2015 HMIS Annual Workshop

2015 HMIS Annual Workshop

2015 HMIS Annual Workshop August 20 th 2015 AGENDA 9:00 AM Welcome (All times are approximate) 9:15 AM Security, Data Integrity, Compatibility 10:45 AM ServicePoint Feature Set 11:30 AM - Annual Homeless Assessment Report 11:45 LUNCH BREAK 1:15 PM New HUD Data Elements 2:00 PM The TOP 25 2:45 PM Open Discussion

HMIS General Security Essentials

MORE SECURE DATA ENVIRONMENT Adhere to HMIS REQUIRED policies and implement at every security level COMPUTER USER CLIENT ORGANIZATION/PROVIDER

MORE SECURE DATA ENVIRONMENT Create an environment of confidentiality by restricting open discussions that include secure information. Assure that only staff who work directly with clients or who have administrative responsibilities can look at, enter, or edit client records.

COMPUTER SECURITY All computers that will access HMIS must be in secured locations. Personally Identifiable Information (PID) included in HMIS should not be visible to other clients or the public. This information should not be able to be accessed by unauthorized users.

COMPUTER SECURITY All computers running HMIS must have up to date anti-virus software and must be behind a software and/or hardware firewall. Use a secure, supported operating system. (Windows 7, Windows 8, ipad)** **Computers running ART must be running Java 6 release 45.

COMPUTER SECURITY Maintain current operating system updates. Keep your operating system updated by applying the latest service packs and patches. Use recommended and updated browsers (Firefox and Chrome) for HMIS.

COMPUTER SECURITY It is a BEST PRACTICE to implement the PRINCIPLE of LEAST PRIVILEGE (PoLP) when users log onto a computer to use it for HMIS. It is recommended that there be a separate ADMINISTATOR user on a computer and that the day to day entries and use of the computer be performed while logged in as a STANDARD USER without administrative privileges.

COMPUTER SECURITY A computer running HMIS must not be left unattended. Every computer s power settings must automatically turn off the display after a reasonable length of time (e.g. 15 minutes) without activity and; Require a re-entry of the user password in order to log back in.

COMPUTER SECURITY Do not download unfamiliar software off the Internet: KaZaA, Bonzi, Gator, HotBar, WhenUSave, LimeWire, Ads by Ultra Coupon, Coupon Factor, Firefox Redirect and other programs may appear at first to have useful and legitimate functions. However, it may contain spyware or malware, which will damage your computer functionality.

COMPUTER SECURITY Whenever you install a computer program, look and read carefully each screen before clicking NEXT. You may, without realizing it, give permission to install other software that can affect the performance of your computer and/or add malware/spyware to your system.

COMPUTER SECURITY BEST PRACTICE: Install only the software on your computer systems that is needed for your legitimate business practice.

COMPUTER SECURITY Obtain all software, including public domain software from reputable sources. It may look like the same software, it may seem like a great price, but the cost can be high to your organization, if the software contains viruses or malware, or is a pirated copy of a computer program.

USER SECURITY An HMIS user is a staff person or volunteer who is authorized and trained to collect and disseminate information regarding clients or potential clients of PROGRAMS operated within the CoC.

USER SECURITY Every user must have a unique HMIS login ID, and a password that changes on a periodic basis. User login and password information must be kept secured, and must not be shared with anyone.

USER SECURITY All users must be trained in the use of HMIS and must sign a user confidentiality agreement with the Suncoast Partnership HMIS.

USER SECURITY You can find an up to date list of the HMIS training programs that are scheduled on the Suncoast Partnership website. Look for the icon the reads HMIS Training.

USER SECURITY Confidential information obtained from HMIS is to remain confidential, even when the HMIS user s relationship with the agency changes or concludes for any reason.

USER SECURITY Any unauthorized access or unauthorized modification to the computer system information or interference with normal system operations will result in immediate suspension of the users access to the HMIS and may jeopardize your employment status with your agency.

