Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

CoC Data Standards Checklist

advertisement 
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Policy Issues
Data Collection Requirements:
1.4, 1.5, SOPs (Establish a participation
Does the CoC want to limit minimum data collection to the
Sections
requirements specified in the HMIS Standards or are there
policy for providers and clear
2 and 3
additional data elements that should be required based on
expectations for data collection.)
local needs? Do all providers know what they need to
collect?
DV Provider Participation:
Has the CoC developed a policy and method for DV provider 1.5.6 SOPs (Establish a participation
participation that will allow the CoC to generate analysis
policy for DV providers and clear
based on a systemwide unduplicated count?
expectations for data collection.)
Notification and/or Consent Policies:
SOPs (Document all baseline
4.2.1
Does the CoC have privacy policies and procedures to
expectations for agency and user
4.2.2
ensure that all agencies and users share a common
behavior in the SOPs, including
4.2.3
understanding of client notification and/or consent
notification and consent
procedures?
procedures, reasonable
Decisions:
accommodation for persons with
- standard uses and disclosures
disabilities and persons that don’t
- policy on when client can be notified vs when a client
speak English, client rights with
must provide consent regarding use and disclosure
respect to their information, etc.)
of data
Sample Privacy Notice and
- procedure for how users should provide notification
related documents (Develop a
and/or consent
template of the privacy notice,
protocol for amending the privacy
notice, explanation for clients, and
related consent agreements for all
agencies to adopt and use.)
Page 1 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Security standards:
Does the CoC have minimum security standards to ensure
that all agencies understand how to protect the HMIS
application and database?
- Define the frequency of virus protection updates
- Define appropriate physical locations for HMIS
access (characteristics of physical environment,
appropriateness of use of laptops, appropriateness of
use of users’ home workstations, etc.)
- Frequency and method of HMIS data backup
(document sys admin responsibility to implement or
contractually secure this service with ASP, if
appropriate)
Data Access and Release policies:
Does the CoC have minimum data access standards to
ensure that all agencies understand how to protect HMIS
data in both hardcopy and digital formats?
Central CoC Data Repository:
Does the CoC have a designated central database repository
that collects all of the providers’ HMIS data at least annually
for the purposes of generating an unduplicated count and
basic analysis of the unduplicated HMIS data?
4.3
SOPs (Document all baseline
expectations for agency and user
behavior in the SOPs, including
core elements of an appropriate
agency security protocol.)
Sample Information Security
Protocol (Document how to
operationalize the minimum
security policies by providing a
sample information security
protocol.)
4.3.2,
4.3.3
SOPs (Document procedures for
storing HMIS data in digital and
hardcopy formats.)
5.2.1
Central database (Data must be
collected at least annually and
stored for a minimum of seven
years after the data of collection
by the central repository.) SOPs.
Page 2 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Agency and User Issues
Data Collection:
Do all providers know what they need to collect? Do they
know how to correctly code individual client records to
capture household groupings?
DV Provider Participation:
Do DV agencies know what they need to collect and how
they can participate?
Bed Coverage:
Is there an emphasis on obtaining emergency shelter,
transitional housing, and outreach provider participation?
Note subsequent participation priorities too.
Notification and Consent Policies:
Do all agency executives understand their responsibilities?
Notification and Consent Policies:
Do all users understand their responsibilities? NOTE: If this
is delegated to participating agencies, CoC may want to
implement more extensive monitoring procedures.
1.4, 1.5,
Sections
2, 3 and
5
User training (Consistently
communicate requirements).
Develop user tools (Quick Cheat
Sheet).
1.5.6
User training (Consistently
communicate requirements).
Develop user tools (Quick Cheat
Sheet).
1.6
Agency outreach and user
training.
4.2.6
Agency Agreement (Require all
agency executives to sign prior to
bringing the agency online.)
Agency executive training.
4.2.6
User Agreement (Require all
users to sign prior to gaining
system access.) User training.
Page 3 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Security Standards:
Do agencies understand the security standards that apply to
their users?
