Logo: Missouri Association for Social Welfare
Homeless Missourians Information System
A Tool Toward Housing All Missourians
Bullet: MASWHMIS Home     Bullet: MASWMASW Home     Bullet: MASWSearch Bullet: MASW
Donate Button

Click here to sign up for e-mail alerts.

Latest News

Arrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASW

2010-08-24

Largest Decline in Housing Sales Ever Recorded
July numbers worst in the 40+ years these records have been compiled MASW bulletSee story

2010-08-18

State Treasurer Clint Zweifel calls for $127 million housing package for Missourians suffering from mental illness
Plan requires no new spending or revenue and works to end chronic homelessness MASW bulletSee story

 

More Headlines   Arrow: MASWArrow: MASWArrow: MASWArrow: MASWArrow: MASW

September 2, 2010

Frequently Asked Questions

HMIS—WHAT IT IS AND WHAT IT DOES

CLIENT DATA STEWARDSHIP: SERVICE, SECURITY AND CONFIDENTIALITY

HARDWARE ISSUES AND COSTS TO PARTICIPATE

HMIS—WHAT IT IS AND WHAT IT DOES

What is the HMIS?
The Homeless Missourians Information System (HMIS) is a shared database for the use of agencies that provide assistance to homeless persons and to persons at risk of homelessness. The main purpose of the HMIS is to collect information about the people that such agencies serve in order to better define the problem of homelessness in Missouri, and thus to help end homelessness. Many different types of agencies can input data into the HMIS at the same time and share the data, to the extent allowed by each agency, with each other. The HMIS is “on-line” via telephone lines in the same way that you access the Internet, but your access is secured. It is a totally private database that is accessible only by persons authorized to use it by virtue of working for agencies that have gone through the process of enrolling in the HMIS. The HMIS is meant to serve the 103 counties of the state of Missouri that comprise the Balance of State Continuum of Care, which are primarily the rural counties of the state.

HMIS VS hmis: HMIS (all caps) stands for Homeless Missourians Information System and is a project of MASW and hmis (all lower case) is the homeless management information system associated with HUD.

Back to the top

How can the HMIS help my agency?
The HMIS can help your efforts to assist homeless and low-income people on a number of different levels. The HMIS functions as a client intake system that can eliminate most paper records maintained on clients, allowing you to spend more time on direct services to clients. Once a client’s information has been entered into the HMIS, other service providers can view that client’s information on-line, unless you have opted for special confidentiality status for your agency. In most cases there is no need to duplicate intake work because the information is already available on-line.

The HMIS can also assist service providers to coordinate their resources more efficiently on a local and regional level. For instance, the HMIS has bed management capability, so that if a service provider needs to refer a client for emergency shelter, he or she can view the available emergency shelter resources at nearby facilities, or in nearby cities or counties, to find the closest and most appropriate placement.

The HMIS can also create reports on your agency’s use of its resources, as well as specialized reports required by many funding agencies, including HUD’s Annual Reports. With a few keystrokes you can create a report that might otherwise have taken days or weeks to write. All such reports can be customized to your needs.

The more agencies contributing client data to the HMIS, the better the picture of actual homelessness the HMIS can present, in a clear, factual and statistical way. The HMIS can also identify unmet needs in the area of homeless services. When this factual picture of homelessness emerges, it will be used to positively influence state public policy towards increasing funding for homeless providers, with the ultimate goal of ending homelessness in the State of Missouri.

Back to the top

Who May Use the HMIS?
Any public or private agency in the counties composing the Balance of State Continuum of Care (see map) that provides shelter or housing to homeless persons, or that provides services to homeless persons or to people at risk of homelessness, may participate in the HMIS. These include but are not limited to:

HMIS participants may be of any size and make-up. We welcome any agency or organization that provides these kinds of services, regardless of whether the agency is a local church-based operation that serves one community or part of a network of agencies that serves many counties.

The more homeless services of all kinds that are on line, the better the HMIS will serve Missouri’s needs.

