This page contains the authorizing regulation and notices for Homeless Management Information Systems (HMIS).
The HEARTH Act required HUD to establish standards related to HMIS, including standards related to encryption of the data collected and the rights of persons receiving services under the McKinney-Vento Act.
Date Published: December 2009
On December 9, 2011, HUD continued its process of implementing the HEARTH Act by publishing 24 CFR Parts 91, 576, 580, and 583- the Homeless Management Information Systems Requirements. This proposed rule add a new part to the Code of Federal Regulations to regulate the administration of HMIS and the collection of data using HMIS, as provided for by the HEARTH Act (24 CFR part 580). The proposed rule also makes corresponding changes to HUD’s regulations for Consolidated Submissions for Community Planning and Development Programs, at 24 CFR part 91; the Emergency Solutions Grants program, at 24 CFR part 576; the Shelter Plus Care Program, at 24 CFR part 562; and the Supportive Housing Program, at 24 CFR part 583. The proposed rule implements the HMIS requirement in the HEARTH Act and makes mandatory the practices that HUD previously provided as guidance.
Date Published: December 9, 2011
The Department of Housing and Urban Development (HUD), the Department of Health and Human Services (HHS), and the Department of Veterans Affairs (VA) released the 2017 HMIS Data Dictionary on May 2, 2017. An accompanying 2017 Data Manual will be available soon. For more information, please refer to the HMIS Data and Technical Standards page.
Prior to releasing the 2014 HMIS Data Dictionary and Data Manual, HUD sought public comment via CPD Notice 13-107. This Notice revised the HMIS Data Standards Revised Notice of March 2010. The public comment period closed on June 3, 2013 and HUD released the final data standards outside of the CPD Notice process. Later this summer, HUD will release a compilation of the public comments received and the responses.
Date Published: April 2013
The privacy and security standards, as described in the 2004 Data and Technical Standards Notice, seek to protect the confidentiality of personal information while allowing for reasonable, responsible, and limited uses and disclosures of data. These privacy and security standards are based on principles of fair information practices and on security standards recognized by the information privacy and technology communities. The standards were developed after careful review of the Health Insurance Portability and Accountability Act (HIPAA) standards for securing and protecting patient information.
Communities are expected to continue to use the 2004 Notice to implement their HMIS. HUD is in the process of finalizing draft Notices that will be released later this year for public comment. The Notices that will be released for comment include:
Descriptions of each of these Notices are presented below. Communities will have a chance to comment on the requirements set forth in these draft Notices during the public comment process. HUD will review the comments and issue final Notices sometime in 2015. At that point the 2004 Data and Technical Standards Notice will no longer be in effect.
The CoC Program Interim Rule and the HMIS Proposed Rule requires the CoC to develop a written charter that includes, at a minimum, a requirement that the HMIS Lead enter inter written participation agreements with each organization contributing data to the CoC’s HMIS; detail on the participation fees charged by the HMIS, and any additional requirements issues by HUD in notice. The HMIS Governance Notice will provide guidance on these specific issues and what CoCs must have in place around in order to be compliant with the HMIS Rule and Notices.
The HMIS Proposed Rule sets forth basic requirements around privacy and security of client-level data and HMIS systems. The HMIS Privacy and Security Notice will provide communities with further guidance around these issues so communities can assess their current policies and procedures and make adjustments where necessary in order to be compliant with the HMIS Rule and Notices.
The HMIS Proposed Rule also sets parameters around ensuring the completeness, accuracy, and consistency of data in an HMIS. The HMIS Data Quality and Functionality Notice will provide communities with guidance around data quality and software functionality requirements so communities can assess their current HMIS implementation and make adjustments where necessary in order to be compliant with the HMIS Rule and Notices.