SE TN Data Tune-Up: HMIS Privacy & Security (October 2025)

This training provides an overview of required privacy, security, and confidentiality practices for all HMIS-participating agencies and end users.

• Defines privacy, security, and confidentiality and explains why each is essential for protecting client information in HMIS.

• Outlines responsibilities of the HMIS Lead Agency and Partner Agencies, including required agreements, posted notices, internal procedures, and annual training compliance.

• Details end-user responsibilities such as maintaining unique login credentials, securing workspaces, locking devices, safeguarding passwords, and protecting physical client files.

• Provides guidance for secure communication with other providers, including using HMIS IDs, limiting information shared, and avoiding identifiable details in emails.

• Reviews client rights regarding access to their HMIS records, the process for requesting amendments, required response timelines, and conditions under which information may be shared.

• Explains data visibility in ClientTrack and how access is controlled to protect confidentiality.

• Includes a monitoring checklist summarizing agency requirements related to policies, training, data quality, accessibility, privacy notices, and compliance with standards.