Back to the top

How do I enroll?
The enrollment process begins with the submission of two forms: 

Agency Partner Agreement
This form is an agreement between your agency and the Missouri Association for Social Welfare (MASW), the agency that received the grant from HUD to create the HMIS.  The form describes our mutual responsibilities in connection with the use of the HMIS database.  It spells out many of the duties of the partner agency as a whole toward maintaining the confidentiality of client information.  The Executive Director of your agency, or a person with similar responsibility, should read and sign this form. 

User Policy, Responsibility Statement, and Code of Ethics
Each person that your agency wishes to designate as a user of the HMIS database must fill this form out and sign it.  The form describes the duties of HMIS users in keeping client information confidential and maintaining the security of the HMIS database.

The forms must be returned to MASW before your agency and the agency users will be granted access to the HMIS database.

Mail the forms to:                                                          
MASW                                                                            
Attention: HMIS                                      
606 East Capitol Avenue                                                 
Jefferson City, 65101                                                      

The next step Please refer to the New User Enrollment Process for details

Back to the top

Who Pays for HMIS?
MASW’s grant from the U.S. Department of Housing and Urban Development (HUD) pays for HMIS participation by the following types of agencies:

The grant covers the cost of software, agency training, and technical assistance; it does not pay for computers, Internet connections, or other infrastructure needed to connect to the HMIS. Agencies that do not operate shelters or housing, or provide shelter by referral, are not covered by MASW’s grant.

MASW may be able to help agencies to examine collaboration opportunities with other agencies on the system. Smaller agencies, who may not have computers or internet or afford them, may in effect, be able to piggyback with larger agencies by giving their homeless client data to a larger agency to be input into the HMIS on that agency’s computers.

Back to the top

Who runs the HMIS?
The Missouri Association for Social Welfare (MASW), a citizens’ non-profit organization that has been working for social justice for over one hundred years, applied for and received in 2002 a HUD grant that funded the initial creation of the HMIS. MASW is also referred to as the “Program Administrator” of the HMIS. The HMIS serves the BoS CoC system, which encompasses the 101 “non-entitlement” counties of the state (in effect, the rural counties of Missouri) and will eventually link with the other homelessness information systems in the state. This project developed from MASW’s experience developing and conducting five censuses of homeless shelters and the Missouri Congresses to End Homelessness, which first met in 1998 and began the formal process of project planning. MASW has convened three Congresses to End Homelessness since the first Congress in 1998, most recently in April 2004.

MASW formed a Steering Committee to help oversee and make decisions about the basic structure of the HMIS. The Steering Committee is composed of representatives of state departments, private agencies engaged in providing homeless services, and representatives of the other Continua of Care in Missouri. Representatives participate from: St. Louis City; St. Louis County; Kansas City and its surrounding counties; St. Joseph and its surrounding counties; Boone County; Jasper and Newton Counties; Green, Christian and Webster Counties; and St. Charles, Lincoln and Warren Counties.

The Governor's Committee to End Homelessness oversees the BoS CoC. The member organizations of the Committee provide information and technical assistance to local level organizations. This assistance helps them to recognize the need and better serve those experiencing homelessness in their communities, support the coordination of regional efforts to address, and ultimately end homelessness.

Back to the top

How many homeless management information systems (hmis) are there in Missouri?
Aside from the Balance of State Continuum of Care, there are eight other Continua of Care in the State:

Each Continuum of Care in the state has an organization with similar responsibilities, and the HMIS plans to interact with each one so that a statewide system can evolve that will be useful to everyone. MASW’s HUD grant gives first priority to creating a data system to serve the Balance of State Continuum, and then linking it to the other systems in the State.

The Springfield Continua now use the HMIS as their own homelessness data system. The Joplin and St. Charles areas are both developing data systems using software different from the Balance of State Continuum. The Kansas City and St. Joseph areas both use an established system called MAACLink. St Louis City and County both use ROSIE (Regional Online Service Information Exchange), the same software used by the Balance of State Continuum.

Back to the top

What kind of training will be provided to teach my agency users how to use the HMIS?
Training is provided by employees of Municipal Information Systems, Inc. (MISI) and HMIS staff. MISI personnel will conduct the initial orientation session on-line, with trainings tentatively scheduled every other Friday. HMIS staff will be doing follow-up one-on-one training, as needed and/or requested.

