Question: My agency provides services to victims of domestic violence. How should I handle my HMIS data?
Answer:
Agencies that serve victims of domestic violence have certain laws and policies that must be followed pertaining to clients' personally identifying information (PII). We have the following suggestions to protect your clients' data:
Comparable Database: VAWA’s amendments to the McKinney-Vento Homeless Assistance Program prohibit victim service providers from entering clients' personally identifying information (PII) into an HMIS, even if the information is encrypted. DV providers must use a "comparable database," which in ETO-terms can be a separate enterprise.
Data Collection: enter only the PII necessary for your data collection and reporting requirements.
Reporting: to protect clients' PII while running standard HMIS reports such as the APR and ESG CAPER, we recommend you follow these best practices when sending data pulls to Homelessdata.com:
Run a CSV Data Pull and for Hash Status select SHA-256 RHY (RHY Programs Only). This will mask clients' names and SSNs.
After completing your reporting in ETO and uploading for funding, remove your dataset by clicking the Trashcan icon next to the report name in ETO HMIS Reporting.
It is the responsibility of the agency or organization serving victims of domestic violence to follow all applicable federal, state, and local privacy laws, as well as any internal policies or procedures. These suggestions should not be considered legal advice. Please consult an attorney if you have any questions.