Accessing HMIS while Working from Home
We know that many are currently working from home due to the COVID-19 pandemic, so we wanted to provide a reminder about requirements relating to accessing HMIS while working from home.
Remember:
- HMIS security protocols are still required and must be followed even if you are working from home!
- Securing a Client’s Personally Identifiable Information (PII) is of the utmost importance and must be your agency’s highest priority.
The information below is a reminder of your agency’s REQUIREMENTS regarding HMIS Data Security along with some tips about how to apply them at home.
HMIS Data Security Requirements
Remember that you need PRIVATE, SECURE Wi-Fi access. This means your home Wi-Fi must require a password that you must give to people to access your Wi-Fi. It cannot be an open network or a network where the password is known by anyone who walks by.
An HMIS Consumer Privacy Notice must be posted in areas in which client data is collected
If you are taking client calls, you will need to be prepared to review the HMIS Release of Information with the client over the phone and get verbal permission to share their data or not share their data. You don’t need to have a sign posted at home since clients will not be in your home.
The HMIS Baseline Privacy Standards must be produced upon client request
If you are taking client calls, you can email them a copy or let them know you will provide it to them during their next visit.
Client records and printed HMIS data are required to be stored in a secure location
If you will be printing data from HMIS, you will need to store that information in a locked filing cabinet at your home that only you have access to.
All computers, workstations, and office equipment used for HMIS purposes must be secure to ensure client data cannot be viewed by unauthorized individuals.
You will need to set up your workstation (regardless of location) to ensure that it is private from all other persons in your household (even your roommates!)
Agency privacy practices must ensure unauthorized individuals are not allowed in areas where client data is collected and/or entered in to HMIS.
Same as above. If you are completing work on behalf of your agency, regardless of your location, you must ensure client data is secure.
Anti-virus and firewall software are required on all computers in which HMIS data is entered.
If you are using your own computer or an agency provided computer to work from home, you must have up-to-date antivirus and firewall software on the computer being used to enter into HMIS.
Password protections and screen saver security processes must be in place and in practice for all computers used by HMIS users.
You must have password protections and a screensaver that does not show your screen on the computer you are using to enter HMIS. This applies whether it’s your computer or the agency provided computer.
The agency Record Retention policy must include how printed HMIS records are kept and how they are destroyed.
You need to have a shredder at home if you are going to be printing data from HMIS.
If you have any other questions related to the above or have a scenario you'd like to run by us, please contact our helpdesk at mohmis@icalliances.org.