Technical support is always available from MISI via a toll-free telephone number. The HMIS software, ROSIE, which was created by MISI, is very easy to learn, and even people with little computer experience have found it simple to learn and use. In addition, MASW can provide advice about maintaining HMIS client confidentiality in your agency’s office set up.

Back to the top

How does HMIS fit with HIPAA (Health Insurance Portability and Accountability Act)?
The HMIS Steering Committee has worked to ensure that the HMIS meets all HIPAA requirements. Generally, the confidentiality measures built into MISI’s ROSIE software and the procedures the Steering Committee has established far exceed those required by HIPAA. Participating agencies need to be familiar with any requirements they must meet under HIPAA; when such an agency wishes to begin using HMIS, the agreement between MASW and the agency will specify that HIPAA requirements are being met by the agency.

Back to the top

If clients refuse to participate, would there be a penalty on the provider?
No. The decision of whether or not to provide one’s personal information to HMIS is entirely up to the individual client and no agency will be allowed or encouraged to coerce clients into providing their information. MASW hopes to gain the confidence of all users and clients in the integrity and usefulness of HMIS and thereby have as high a level of participation as possible. There is no basis to penalize anyone if a client does not want to participate.

Back to the top

CLIENT DATA STEWARDSHIP: SERVICE, SECURITY AND CONFIDENTIALITY

Who controls the data that clients give my agency to be put into the HMIS?
Contrary to what one might assume about a large centralized data system like the HMIS, MASW does not ‘take control’ of people’s information when it is entered into the database. With regard to the personal, identifying information that clients give, quite the opposite is true. Under the rules set by the HMIS Steering Committee, clients control their own information. All clients have the right to give and revoke permission to use their personal data in the HMIS at any time. The partner agencies that receive information from their clients have a contractual responsibility with MASW to protect the confidentiality of client information; to give client information to anyone outside the HMIS only with the client’s written and specific permission; and to use the client’s information in the most effective manner possible to provide needed services and shelter.

Aside from individual client information, there is a second type of information in the HMIS. All data put into the HMIS also contributes to an aggregate picture of homelessness in the state; this aggregate data omits personal information while pooling demographic information received from clients. Until HMIS forms its own governance structure, MASW will be the steward of this aggregate data. Neither MASW employees nor members of the HMIS Steering Committee have access to any identifying client data. All data in HMIS is stored on servers owned by Municipal Information Systems, Inc. (MISI), a non-profit company located in St. Louis. MISI handles the data for the Continua of St. Louis City and St. Louis County, as well as other cities and counties outside Missouri. MISI is a professional agent of MASW and performs its duties of stewardship in accordance with its contract with MASW, which includes a requirement to maintain the confidentiality of client information. MISI is also known as the “System Administrator” for the HMIS.

Back to the top

What is “Stewardship”?
MASW uses the term “Stewardship of Information” primarily because it addresses our roles on behalf of the public trust. As public servants, MASW does not personally own or control anything for itself, but only for the community. The term implies that MASW not only protects, but also makes positive use of that with which it is entrusted. Good stewards act in the public’s best interest; they protect and preserve public assets while making use of those assets for public benefit.

Back to the top

What information is collected by the HMIS?
The general types of information that are accommodated by the HMIS include:

HUD’s finalized data and technical standards for all homeless management information systems were published on March 2010. These standards specify exactly what information must be collected by homeless management information systems, as well as other optional information. The standards may be downloaded herepdf.

Back to the top

What if a client doesn’t want their information inputted in the HMIS?
A Client’s personal information may not be added to the HMIS unless the Client signs a Client Consent form authorizing the use of their information. This consent can be revoked at any time. A client is not disqualified from receiving assistance merely because he or she chooses not to sign the Consent form. MASW cannot, and would not, require clients to provide their personal information in order to receive services.

