150 likes | 321 Views
Utah Homeless Management Information System Working together to end homelessness. Privacy, Ethics and Data Security. Understanding Privacy & Ethics when working with client information. What are the standards for collecting data Data Security Data Quality: Why it’s important. Content.
E N D
Utah Homeless Management Information System Working together to end homelessness Privacy, Ethics and Data Security
Understanding Privacy & Ethics when working with client information. • What are the standards for collecting data • Data Security • Data Quality: Why it’s important Content
Privacy • Defining Privacy: • Privacy refers to safeguarding of protected personal Information (PPI) in the HMIS from inappropriate use. • All information gathered and entered into the HMIS is considered PPI. • Allows identification of an individual directly or indirectly; • Can be manipulated by a reasonably foreseeable method to identify a specific individual; or • Can be linked with other available information to identify a specific individual. • Whenever this policy refers to personal information, it means PPI.
The agency will uphold relevant federal and state confidentiality regulations. • Agencies will abide by the UHMIS Privacy Policy. (Which can be found in the UHMIS SOP) • The agency will post a “Privacy Posting” in visible areas where clients are served. • The agency will review the clients privacy rights with the client verbally. Agencies Confidentiality/Privacy
Privacy Posting • A copy of this Posting can be found in the Utah HMIS Standard Operating Policies & Procedures (Appendix F: UHMIS Privacy Posting) • A copy of the Posting can also be found on the website at http://hmis.utah.gov/ • Found in the “Important Documents” section of the UHMIS Manual.
For Agencies subject to 42 CFR • The agency shall abide by federal confidentiality regulations as contained in the Code of Federal Regulations. • You can find a copy of this code at: http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&tpl=/ecfrbrowse/Title42/42tab_02.tpl 42 CFR
HIPAA vs. HMIS • HMIS gives precedence to the HIPAA privacy and security rules. • Why? • Because the HIPAA rules are more finely attuned to the requirements of the health care system • The HIPAA rules provide important and adequate privacy and security protections for protected health information. HIPAA
Consent to share personal identifying information (Name, gender, birth date, race, ethnicity, part of your social security number) for de-duplication purposes with the network of UHMIS participating agencies (statewide). • Consent to share additional information across programs to coordinate case management and service delivery. • This includes community collaborative projects (i.e. Shelter Plus Care, & other Permanent Supportive Housing Projects) Levels of Consent
Informed Consent Release Form: • Case Managers/Intake Workers are required to review and have client sign the “Informed Consent Release form”. • If client doesn’t sign, then their PPI and other information should not be entered into the system. • Privacy Posting: • This sign needs to be in a visible place where clients can easily see. Levels of Consent UHMIS CONSENT MODELS
Agency Code of Ethics • The Agency will uphold relevant federal and state confidentiality regulations and laws that protect Client records and the Agency shall only release client records with written consent by the client, unless otherwise provided for in the regulations. • The Agency will ensure that all staff, volunteers and other persons issued a User ID and password for the UHMIS receives certification training provided by the UHMIS team. • The Agency will not knowingly enter false or misleading data under any circumstances. • If a Client withdraws consent for release of information, the Agency remains responsible to ensure that the Client’s information is unavailable to all other Partner Agencies. • The Agency agrees not to release any confidential information received from the UHMIS database to any organization or individual without proper Client Consent.
UHMIS Users must treat partner agencies with respect, fairness and good faith. • Each UHMIS User should maintain high standards of professional conduct in the capacity as a UHMIS User. • The UHMIS User has primary responsibility for his/her client(s). • UHMIS Users have the responsibility to relate to the clients of other partner agencies with full professional consideration. User Code of Ethics
Is it appropriate to share client information with other employees or staff members? • Do I have the client’s permission to discuss their information with another agency or person from another agency? • What precautions have I taken to safeguard the clients information? Questions to Ask Yourself
Data Security Data security goes beyond your computer. You need to ensure that the PPI that is gathered and input into the HMIS needs to be secure at all times.
Data Security will be monitored by UHMIS to ensure compliance • User ID and password are for the user’s use only and must not be shared with anyone. • Users take all reasonable means to keep their password physically secure. • Users must understand that the only individuals who can view information in UHMIS are authorized users and the clients to whom the information pertains. • Users can only view, obtain, disclose, or use the database information that is necessary to perform their job, and which complies with clients’ signed permission to release information. • If a user is logged into the UHMIS and must leave the work area where the computer is located, they must log-off of the software before leaving the work area. Users will not leave a computer unattended that has the HMIS software “open and running”. Data Security End-User Agreement
Users or the agency will keep hard copies of appropriate UHMIS information/documentation in a secure place. All client information will be kept secure by ensuring that all hard copies of client forms are locked and secure when unattended. When hard copies of the UHMIS information are no longer needed they will be archived for a minimum of seven years. Beyond that, hard copies of the records must be properly destroyed to maintain confidentiality. • If a user notices or suspects a security breach; they must immediately notify the Agency Administrator for UHMIS or the System Administrator. • Users will not knowingly enter false or misleading client information into HMIS under any circumstances. • Users will ensure that they are making the best effort to collect any and all necessary back up documentation for client level information. Data Security End-User Agreement Cont.