consent form.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying SAT consent form.pdf. Page 1 of ...
Email Consent Form.pdf
Loading… Whoops! There was a problem loading more pages. Whoops! There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Email Consent Form.pdf. Email Consent For
Drug Consent Form.pdf
Drug Consent Form.pdf. Drug Consent Form.pdf. Open. Extract. Open with. Sign In. Details. Comments. General Info. Type. Dimensions. Size. Duration. Location.
Parent Consent Form.pdf
Sign in. Loading… Whoops! There was a problem loading more pages. Retrying... Whoops! There was a problem previewing this document. Retrying.
Fickle Consent Phil Studies - PhilPapers
my aim is to call attention to a puzzling and neglected question and hopefully to ... consent can ever justify treating him or her in a particular way. See, for .... Philosophy Conference voted 27 - 10 in favour of it being permissible for the sailor
Detecting Implied Scenarios from Execution Traces
that access shared business components. ... UserControllerImpl, which is shared by login, logout ... MyPetStore, namely login, logout, prepare shopping,.
pdf-1426\edgefield-county-marriages-1769-1880-implied-in ...
... the apps below to open or edit this item. pdf-1426\edgefield-county-marriages-1769-1880-implie ... d-county-sc-probate-records-by-barbara-r-langdon.pdf.