When a Client revokes his or her consent to have their information added to the HMIS, all existing information about that Client is rendered invisible to all users of the database, including the agency that originally entered the information. The information collected up to the point of revocation remains a part of the HMIS for purposes of contributing to the aggregate data collected for reporting on homelessness services, and employees of MISI, in the normal course of their database maintenance duties, could still view that client’s data. As stated above, MISI is contractually bound to maintain the security and confidentiality of all client data, and has never, throughout its extensive history, experienced a breach of security or confidentiality.

Back to the top

Who will have access to my agency’s data?
The HMIS database is maintained by MISI; thus, employees of MISI have access to the data stored in the HMIS in the course of their duties to maintain the integrity of the data. MISI has a contract with MASW to host the HMIS data, and this contract includes confidentiality provisions regarding client data. MISI has hosted such data for the City and County of St. Louis for ten years, as well as data for other Continua of Care such as the City of Baltimore, and has never experienced a breach of client data security or confidentiality. MISI maintains a secure environment for the data it guards; MISI’s servers are protected from hacking by a firewall and 128-bit encryption, and are located in secured climate-controlled rooms in a continuously patrolled building.

The only other people that have access to a specific client data are clients themselves and the agencies enrolled in the HMIS. Clients may of course view and/or receive a copy of their own information at any time they request to do so, but they may not see other clients’ data. As for agencies, client data is shared among them in two different ways. Some agencies may designate themselves as “blind” agencies if they have special confidentiality needs. Those agencies typically include domestic violence shelters and any agency covered by HIPAA. If an agency opts to be blind, it means only that agency can see the data it enters into the HMIS; other agencies simply do not have access to it and don’t know it’s even present. “Non-blind” agencies--those that have normal confidentiality needs such as general population shelters—enter client data that can be seen and shared by all other agencies enrolled in the HMIS. This information sharing is one of the major benefits of the HMIS, because it allows participating agencies better plan their services based on knowing how many clients are in their area. It also helps clients because it saves them from having to provide their personal information repeatedly at every agency they from which they seek assistance.

Back to the top

Is my agency’s client information 100% secure from theft and misuse while in the HMIS?
Any shared database has points of potential vulnerability. MASW has striven to ensure that security controls are in place wherever possible. The following section discusses the various points of access to the system and how security is maintained at each one.

Individual Users. Experience across the country has shown that the most vulnerable parts of any data system are users who do not follow the protocols of security and confidentiality. HMIS requires all system users to sign a User Agreement that outlines our requirements regarding the handling and protection of client data by the User. These requirements include, among many other things, shielding HMIS screens from casual view by the public, secure storage of any HMIS printouts, and taking precautions to keep passwords secret. Those who cannot or will not comply with our established security protocols will have their rights to use the HMIS terminated and will be subject to the disciplinary procedures in place at the agency that employs them. Naturally, this is something we want to avoid, and we readily make assistance available to help Users and Agencies comply with best practices.

Partner Agencies. As with individual Users, HMIS Partner Agencies must sign an agreement before enrolling in the system that contractually obligates the agency to maintain security and confidentiality protocols described in the agreement, including ensuring that all its Users are aware of the need for information security and how to maintain it. Any agency that defaults on the agreement by experiencing a documented security breech will have its access to the HMIS suspended until it receives technical assistance from MASW that will prevent such future lapses. Repeated lapses may result in termination from the HMIS database. In addition, the Partner Agencies (and their Users) are subject to HMIS audit procedures, which can be initiated by any HMIS Client, any Partner Agency, the System Administrator or the Program Administrator. Audits retrieve records stored by the HMIS showing which system users have accessed and/or changed which client records. This is a feature required by HUD for all homelessness data management systems that helps agencies investigate allegations of misuse of the system and breaches of security.

The Software and Hardware (ROSIE and MISI). As described above, the ROSIE software allows agencies with special confidentiality needs to block all their client data from the view of all other agencies sharing the HMIS database. Thus, agencies can choose the level of security they feel is required for their clients. From a software aspect, this feature provides 100% security for those clients of “blind” agencies. Of greater concern to many agencies is the physical security of the data as it resides on the servers operated by MISI. The possibility of manual or automated intrusions (“hacks”) into information databases is very real in the contemporary world of data storage. For that reason, MISI undertook to test its own server security by hiring a company to perform a “penetration test.” In February 2004, TechGuard Security, of Chesterfield, Missouri, attempted several different kinds of hacks into MISI’s servers, and MISI’s security procedures proved 100% effective against the intrusion. MISI’s report of the penetration test, which has been edited only to remove the names of the servers, is availablepdf.

