WilderResearch

Minnesota’s Homeless Management Information System (HMIS)

System Security and Visibility SettingsSystem Administration 195

SYSTEM SECURITY

Security Features of Database

In compliance with all Federal and State laws and codes

(including HIPAA)

Internet communications are SSL encrypted

Database is encrypted; servers are stored in a vault

“Closed” system (moving towards a system with more

sharing)

Not linked with other databases

Each end user has a unique username and password; audit

trail follows users’ actions in the system

General Tree Structure

Level 1 - Wilder Research

Level 2 - CoC Coordinator

Funders and LSAs

Level 3 - Agency

Level 4 - Agency Project

Level 5 - Project Breakout

Tree Structure

Access to Data

Administrative Access CoC Coordinators

Local System Administrators (LSAs)

Funders

Visibility Groups Agency Visibility

Complex Agencies

Funders

Data Sharing (Provider-to-Provider)

Agency to Agency

Agency Agreement

– Allows for client data to be entered into HMIS

Local HMIS Data Use and Administration Agreement

– Indicates whether or not an Agency’s project information can be

visible to the Local System Administrator/CoC Coordinator.

Data Privacy Notice and Consent– Indicates whether the client is in the system as a named client or

anonymously

Release of Information (ROI)– Indicates whether client data can be shared with another agency

Documents Which Influence Security and Visibility

All referenced documents are available for download at hmismn.org

Signed form: Enter full name and social security number

(SSN) (identifying information) into database

Unsigned form: Do not enter name nor social security

number; enter client anonymously in database

Each adult must receive their own form; adults sign for

their minor children

Unaccompanied youth may sign on their own behalf

Households can have both identifiable and anonymous

members

Client can go from anonymous to identifiable once the

consent form is signed

Data Privacy Notice and Consent

All referenced documents are available for download at hmismn.org

All agencies can share de-identified (aggregate level)

demographic information from reports

State funders and Grantees can view information entered into

HMIS for projects they fund

Non-HMIS users can access paper forms

As we move to a more open system, data sharing pilots are

testing data sharing practices for later implementation

HIPAA covered agencies can share data under specific

circumstances

Domestic Violence programs funded by HUD or VAWA cannot

use HMIS

Data Sharing and Privacy FAQs

All referenced documents are available for download at hmismn.org

Currently only for agencies that share HMIS

client records with other agencies

ROI’s are recorded as a visual indicator that

your client has agreed to share data with

another agency.

Update ROIs when they expire

Contact Wilder to review your security or if you

would like to talk about sharing data

ROI Tab

Know your padlocks:

– Red padlock = client data can only be seen by users

with access at that provider level

– Red padlock w/exclamation point = Client data is

shared with another provider. Could indicate sharing

within your own agency (common) or sharing with

another agency (less common).

– Visibility groups have been applied

– Green padlock = client data can be seen by anyone in

Minnesota with a ServicePoint license (call Wilder

immediately)

Security: Data Privacy

VISIBILITY SETTINGS

• The user can always see their provider's data.

• An Agency Administrator or Case Manager III

can always see subordinate provider's data.

• System Administrators II can see every

provider's data, even if that data is closed.

System Visibility - General Rules: User Roles

System Visibility - General Rules

These rules apply whether or not there is data

sharing set up.• The user can always see data the parent provider has entered.

• By DEFAULT, all data is stored within the Provider where the

data was created.

• Data is ONLY shared with additional Providers IF specifically

configured under the “Visibility” section of a Provider’s Profile

Visibility is controlled in several ways

– Security padlocks

– Visibility Settings on the Provider Page

– Visibility Groups

Visibility Control

Padlocks are located in several sections of the Client

Record. They display visibility/sharing for each section.

Click padlocks to view visibility settings.

Some examples are:

– Client Record – controls Name and SSN

– Client Demographics

– Entry/Exit

– Needs – controls visibility of services and referrals

– Measurements – controls visibility of Matrix

– Assessments

– Each assessment question has its own padlock

Padlock Controls - Visibility

• Provider “Visibility” and “Enter Data As” can be used

to apply visibility rules

– The “provider creating” determines the visibility

rules for that data.

– In MN’s HMIS, users are given EDA access to all

providers in their agency (typically).

Using EDA, users can select the provider

where data is created.

– The visibility rules for that provider are then applied

to the data created.

System Visibility – Special Rules

Navigate to the Provider Page:

– Click on Admin

– Click on Provider Admin

– Choose the Provider

• Search by name or number

System Admin Navigation – Visibility Settings

Use triangles: to expand, to

minimize

Visibility Tab

The “Visibility” tab determines what client data, if any, will

be sharable by the provider beyond the rules basic rules of

visibility.

