ROI Information and Frequently Asked Questions
Author: Amy Olsen-Highness | Date Created: July 26th, 2024| Date Updated: May 16th, 2024
Overview
This provides general information about the HMIS ROI and answers common questions about data sharing in HMIS.
HMIS ROI
It is your ethical obligation as an HMIS user to keep client transactional data private unless you are given explicit authorization by the client to share that information in HMIS.
You must present the HMIS Release of Information (ROI) form to every client entering your program at intake, or to each adult in a household. The heads of household should complete and sign the HMIS ROI on behalf of any minor children for which they serve as legal guardian.
- You can download and print all documents referenced in this article on the HMIS Minnesota website, in the Client Intake Documents section of this page: Administrative Documents
💥 An updated Data Privacy Notice and HMIS Release of Information are now live in HMIS. The new documents are now available on the MN HMIS website (linked above). Please ensure you are using the correct and up-to-date forms, and discard any old form releases you may have.
By completing the HMIS ROI, clients will indicate either Share or Do Not Share for their transactional data (i.e. enrollments and services) in MN's HMIS. If they choose not to share, only the details found on the Basic Client Information form will be visible to others in the system. By choosing to share, a client is consenting to Statewide Data Sharing, ensuring optimal service coordination and minimizing the need to "re-collect" data at each agency from which they are receiving services.
Clients also have the right to obtain and inspect their own information in HMIS whenever they request it. The client must be fully aware of what the HMIS ROI says and must be fully informed and allowed to ask questions to help them make the best decision for them and their situation.
More Important ROI Procedures
- The HMIS ROI only needs to be presented to the client once, as it does not expire, by the organization that is first creating the client's record in HMIS. This consent should be applied to all transactional data entered going forward, unless or until the client later revokes consent.
- The head of a households should complete and sign the HMIS ROI on behalf of any minor children for which they serve as legal guardian.
- Clients can either sign in-person or give verbal consent over the phone. (The only exception to this being if your agency is covered by HIPAA, you are not allowed to get verbal consent only and must have the client sign in-person.)
- If verbal consent is gathered, a copy of the HMIS ROI indicating verbal consent must be kept in the client’s paper file. At the first in-person meeting with that client, you should have them physically sign the ROI to replace in that client’s file!
Frequently Asked Questions
What is the Data Privacy Notice (DPN) and HMIS Release of Information (ROI)?
The purpose of the first page of the form - the Data Privacy Notice (DPN) - is to inform clients about what kinds of information are collected in HMIS, why its collected, who can see it, how privacy is protected, and what the client's rights are. It should be presented at intake and thoroughly reviewed with the client. Agencies should provide each client with a written copy of the DPN.
The purpose of the first page of the form - the HMIS Release of Information (ROI) - is to enable clients to choose whether or not they want their transactional information in HMIS shared to be visible/available to all agencies statewide. If I client says that they do not want that information shared (they only want it visible to the agency collecting it), then the transactions being entered by that agency must be set to "Restrict to Organization" in HMIS.
What is the "Posted" Data Privacy Notice, and how is it different?
The "Posted" DPN is a separate file available to download and print, and is a simplified version of the full Data Privacy Notice that clients read when they sign the ROI. Agencies are required by HUD to post this notice in a visible locations that clients can see as a consistent reminder. It does not replace the full DPN that clients must be presented with. It is designed to be more of an ongoing reminder.
Is there a new ROI and DPN now that we are using ClientTrack for HMIS?
YES! The data visibility and sharing structure in ClientTrack's (CT) HMIS is quite different from our former experience in Community Services (CS). In CS, the whole entire record was either shared or not shared. In CT, core "basic information" is visible by default to all end users (as explained in the DPN). This ensures we can minimize creation of duplicate records. When clients sign the ROI, they are agreeing or not agreeing to share their "transactional information". All existing clients must be presented with the new ROI and DPN.
Do clients need to sign the new ROI even if they signed the previous one before we switched over to ClientTrack's HMIS?
Yes, all existing clients should be presented with the new DPN and ROI.
Where should my agency store signed paper copies of client HMIS ROIs?
Agencies should store physical copies of signed releases in a secure physical location within their organization. ClientTrack's HMIS does have functionality for uploading and storing releases in the system, however that will not be immediately available at go-live.
Is there a place in ClientTrack's HMIS where I could store the signed ROI?
Yes! You could upload it to the Client Files section. The ROI document would be considered "Basic Information" so you should keep the Visibility marked as "All Organizations". That will ensure other agencies can actually reference it.
What is the difference between the Standard/HIPAA/MGDPA ROI versions?
Some organizations that utilize HMIS are covered under the Health Insurance Portability & Accessibility Act (HIPAA) or the Minnesota Government Data Practices Act (MGDPA). ICA does not currently maintain a list of which agencies are covered under either of these laws. If you are uncertain of the status of your own agency, please reach out to your organization's leadership for further clarity.
The key differences are that MGDPA and HIPAA organizations cannot collect verbal consent over the phone - it must be collected in person. Additionally, HIPAA covered organizations have an additional prompt to enable clients to opt in or out of their information being included in research.
Can the HMIS ROI be read and signed by the client verbally over the phone?
A signature is not required on the general HMIS ROI and agencies can document that verbal consent was obtained verbally from the client by indicating this on the signature line. Agencies should refer first with their own data privacy agreements, then any data sharing arrangements they may have. (For instance, verbal consent is NOT allowed for HIPAA-covered agencies.) Additionally, make sure the Data Privacy Notice is available to clients at intake, even if an intake is being conducted over the phone.
If a client declined statewide data sharing and that was documented properly in Community Services HMIS, how does that "transfer" into ClientTrack's HMIS?
more info coming soon....
What do I do if I find a client record for which their sharing preference seemingly did not transfer appropriately (ie they declined to share previously but their transactional information appears to be shared in CT)?
more info coming soon....
If, when I present the updated release to my existing clients who had previously consented to statewide data sharing, they choose Do Not Share, what do I do in our current HMIS to update visibility?
more info coming soon....
What if a client revokes their HMIS ROI consent, or vice versa?
If a client's consent choice changes, it changes as of the date they notified you and signed a new release. Any data from that point onward should have the new choice reflected. Additionally, make sure to go into the Profile and update their sharing selection.
Note that data entered previously will retain the sharing option that applied at the time it was entered. You are welcome to go in and update the sharing on any forms within your own agency's editing purview (those are the only ones you would be able to edit) as a courtesy, but it is not required.
What if different household members have different sharing preferences? For example, the parent consents to sharing but doesn't want their childrens' transactions shared?
This difference in sharing preferences can cause a conflict on the Program Enrollment page (the form where you are selecting which project the household is enrolling in) because there you have to select Share or Restrict for the whole household - you can't select different options for each individual.
In this scenario, the best practice would be to apply the restricted choice to all family members. Make sure to let the client know about this - that a system limitation at this time means that we need to apply the same visibility to all family members. Make sure they know that this will not have any bearing on the quality of services they receive.
Core HMIS Workflow How-to Guides:
Questions? Email the Helpdesk: MNHMIS@icalliances.org