MASW believes that it has made every reasonable effort to ensure the security of the data put into the HMIS database. Can it be said to be 100% foolproof? Taken as a whole to include the element of human fallibility, no, it cannot. But MASW has made very clear to agencies and users alike how vital client confidentiality and data security are, so we believe that the chance of a breech of data security is extremely small.

Back to the top

Is there a policy regarding the sharing of information generated by HMIS? If so, what is it and what are the procedures?
MASW anticipates two types of requests for data from agencies and persons outside the HMIS and its partner agencies: requests for aggregate data reports, and requests or legal demands for client-level identifying data. In responding to such requests, MASW and its representatives attempt to balance the need for public information about homelessness, the need to guard against a misuse of such information, and MASW’s own legal obligations and responsibilities.

The HMIS is set up to produce many standardized reports that can be run by individual agencies on their own activities. The partner agencies are free to produce and distribute such reports as they see fit. Other standardized reports pertain to activity within the HMIS as a whole, and MASW, as Program Administrator, reserves the right to distribute such reports as it deems appropriate. A request from a partner agency for a non-standard report, for example, one covering the activities of many agencies in a given region, is subject to review and approval:

  1. All such requests are reviewed by the HMIS Project Director, and routine requests (such as the multi-county example described above) are granted under the Director’s authority;
  2. Non-routine requests for aggregate information would be submitted by the Project Director to the HMIS Steering Committee for discussion and approval; and
  3. Requests that elicit special concerns are submitted to MASW’s Housing and Homelessness Task Force for consideration. If the information request poses liability issues for MASW as a whole, the request would be submitted directly to MASW’s State Board.

A legal demand for client-level identifying information, such as a subpoena, brings us back to the question of who controls the information in the HMIS. In any such given request, there are four parties that could potentially respond to a subpoena:

  1. MISI. MISI is the HMIS data hosting service and creator of the ROSIE software. It is MISI’s policy to respond to any subpoena by referring it to MASW. MISI asserts no legal control over the data in the HMIS and is not authorized to distribute any HMIS data on its own.
  2. MASW. MASW is the entity that organized the creation of the HMIS under a grant from HUD. While MASW has a contractual responsibility to successfully implement the HMIS, MASW does not own the data in the HMIS—its role is exclusively that of steward of the data in HMIS. MASW’s State Board exercises final authority and thereby significant control over how HMIS aggregate data is used, but it exercises no control over client-level data, beyond the final formal approval of the setting of policy and rules governing how partner agencies must behave with respect to that data. The policy and rules are developed by the Steering Committee, submitted to MASW's Housing and Homelessness Task Force for approval, and then to the State Board of MASW for final approval. It is MASW’s policy to respond to any subpoena for client data by informing the agency making the demand that MASW and its employees and volunteers (including members of the HMIS Steering Committee) do not have any access to client data of any kind. MASW is, therefore, unable to produce such data upon demand. In effect, MASW would refer the agency making the demand to the client him or herself, but in fact, MASW has no way of knowing where the individual client may be at any given time.
  3. Partner Agencies. HMIS partner agencies have a primary duty to protect the confidentiality and security of client records. If a partner agency in the HMIS receives a subpoena for client information, HMIS policy requires that: 1) the agency immediately notify the HMIS Project Director; and 2) the agency not release such information without first obtaining a signed written release from the client in question. The signed release must specify exactly what information may be released; it may not be a general release of information. As a matter of Missouri State law, some partner agencies have legal immunity from demands to provide client information. For those that lack such immunity, the HMIS will endeavor to assist the partner agency in finding legal defense resources as needed.
  4. Clients. Under HMIS policy, clients are the sole owners of their information, and the HMIS strives to encode that ownership into its policy. Clients must give their informed consent before giving their information to partner agencies to put into the HMIS, and they may revoke that consent in writing at any time. HMIS policy specifies that any request for client information from an agency or person outside the HMIS is subject to a separate written consent by the client, stating exactly what information may be given.

