HMIS Requirements

The U.S. Department of Housing and Urban Development (HUD) and the federal partners, along with other planners and policymakers use aggregate Homeless Management Information System (HMIS) data to better inform homeless policy and decision making at the federal, state, and local levels.

The HEARTH Act, enacted into law on May 20, 2009, requires that all communities have an HMIS with the capacity to collect unduplicated counts of individuals and families experiencing homelessness. Through their HMIS, a community should be able to collect information from projects serving homeless families and individuals to use as part of their needs analyses and to establish funding priorities. The Act also codifies into law certain data collection requirements integral to HMIS. With enactment of the HEARTH Act, HMIS participation became a statutory requirement for recipients and subrecipients of the Continuum of Care (CoC) Program and Emergency Solutions Grant (ESG) funds.

Regulations and Standards

HMIS Requirements Proposed Rule

On December 9, 2011, HUD continued its process of implementing the HEARTH Act by publishing 24 CFR Parts 91, 576, 580, and 583 – the HMIS Requirements. The proposed rule is not in effect, but outlines the anticipated implementation of outlines potential requirements for HMIS. Note: this rule is not for effect. HMISs that are currently in operation must continue to use the standards currently in place (the 2004 Technical Standards and the 2010 Data Standards) until the HMIS rule is published as final.

For more information on the current HMIS Data and Technical Standards, please go to the HMIS Guides and Tools page, which includes information HMIS governance, privacy and security and data quality and functionality.

HMIS Technical Standards

The privacy and security standards for HMIS, as described in the 2004 Data and Technical Standards Notice, seek to protect the confidentiality of personal information while allowing for reasonable, responsible, and limited uses and disclosures of data. These privacy and security standards are based on principles of fair information practices and on security standards recognized by the information privacy and technology communities. The standards were developed after careful review of the Health Insurance Portability and Accountability Act (HIPAA) standards for securing and protecting patient information.

Communities are expected to continue to use the 2004 Notice to implement their HMIS.