HMIS PASSWORD SECURITY POLICY Passwords must be 8 to 16 characters in length and must contain at least two numbers. The system allows only one login per password at a time. In other words, you cannot log into the system on two terminals at the same time using a single password. Passwords automatically expire every 45 days. When your password expires, you must enter a new one; you cannot reenter the same one.

HMIS PASSWORD SECURITY POLICY In order to enforce password security, ServicePoint will not allow your browser to save your password. Additionally, if you attempt to log into ServicePoint three consecutive times with the wrong password, your user account will need to be reset by a system administrator. You must contact your administrator to have your account reactivated.

HMIS PASSWORD SECURITY POLICY ServicePoint has an automatic logout function for users who have been idle for a pre-determined period of time. This function decreases potential viewing and/or manipulation of client data by unauthorized individuals. This timer is typically set for 30 minutes.

PRACTICAL PASSWORD GUIDELINES A strong, effective password requires a necessary degree of complexity. There are four practices to help create these strong passwords and yet keep them relatively easy to remember.

PRACTICAL PASSWORD GUIDELINES Four best practices for passwords: Length Width Depth Substitution.

PRACTICAL PASSWORD GUIDELINES Length means that the longer a password, the more difficult it is to crack. Simply put, longer is better. Probability dictates that the longer a password the more difficult it will be to crack. HMIS Software allows for 8 to 16 characters

PRACTICAL PASSWORD GUIDELINES Width is a way of describing the different types of characters that are used. Don t just consider the alphabet and upper and lower case letters. Also include numbers and special characters like %.

PRACTICAL PASSWORD GUIDELINES Depth refers to choosing a password not easily guessable. However, it has been found that creating passwords that are just random characters creates organizational problems, as the passwords are too difficult to remember. Stop thinking in terms of passwords and start thinking in terms of phrases.

PRACTICAL PASSWORD GUIDELINES Creating depth means using phrase passwords including something phonetically spelled, such as ImuKat! (instead of I m a cat! ) or the first letters of a memorable phrase such as qbfjotld = quick brown fox jumped over the lazy dog. Add a number in place of a letter, a special character in place of a letter and capitalize a letter and you have a great password. Qbfj0t!d

PRACTICAL PASSWORD GUIDELINES Substitution is a great way add complexity without making the password more difficult to remember. The password we used in the Depth example was Qbfj0t!d, relating to the phrase quick brown fox jumped over the lazy dog. Note: that we replaced the letter o with the number 0 and replaced the letter l with the exclamation point. This is called Substitution.

PRACTICAL PASSWORD GUIDELINES With Substitution you can create some easy to remember substitution rules. For example: For the capital letter S, substitute the $ symbol. For the letter z, substitute the number 2. For the letter l, substitute the exclamation point. For the letter B, substitute the number 8. These are just a few simple substitution rules that you might utilize.

CLIENT SECURITY Each client must be made aware that their information is to be entered into the HMIS and why that information is collected.** To help meet the client s needs to help with case management and help make sure the client gets services needed. **See Organization/Provider Security for more information.

CLIENT SECURITY Each client must be made aware that their information is to be entered into the HMIS and why that information is collected.** To help HMIS and program providers count and do research regarding how many people we serve and the types of people we serve. **See Organization/Provider Security for more information.

CLIENT SECURITY Each client must be made aware that their information is to be entered into the HMIS and why that information is collected.** To help HMIS and program providers understand the types of services people need and develop new services to meet the needs. **See Organization/Provider Security for more information.

CLIENT SECURITY Each client must be made aware that their information is to be entered into the HMIS and why that information is collected.** HMIS and program providers only collect personal information that is necessary and seek to only maintain personal information that is complete, correct, consistent and current.

CLIENT SECURITY Each client must be made aware that their information is to be entered into the HMIS.** A client should consent to have their information entered into HMIS. It should be noted that a client may refuse to have their information entered but this may effect their eligibility for services.

CLIENT SECURITY Each client should sign a RELEASE OF INFORMATION for the sharing of their information among participating providers. Each provider must have their own RELEASE OF INFORMATION with each client.

