Open HMIS Systems and HIPAA

102 views
Skip to first unread message

Montiel, Amy P.

unread,
Jun 17, 2013, 11:18:21 AM6/17/13
to mar...@googlegroups.com, Haddix, Meredith

Good morning,

 

My CoC is currently transitioning to a new HMIS vendor (ClientTrack). We would like to have a very open system that shares intakes globally and shares most transactional information among all providers in the Continuum. We are also looking at shielding certain data elements, like HIV status, to protect clients’ privacy. Do any of you have very open data systems? What is your experience with healthcare organizations that participate in your HMIS systems? Is there a way to be HIPAA compliant and still share intakes completed by these agencies? Any experience/best practices you can provide would be very helpful.

 

Thanks,

 

Amy Montiel

HMIS Director

Baltimore City Mayor’s Office of Human Services,

Homeless Services Program

7 E. Redwood St.

Baltimore, MD 21202

410-396-1915 (office)

443-801-2611 (cell)

 

Bobbin Paskell

unread,
Jun 17, 2013, 11:24:41 AM6/17/13
to mar...@googlegroups.com, Haddix, Meredith
We recently made a move to an open system.  There are a couple of significant things you should review.  First, there are documents on OneCPD that cover the HIPPA issue.  The fact is that the majority of HMIS providers, and the info that is shared in HMIS, is NOT covered under HIPPA (HIPPA is NOT applicable).  There is actually at least one archived webinar covering this.  If I find the pdf file that I printed from it, I will forward it on.

We had discussions with the full CoC, as well as our HIV and mental health providers.  The key point is that these providers, for the purposes of HMIS, are not covered entities, and the info exchanged is not covered information within HIPPA.  That being said, they did have concerns of privacy.  Our HMIS system allows the user (case manager) to "lock" certain pieces of info.  Therefore, it is the policy of our CoC that the CLIENT will have the right to choose what info is shared (open) and not shared (locked).  This allows those providers to give the client the choice.

I hope this helps.  Feel free to contact me directly if you would like additional info.  My email is bobbin....@co.middlesex.nj.us.

Sincerely,
Bobbin Paskell, MSW
Assistant Director of Systems/ HMIS System Administrator
Coming Home of Middlesex County


--
You received this message because you are subscribed to the Google Groups "MARHMIS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to marhmis+u...@googlegroups.com.
To post to this group, send email to mar...@googlegroups.com.
Visit this group at http://groups.google.com/group/marhmis.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Matthew Berg

unread,
Jun 17, 2013, 11:30:47 AM6/17/13
to mar...@googlegroups.com

Bobbin,

 

You are correct in stating that “The fact is that the majority of HMIS providers, and the info that is shared in HMIS, is NOT covered under HIPPA (HIPPA is NOT applicable).”  However, the 2004 HMIS Technical Standards used the phrase “HIPPA like” (quoting from memory here) in describing the CoC data privacy obligations, and this term was never defined, nor were these standards revised when the data standards were.

 

Matthew BergDescription: phillyseal.jpg

Director of Information Technology

Office of Supportive Housing

City of Philadelphia

(215) 686-XXXX

Paul Rossi

unread,
Jun 17, 2013, 11:50:41 AM6/17/13
to mar...@googlegroups.com
I think that the presentation on HIPAA and HMIS that Jon Neiditz did in 2004 is probably still the best overview given that the 2004 Privacy Standards are still in effect.



Paul Rossi
Foothold Technology

p: 212.780.1450 x8004
e: pa...@footholdtechnology.com
Google Talk: pa...@footholdtechnology.com

36 East 12th Street, 5th Floor
New York, NY 10003
http://www.footholdtechnology.com

Sign up for upcoming FootholdConnect events!

Click here -> register.footholdtechnology.com 



This message and any attachments are intended only for the use of the
addressee and may contain information that is privileged and confidential.
If the reader of the message is not the intended recipient or an authorized
representative of the intended recipient, you are hereby notified that any
dissemination of this communication is strictly prohibited. If you have
received this communication in error, notify the sender immediately by
return email and delete the message and any attachments from your system.

image001.jpg

Fox, Daniel

unread,
Jun 17, 2013, 12:06:28 PM6/17/13
to mar...@googlegroups.com

Amy,

 

We follow a similar method to what Bobbin describes. Even though HIPAA doesn’t apply, there were privacy concerns voiced. To meet everyone’s needs, we allow the users to lock down extra data elements if there is a need. The important piece is the release of information form, where clients can pick their sharing level, either full sharing, no sharing, or partial sharing to allow the client to choose to not allow certain pieces of information to be shared.

 

Daniel Fox | Economic Development Analyst 2 & PA HMIS System Administrator

PA Department of Community & Economic Development

Center for Community Financing,  Technical Support & Program Development Division

Commonwealth Keystone Building

400 North Street, 4th Floor | Harrisburg, PA 17120-0225

Phone: 717.720.7412dani...@pa.gov | ra-p...@pa.gov

www.newPA.com | www.visitPA.com | www.newpa.com/pahmis

Like us on Facebook

Follow us on Twitter @newPAnews and LinkedIn  

 

Confidentiality Notice: This electronic communication is privileged and confidential and is intended only for the party to whom it is addressed. If received in error, please return to sender.

Bobbin Paskell

unread,
Jun 17, 2013, 12:07:08 PM6/17/13
to mar...@googlegroups.com
That's right, Paul.  Thank you!
image001.jpg
Reply all
Reply to author
Forward
0 new messages