Back to the top

Are entries to and inquiries in the system tracked in the event that a confidentiality breach needs to be investigated?
Yes. MISI’s ROSIE software maintains a complete record of the use of the database by all users based on their password and user identity. As long as password security is maintained by your agency, MISI can accurately track who is using the system, what inquiries they are making, and what information is being input into the system by which user. The Steering Committee is creating a formal process whereby any HMIS partner agency or HMIS staff member may request an audit to track suspected abuse of the system.

Back to the top

HARDWARE ISSUES AND COSTS TO PARTICIPATE

What does the HMIS cost to use?
For the length of the project, any Missouri provider of emergency, transitional, or permanent shelter services is eligible to participate without charge in the HMIS under a federal Department of Housing and Urban Development (HUD) grant. The HUD grant covers the cost of software licensing, training and technical support. Each agency must provide its own computer and internet connection in order to use the HMIS. Agencies not covered by the grant would pay for software licensing and pay a user fee. For an agency with one user, this is approximately $300 per year.

See also Who Pays for HMIS? above.

Back to the top

My agency receives HUD funding; are we required to participate in the HMIS?
Yes. HUD has made participation in a homelessness management information system a condition of receiving McKinney-Vento funding. McKinney-Vento funds include Shelter Plus Care, Supportive Housing, and the Emergency Shelter Grant Program.

The “Homeless Management Information Systems (HMIS); Data and Technical Standards Final Notice” published by HUD on July 30, 2004, states:

1.5. Other HMIS Provisions
1.5.1. Participation Requirements for Providers Receiving HUD McKinney-Vento Act Funding

Given the benefits of an HMIS for providing accurate estimates of the homeless population and its needs and improving housing and service provision at the local level, all recipients of HUD McKinney-Vento Act program funds are expected to participate in an HMIS. The HUD McKinney-Vento Act programs include ESG, SHP, S+C, and Section 8 Moderate Rehabilitation for SRO. In the FY 2003 funding notices for the SHP, S+C, and Section 8 Moderate Rehabilitation for SRO programs, HUD announced that providing data to an HMIS is a condition of funding for grantees.

and

1.5.3. Annual Progress Reports

Recipients of funds under the SHP, S+C, Section 8 SRO and HOPWA Programs are required to submit APRs to HUD. The Notice provides guidance for how to use HMIS data in submitting the current version of the APR. Homeless shelter and service providers receiving funds under the Emergency Shelter Grant (ESG) program are required to participate in an HMIS if the provider is located in a jurisdiction covered by a CoC with an HMIS.

Many agencies in Missouri that receive McKinney-Vento funds are domestic violence shelters, and thus have grounds, on the basis of State statute and case law, to be exempt themselves from full participation in HMIS. In addition, HUD itself has made exceptions in the way that domestic violence shelters participate in HMIS.

Any homelessness services agency, regardless of it funding sources, may participate in the HMIS.

Back to the top

What kind of computer does my agency have to provide to get on-line with HMIS?
Agencies participating in the HMIS need to have a Pentium-class machine and a modem (Internet) connection.  While use of the database can be obtained with a dial-up connection, optimum efficiency of use requires a minimum of a broadband connection. 

Back to the top

Can laptops be used for HMIS input?
Yes. Agencies often use laptop computers with docking stations in place of desktop computers. It is important to remember that all confidentiality guidelines, as outlined in the Agency Partner Agreement, must be followed regardless of desktop or laptop computer use.

Back to the top

What if my agency is so small that it can’t afford a computer?
MASW sometimes receives used computers from other organizations; whenever possible, these will be given to homeless service agencies in order to assist participation in the HMIS. MASW also encourages smaller agencies to partner with larger agencies in their area. Smaller agencies may be able to arrange to enter their client data onto computers belonging to other agencies. MASW will help facilitate such partnerships.

Back to the top

Updated: 01/07/2008

Site designed by esavvy communications