VA Releases Guidance on HMIS "Read-Only" and "Direct-Entry" Access – Policy Q&A
The U.S. Department of Veterans Affairs (VA) Homeless Program Office released national guidance regarding VA Medical Center staff seeking read-only and/or direct-entry access to a Continuum of Care’s Homeless Management Information System (HMIS). Both HUD and the VA are excited to share the below guidance with your organization, which the VA sent to its Mental Health Leads and Network Homeless Coordinators earlier this month.
We have anticipated a number of questions will likely be raised and have provided a questions and answers section immediately following the guidance.
VA National Guidance Regarding HMIS Access Requests
In consultation with the Veteran Health Administration’s (VHA) Office of Privacy and the Office of Healthcare Security Requirements, the following national guidance is being issued regarding read-only and direct entry access to HMIS for VA staff.
“Read-Only Access” for VA Staff: VA staff can obtain read-only access to HMIS, as long as the data is used as part of the job responsibilities of the individual obtaining the access; specifically the data accessed is being used to provide needed services and coordinated care to Veterans. Read-only access to HMIS is at the discretion of the data system owner (HMIS approving official) and local VA leadership; access approvals are not at the discretion of local VA Privacy Officers and Information Security Officers (ISOs).
“Direct-Entry Access” for VA Staff: VA staff can directly enter data into HMIS if a Release of Information (ROI) is in place and the entry contributes to the job responsibilities of the VA staff entering the data; specifically the data entered is being used to provide needed services and coordinated care to Veterans. The VA is not responsible for how data is used by non-VA entities once entered, regardless of who enters the data or the minimum security requirements of HMIS. The responsibility for the data lies with the owner of the data system. Direct-entry access to HMIS is at the discretion of the data system owner and local VA leadership; access approvals are not at the discretion of local VA Privacy Officers and ISOs.
Security and System Access: HMIS is a non-VA web based resource. Software uploads to VA desktops are not required; therefore the inherent security controls for the VA browser configurations provide adequate security for the sessions invoked by the VA user’s browser session. There are no IT related security issues preventing VA staff from obtaining read-only and direct entry access to HMIS. All necessary access agreements need to be developed by the data system owner (HMIS approving official) and coordinated with VA leadership; not local VA Privacy Officers and ISOs.
Our office is working on several long term solutions to assist with data sharing; specifically an HMIS universal data elements report which will support VA data transfers to community partners with proper releases. Additionally, we are in the process of developing a national platform to support data sharing between community and VA data systems. The Homeless Program Office supports and promotes efficient means of data sharing that minimize the burden of data entry on VA staff. For your reference, a white paper detailing successful collaboration between a Veterans Affairs Medical Center (VAMC) and their Community HMIS to establish data sharing processes to enhance operational planning and increase access to care for homeless Veterans can be found on the National Coalition for Homeless Veterans webpage.
Does this guidance mandate that VA Homeless Program Staff use HMIS?
No, this guidance is intended to support HMIS access requests initiated by local VA leadership and clarifies common concerns raised by VAMC security and privacy officers. VA continues to support collaborations with HMIS, but this guidance is not a push for VA staff to enter duplicative data into HMIS. This guidance is intended to specifically address local VAMC misconceptions around security and privacy concerns.
What additional steps is the VA taking to improve data sharing between our systems?
VA’s Homeless Program Office is working on national solutions for data sharing, specifically reports which will allow for electronic sharing of HOMES data with HMIS administrators and the development of a national platform which will enable bi-directional data sharing of HOMES and HMIS data. The platform is in the early stages of development and details will be forthcoming.
Will this guidance affect any of the current procedures for VA homeless program HMIS data entry requirements?
No, this guidance does not change program-specific requirements. Please refer to the VA Programs HMIS Manual for guidance around which VA programs are required to use HMIS.
Does this guidance change any requirements for VA staff entering data into HOMES?
No, this guidance does not change any of the requirements or expectations for VA staff who enter data into HOMES, nor does it mandate that VA enter duplicative data into HMIS.
How will this guidance support coordinated assessment and centralized intake?
For those participating in coordinated assessment and centralized intake, direct entry access will enable VA staff to document assessments in HMIS and read only access will provide access to “named lists”, which will assist staff with identifying and prioritizing persons, including those who are chronically homeless, in need of housing.
Is there guidance available for HMIS administrators to assist them with adding VA projects to HMIS when necessary?
HUD and the VA are working to update the VA Programs HMIS Manual to include information for adding additional VA projects to your organization’s HMIS. HUD will forward the revised manual after it has been updated.