Common questions about the HMIS Release of Information (ROI)

Author: Amy Olsen-Highness | Date Created: July 26th, 2024 | Date Updated: June 12, 2025

What this is

The HMIS ROI is a form that lets a client decide if they want to share their information with other programs in the statewide HMIS system.

Clients can choose:

  • Share – their enrollments and services will be visible to other agencies.
  • Do Not Share – only their basic profile will be visible to others.

When to use to ROI

  • Give the ROI at initial intake.
  • Each adult must sign.
  • The head of household signs for any minor children.

Only one ROI is needed per client. It does not expire unless the client changes their choice later.

Verbal Consent

  • Clients can give verbal consent if you're meeting over the phone.
  • Mark “verbal consent” on the form and keep a copy in the paper file.
  • At the first in-person meeting, have the client sign the form.

Exception: If your agency is covered by HIPAA, verbal consent is not allowed. The client must sign in person.

Where to Get the Forms

Get the most recent ROI and Data Privacy Notice from the MN HMIS website.

Client Rights

  • You must explain the ROI and answer their questions.
  • Clients must understand the ROI before signing.
  • They can see their HMIS information anytime upon request.

Reminders

  • Store signed ROIs in a safe place.
  • You can upload the ROI in HMIS under “Client Files.” Make it visible to all organizations.

Common questions

What is the Data Privacy Notice (DPN)?

The first page of the ROI. It explains what data is collected, why, who can see it, and client rights. Review it with the client and give them a copy.

What is the "Posted" DPN?

A short version of the DPN. Post it where clients can see it. It does not replace the full DPN at intake.

Do clients need to sign the new ROI?

Yes. All clients, including those who signed one before August 2024, need to sign the current version.

What if household members have different sharing preferences?

You can only pick one option for the whole household. Use Do Not Share if any member chooses it. Let the client know this won’t affect their services.

What if a client changes their mind?

Have them sign a new ROI. Update their sharing setting in HMIS. The change applies to new data only. You can update old entries from your agency as a courtesy, but it’s not required.

What’s the difference between Standard, HIPAA, and MGDPA ROIs?

  • HIPAA-covered agencies must collect in-person signatures. Verbal consent is not allowed.
  • MGDPA-covered agencies follow similar rules.
  • If you don’t know your agency’s status, ask your supervisor.

Questions? Email the Helpdesk: MNHMIS@icalliances.org

Still need help? Contact Us Contact Us