Visibility for data is set based on the default Visibility of

Provider Creating the data. That Provider's default Visibility

will be applied to the data that's created.

Default visibility is comprised of two tabs - Static and

Dynamic.

Visibility Tab – Static Elements

Static Elements are elements that once created rarely, if ever,

change.

Sample Static Elements where visibility is configured: (bolded

ones are most common)• Case Manager

• Case Note

• Client

• Client Demographics

• Client Note

• Entry/Exit

• Measurement Tools Data

• Need

Visibility Tab – Static Elements

Here you can apply Visibility or Deny Groups. Deny Groups always override Visibility

Groups. To add a Visibility or Deny group, click “Add Groups” and search. Click the

plus to add.

Visibility Tab – Dynamic Elements

• Dynamic Elements are elements that may change over time.

• There is a dynamic element for each assessment.

• Visibility is applied the same way it is for Static Elements.

Visibility Tab – Add visibility to multiple objects

You can add Visibility or Deny

groups to multiple objects

(elements) at one time

Visibility groups are used to create a group of

providers whose data can be shared with another

provider.

– Each agency has a visibility group to share data

between providers w/in its on agency

– Each CoC has a visibility group that is applied to data

the CoC Coordinator/LSA should see.

• Data is not shared between providers in the CoC, it is shared to

the CoC Coordinator/Local System Administrator.

– Each Funding group has a visibility group so that

funders can see data for providers funded by that

source

Visibility Groups

Providers can share data to a Visibility Group rather than

listing each provider that can view data by selecting the

group rather than individual providers

Once a Visibility Group is created and applied to one or more

providers, new providers can be added to the group and will

be able to see data that is being shared with the previous

members of the group.

The “Global” Visibility Group is automatically created and

contains all ServicePoint providers within an implementation.

It auto-updates to include new Providers as they are created.

– Global visibility is not used in MN HMIS at this time.

Visibility Groups

Reporting groups are created for use when

running reports for a selected group of providers

ServicePoint Reports and ART reports can be

used with reporting groups

– Not all ART reports are set up to use reporting

groups.

Reporting Groups

Creating a Reporting Group

To Create a Reporting Group:

Click the Provider Groups button on the Admin

Dashboard

Click the Reporting Groups sub-tab

Click “Create New Group”

Creating a Reporting Group

• Name the group

• Provide a description of its uses

• Click “My Provider” for Provider Access

• This allows only users at your provider to

access this group

• Save• NOTE: The Sharing Group Type and the Access Level

Provider cannot be altered after the sharing group is saved

Creating a Reporting Group – Adding Providers

• Click Manage

Providers

• Search for a

provider you

want to add

(user Provider

ID#)

• Click the “Plus”

to add to your

group

• Click Exit when

complete

Navigate to the reporting dashboard

Using Reporting Groups – ServicePoint Reports

Common

useful reports

are circled in

green

Using Reporting Groups – ServicePoint Reports

Choose Reporting Group

Search for and select your

reporting group. Click the

plus to select.

Navigate to ART

Select the report folder and report to run

Click the next to the report to run

Select “View Report” or “Schedule Report”

Using Reporting Groups – ART Reports

Use the report prompt to select the Provider

(Reporting) Group

Using Reporting Groups

Type in your group name

and click the binoculars

Double-click to select the

group you want

Complete the remaining

prompts and click “Run

Query”Note: Not all reports are built to use

reporting groups.

State System Administrator

– Retains all user agreements

– Understands all aspects of visibility and security.

– Configures all visibility settings and applies visibility to providers

– Creates and manages State reporting groups

– Main contact for troubleshooting issues related to visibility

LSA/CoC Coordinators/Funders

– Understands how security and visibility impacts data entry and

reporting for providers and reporting groups

– Reviews visibility settings

– Creates and manages local, CoC, and Funder specific reporting

groups

• EA users should not edit Wilder created reporting groups

System Administration Roles

For Help

Consult online help (www.hmismn.org)

Call or email the Helpdesk (Available: 8:30-4:30 M-F)

– (651) 280-2780

– 1(855) 280-2780 and ask for HMIS Helpdesk

– Email: hmis@wilder.org

• Please use client ID number and initials instead of name in

email correspondence

Please complete the required quiz. Link

available at:

www.hmismn.org/expandedaccess/index.php

THANK YOU FOR WATCHING!