Hard Copy Security:
Do agencies understand how to protect hard copy data,
including reports, data entry forms, signed consent forms,
etc.?
4.3.1
Agency Agreement. (Require all
agency executives to sign prior to
bringing the agency online.)
Information Security Protocol
(CoC could require each agency
to adopt a security protocol that
addresses all aspects of the
security standards. CoC could
provide a sample information
security protocol to ensure that
agencies understand minimum
requirements.)
4.3.3
Agency Agreement. (Require all
agency executives to sign prior to
bringing the agency online.)
Information Security Protocol
(CoC could require each agency
to adopt a security protocol that
addresses all aspects of the
security standards. CoC could
provide a sample information
security protocol to ensure that
agencies understand minimum
requirements.)
Page 4 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Software Issues
Data Elements:
Does your software collect all of the universal and programspecific data elements, including the required response
categories and technical elements?
Data Completeness:
Does the software automatically generate default exit dates
by program type? Does the software maintain transactional
data for data elements that need to be analyzed over time,
such as income and service utilization?
Data Collection:
Do all providers know what they need to collect?
DV Provider Participation:
Based on the adopted policy, does the software need to
provide an alternative method for client-level data
submission?
1.4, 1.5,
Sections
2, 3 and
5
Inventory your software. Work
with your vendor to program
software to collect missing
elements and response
categories.
5.1.5
Software programming. (Based
on local assumptions, the
software should be programmed
to generate default exit dates by
program type to ensure complete
universal data collection.)
1.4, 1.5,
Sections
2 and 3
Software tools (e.g. CoC may
want to require or prompt for
missing data). Software queries
to check for missing or inaccurate
data.
1.5.6
Software design and integration
tools.
Page 5 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Privacy policy:
Does the software support the CoC’s notice or consent
procedure (opt-in or opt-out), if applicable?
Timeliness of PPI Storage:
Does the CHO dispose of or remove identifiers from a client
record after a specified period of time? (Minimum standard: 7
years after PPI was last changed if record is not in current
use.) Note this is a CHO requirement, but will need to be
operationalized at the CoC level (central database) and at the
CHO-level if the CHO maintains a decentralized database.
User Authentication:
Does the password protocol meet the minimum standard?
(e.g. Require a minimum of 8 characters including at least
one number and one letter; prohibit use of username, HMIS
name, or vendor’s name; prohibit use of a password which
consists entirely of any word found in the dictionary; and
prohibit use of any of the above spelled backwards?)
User Logon:
Does the software prohibit users from logging onto the HMIS
application more than once at any given time?
4.2.1
Software tools (e.g. checkbox to
remind user about notification
procedure, way to flag a record if
client opts out of default setting,
way to flag a record if client wants
data shared beyond the default
setting, etc.)
4.2.2
Automated data management
(Does software automatically
dispose of or remove identifiers
from a client record after a
specified period of time?)
4.3.1
and
4.3.2
User
Authenti
cation
Password Limitations (Password
parameters should be built into
the application.)
4.3.1
and
4.3.2
User
Authenti
cation
Software user authentication
(Application should verify that
user is not already logged on
before granting access to the
database application.)
Page 6 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Workstation authentication:
4.3.1 Sys admin or ASP should use PKI
If users access the HMIS through a public forum (e.g.
Public
internet), does the software authenticate the workstation prior Access or extranets that limit access
to granting access?
based on the Internet Provider
(IP) address prior to granting
access to the HMIS application.
Virus Protection:
4.3.1 Install virus protection software;
Does the lead org and ASP have regularly updated virus
Virus
protection software that automatically scans files as they are Protectio Assign someone to regularly
accessed by users on the system where the HMIS
update definitions.
n
application is housed?
Disaster Protection and Recovery:
4.3.1 Backup Plan. (Documented in
Does lead org or ASP back up all HMIS data on a regular
Disaster
basis to another medium and store it in a secure off-site
SOP, Agency Agreement, or
Recover
location? NOTE: This standard applies to each CHO, but is
y and Service Contract with ASP)
most likely operationalized through the CoC.