ORGANIZATION/PROVIDER SECURITY Organizational responsibilities regarding: Posting of the required Notice of Uses and Disclosures for HMIS Collecting, editing, and reporting information. Sharing and/or protecting client information. Setting policies against discriminatory, profane, offensive or inflammatory language in HMIS.

ORGANIZATION/PROVIDER SECURITY Organizational responsibilities regarding collecting, editing, and reporting information. Only staff who work directly with clients or who have administrative responsibilities can look at, enter, or edit client records. When working with other organizations and the HMIS staff, use client numbers only.

ORGANIZATION/PROVIDER SECURITY Organizational responsibilities regarding collecting, editing, and reporting information. Misrepresentation of the client database by knowingly entering inaccurate information is prohibited

ORGANIZATION/PROVIDER SECURITY Organizational responsibilities regarding collecting, editing, and reporting information. Client records are not to be deleted from the HMIS system. If a client or guardian of a client chooses to rescind consent to participate in the HMIS, her/his file shall become inactive.

IMPORTANT NOTICE The HMIS system is to be used for business purposes only. Transmission of material in violation of any United States Federal or State of Florida regulations or laws is prohibited and includes material that is copyrighted, legally judged to be threatening or obscene, and considered protected by trade secret. The HMIS will not be used to defraud the Federal, State or local government or an individual entity or to conduct any illegal activity.

ORGANIZATION/PROVIDER SECURITY Organizational responsibilities regarding sharing client information. Staff should be trained, understand and share with clients the purpose of HMIS and both how and why information is obtained and documented in HMIS.

ORGANIZATION/PROVIDER SECURITY Organizational responsibilities regarding sharing client information. Staff should be trained, understand and share with clients the benefits of HMIS, including the fact that the information they provide can assist in better referrals and a more complete set of services on their behalf.

ORGANIZATION/PROVIDER SECURITY Organizational responsibilities regarding sharing client information. Written client consent, or Release of Information (ROI), is required for every client due to the fact that some or all of the data collected will be shared with other providers, the program funding sources and other administrative staff.

ORGANIZATION/PROVIDER SECURITY Organizational responsibilities regarding sharing client information. Copies of client consent records shall be kept by the participating agencies for at least 7 years. An electronic copy of the ROI may be attached to the client s HMIS profile by scanning the signed agreement.

ServicePoint Feature Set

CallPoint - Call management and tracking, connecting calls to ClientPoint and HMIS ClientPoint - Manage client information and use effective tools like Case Management. ActivityPoint - Schedule classes, events. Track attendance and more. Fund Manager - Real Time tracking of dollars for services, programs and shelter ShelterPoint - Effective Bed Utilization SkanPoint - Faster and more convenient provision of services, programs and shelter ResourcePoint CommunityPoint Keeping information about your organization up to date. Reporting - Available Standard Reports, Easy Access to Information

CallPoint - Call management and tracking, connecting calls to ClientPoint and HMIS Add a dynamic information and referral management tool to your ServicePoint system. Utilize CallPoint to log calls, capture information about callers, and refer those in need to the most appropriate community providers.

ClientPoint - Manage client information and use effective tools like Case Management. Efficiently manage your client records with this powerful core ServicePoint module. Whether you need to view a summary of client activity, link clients in households, assess client needs, log case plans, or record services - ClientPoint has you covered!

ActivityPoint - Easily record client attendance, manage wait-lists, and track volunteer service at any activity or event for quick reference and reporting. Identify the topic, teachers, location and dates of each activity. Know who is scheduled to attend and keep a record of their attendance.

ActivityPoint - Schedule classes, events. Track attendance and more. You can even schedule & track attendance for volunteers using Activity Point.

Fund Manager Efficiently Manage Your Funding in real-time with FundManager. FundManager allows for seamless integration of grant management and client activity, providing a full picture of how funds are spent and who funds assist.