Backup
Disposal:
Does lead org and/or ASP appropriately reformat the storage 4.3.1 Disposal Plan. (Documented in
Disposal
medium when disposing of HMIS data? NOTE: This
SOP, Agency Agreement, or
standard applies to each CHO, but is most likely
Service Contract with ASP)
operationalized through the CoC.
Page 7 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
System Monitoring:
4.3.1 User access log and other System
Does lead org and/or ASP routinely monitor to verify that
System
users are appropriately accessing the HMIS and that security Monitori monitoring. (Sys admin and/or
systems are intact? NOTE: This standard applies to each
ng agency administrators should
CHO, but is most likely operationalized through the CoC.
routinely review user access log
to verify that user access is
consistent with expected patterns.
Document in SOP, Service
Contract with ASP, and/or Agency
Agreement.)
Electronic Data Transmission:
Does the HMIS application encrypt all HMIS data that are
electronically transmitted over the Internet, publicly
accessible networks or phone lines?
Electronic Data Storage:
Does the HMIS application store HMIS data in a binary
format?
Data export:
Can the software export HMIS data in a comma-separated
values text file, according to the prescribed format?
4.3.2
Electroni
c Data
Transmit
tal
Software application. (Verify with
software provider/ASP that
application uses 128-bit
encryption to transmit HMIS data
using tertiary systems.)
4.3.2
Electroni
c Data
Storage
Software application. (Verify with
software provider that application
stores HMIS data in a binary
format.)
5.1.7
Software programming.
Page 8 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Monitoring: Does the CoC monitor its participating agencies on compliance with the following areas?
Data Quality:
1.4, 1.5, QA procedure (Sys admin or data
Are providers collecting what they need to collect?
Sections
analyst could run query to check
2 and 3
for complete and accurate data
and follow up with providers to
improve data quality.)
Privacy Policies:
Section Site monitoring (site monitoring
Are all agencies complying with the minimum standards
4
established in Section 4 and any additional adopted CoC
could randomly check sites for
privacy policies?
compliance or could
systematically monitor all
agencies. Could be integrated
with other regular grant
monitoring, application review, ...)
User Agreements:
4.2.6 Central copies of User Agreement
Have all users signed a user agreement that specifies their
responsibilities?
(CoC could maintain copies of the
user agreement centrally, or
require submittal prior to granting
a user ID/password, or monitor
sites to ensure they’re completed)
Page 9 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment Checklist 1.0
Applicable Standards for each CoC, Implementing Jurisdiction or ASP
Notice Strategies for Implementation
Description
Ref #
Virus and Firewall Protection:
Does the agency regularly update virus definitions?
4.3.1
Virus
Protectio
n,
Firewalls
Site monitoring (site monitoring
could randomly check sites for
compliance or could
systematically monitor all
agencies. Could be integrated
with other regular grant
monitoring, application review, ...)
Workstation Access:
Does agency appropriately locate and staff equipment that is 4.3.1 Site monitoring (site monitoring
Physical
authorized to access the HMIS application? Does the
could randomly check sites for
Access
agency follow the laptop and/or home access policy
compliance or could
appropriately?
systematically monitor all
agencies. Could be integrated
with other regular grant
monitoring, application review, ...)