Fund Manager Make Your Grant Management Simple Case Managers are guided through the selection of appropriate funds for a service, and Fund Administrators have flexible options to set up their funds according to the to grant requirements. FundManager allows you to track which clients and households are receiving assistance dollars and for what services. Fund Administrators control fund compliance parameters and which providers have access to the funds. Other flexible options include the ability to allocate assistance amounts to providers or leave the fund open for use on a first come, first serve basis. FundManager empowers case managers by guiding the workflow when providing assistance to their clients. Take the guesswork out of determining the best funding sources to assist clients by displaying only relevant funding source options and providing real-time fund balances. Case Managers are kept up to date on the status of fund requests and informed of the next steps needed to fulfill their clients' fund requests. Make real-time auditing of your grant and fund management easy. FundManager provides unparalleled accountability for your funding as you easily track and report which clients or households are receiving assistance dollars and for what services.

ShelterPoint - Effective Bed Utilization

ShelterPoint - Effective Bed Utilization ShelterPoint was specifically designed as an all-in-one module to support the unique needs and workflows of human service residential programs. View realtime occupancy information, manage reservations and unit assignments, and much more. And ShelterPoint integrates with the rest of ClientPoint, Fund Manager and even SkanPoint.

SkanPoint - Faster and more convenient provision of services, programs and shelter Stream-line data entry for services. With SkanPoint, you can instantly record one or more services, quickly assign a residential unit, easily generate client ID cards for multiple services, and much more.

ResourcePoint CommunityPoint Keeping information about your organization up to date. HMIS ResourcePoint http://mycommunitypt.com/sarasota/

Identifying Service Codes that will match a client/households needs. Each resource in ResourcePoint has a list of Service Codes that come from the AIRS Taxonomy.

Reporting - Available Standard Reports, Easy Access to Information, Custom Reporting Canned Reports Standard reports provided with ServicePoint to help track items like services, referrals and more. No need for special programming. Special Recipe Individualized reports to meet a projects specific needs. Usually done with the Advanced Reporting Tool (ART) by the HMIS staff.

Reporting Reporting: ServicePoint Reports Canned Reports ReportWriter Dashboard Reports Counts Reports My Fund Requests ART Dashboard Reports Specialized ART Reports

Annual Homeless Assessment Report

Description and Purpose of the AHAR Report A H A R The Annual Homeless Assessment Report (AHAR) is a HUD report to the U.S. Congress that provides nationwide estimates of homelessness, including information about the demographic characteristics of homeless persons, service use patterns, and the capacity to house homeless persons. The report is based primarily on Homeless Management Information Systems (HMIS) data about persons who experience homelessness during a 12-month period. For our area, the City of Sarasota is the only geocode included for the AHAR report. Focus is on emergency housing, transitional housing and permanent supportive housing. Current Status Quarterly status reports enable providers to correct errors and complete information that is lacking in a client file. Timeline First draft due in October, final report is due by Mid-November.

HUD Standards: A few changes and a greater emphasis on performance.

Program Data Elements Project Requested Data Elements Universal Data Elements include REQUIRED fields for data entry for all projects and are included for all projects. Program Data Elements are required fields for specific projects upon the funding source, and are not always available for every project. Project Requested Data Elements are fields that your specific project requests that are neither required or part of the Universal Data Elements. These fields may provide helpful data as you make services available.

FY 2015 New HUD Data Standards: Universal Data Elements 3.12 Destination 3.17 Time on Streets, Emergency Shelters, or Safe Havens Program Specific Data Elements 4.11 Domestic Violence RHY Only 4.35A Commercial Sexual Exploitation 4.35B Commercial Labor Exploitation SSVF Only 4.44 HP Screening Score 4.45 VAMC Station Number HOPWA Only 4.47 T-Cell and Viral Load

System Performance Measures: Length of Time Persons Remain Homeless Exit Homelessness to Permanent Housing & Return to Homelessness Number of Homeless Persons Employment and Income Growth for Homeless Persons in CoC Program funded Projects Number of Persons who Become Homeless for the First Time Homelessness Prevention and Housing Placement of Persons Defined by Category 3 of HUD s Homeless Definition in CoC Program-funded Projects Successful Housing Placements

25 Questions

25 Questions The HMIS Annual Workshop Booklet has all 25 questions and our best answer for each. You can download a copy of this booklet on line at: www.suncoastpartnership.org/what-we-do/hmis/hmis-training/

Thank You.