Page 10 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Community Status
Yes No Notes
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment
Checklist 1.0
Baseline elements of the sign at the intake Desk:
- General explanation of the reasons for collecting client information. (4.2.1)
- Offer to provide a copy of the notice upon request (4.2.4)
Baseline elements of the Privacy Notice:
- Specify the purposes for which it collects PPI (4.2.3)
- Define all uses and disclosures (4.2.3)
- Amendment policy and procedure (4.2.4)
- Right of client to inspect and have a copy of any PPI about the individual, offer to explain the
information, consider any request for correction of inaccurate or incomplete PPI. (4.2.5)
- Right of client to complain about the agency’s privacy and security policies and practices (4.2.6)
HMIS Agency Participation Agreement should specify and ask agency executives to affirm that they will:
- Comply with data collection requirements
- Comply with state and federal law
- Post a sign at intake meeting minimum standards
- Adopt and comply with a privacy notice (meeting minimum standards, documenting all
amendments, post on website, provide in foreign languages as appropriate) (4.2, see description of
privacy notice above)
- Provide reasonable accommodation to persons with disabilities to ensure that they understand the
privacy notice (4.2.4, see exceptions)
- Comply with additional CoC privacy policies on notification and/or consent (4.2.4)
- Establish a procedure for accepting and considering questions or complaints about its privacy and
security policies and practices (4.2.6)
- Ensure that all users at its agency understand and comply with its privacy notice (4.2.6)
- Comply with the security standards in the HMIS standards. [Agreement could require each agency
to establish an information security protocol that outlines practices to comply with the security
standards.] (4.3)
- Establish mechanisms to protect hard copy data, including reports, data entry forms, signed
consent forms, etc. (4.3.3)
- Submit data at least annually to the central CoC respository, if the agency is maintaining its own
independent database. (5.2.1)
NOTE: These responsibilities may be detailed in the agreement or may be documented by reference to
the adopted SOPs.
HMIS User Agreement should ask users to affirm that they:
- will comply with state and federal law
- acknowledge receipt of a copy of the agency’s privacy notice and will comply with the privacy
notice (4.2.6)
- will comply with the CoC procedure for providing notice and/or consent to clients (4.2.4)
- will provide reasonable accommodation to persons with disabilities and persons that don’t speak
English to ensure that they understand the privacy notice (4.2.4, if applicable)
- will agree to maintain written information about their password in a private, secure location (4.3.1)
Page 11 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
HMIS System Administrator Toolbox
CoC/Implement Jurisdiction Data Standards Compliance Assessment
Checklist 1.0
NOTE: These responsibilities may be detailed in the agreement or may be documented by reference to
the adopted SOPs.
Potential information security protocol provisions:
- User Authentication policies: (4.3.1 User Authentication)
o Password parameters that meet the HMIS standard for user authentication
o Policies that prohibit storing or displaying written information on user access (e.g.
username and password) in a publicly accessible location
o Policies that prohibit users from logging into more than one workstation at a time
- Procedure to maintain virus protection software with [define minimum timeframe] updated virus
definitions on all workstations on the same network as an HMIS workstation. (4.3.1 Virus
Protection)
- Procedure to maintain a firewall at the point of access to the Internet (network and/or individual
workstations). (4.3.1 Firewal)
- Procedure to authenticate all workstations accessing the HMIS application through a public forum
(e.g. internet) prior to connecting to the HMIS application. (4.3.1 Public Access)
- Protocol to define appropriate physical locations for workstations, and parameters for accessing
the HMIS through laptops and/or home workstations. Only workstations that meet this standard
will be authorized to access the HMIS (e.g. workstation authentication).
- Procedure to install password protected screensavers on all workstations that are authorized to
access the HMIS; set screensaver to automatically turn on when the workstation is temporarily not
in use.
- Policy/procedure to instruct staff to log off of the HMIS application and shut down the computer
when workstation will not be in use for an extended period of time.
- Procedure to protect hard copy data containing personal protected information that is generated
from or for the HMIS, including reports, data entry forms, signed consent forms, etc.
Page 12 of 12
Developed by the National HMIS TA Initiative by the QED Group, LLC for HUD
Related documents
DRAFT Rensselaer County Homeless Service Collaborative
DRAFT Rensselaer County Homeless Service Collaborative
Changes - cohhio
Changes - cohhio
03-medical informatics taxonomy
03-medical informatics taxonomy
DRAFT Rensselaer CoC/ESG Business Meeting Date/Time: August
DRAFT Rensselaer CoC/ESG Business Meeting Date/Time: August
CoC HMIS Data Collection Template - Rapid
CoC HMIS Data Collection Template - Rapid
FY15 ESG RFP Cover Narrative
FY15 ESG RFP Cover Narrative
Writing a Performance Improvement Plan for local
Writing a Performance Improvement Plan for local
Understanding and Implementing the HEARTH Act
Understanding and Implementing the HEARTH Act
Download
advertisement