What to know if you receive a HMIS data request from law enforcement, courts, or federal agencies

Author: ICA | Date Created: October 2025

What this is

You may wonder who can see information in HMIS or what to do if law enforcement approaches your staff asking for client information stored in HMIS. Minnesota's HMIS policies define who can access HMIS and under what conditions.

⛔ Any request for HMIS data from a court, a regulatory agency or law enforcement should be escalated to ICA.

This article reviews the HMIS data privacy policy, what to do if you get a subpoena, suggested protocols, and answers common questions about who can access information in HMIS.

In this article

Can federal agencies like HUD or HHS access my client’s information in HMIS directly?

No. Personally identifiable data in HMIS is not shared with federal agencies. They do not have direct access, either. We have no plans for that to change. 

By design, HMIS Leads (like ICA) operate the data system. When we prepare federal reports like the Point-in-Time, we submit summary information (e.g. counts of clients served, never their names or personal info).

When I upload the Annual Performance Report (APR) to the federal reporting system, Sage, am I giving client information to HUD?

No. The APR, CAPER, and other federal reports are coded in a way that does not include any client’s personal information.

What if a law enforcement or immigration officer asks my staff for HMIS data?

It is important to know your rights and obligations if your organization received a request for HMIS data from a court, a regulatory agency, or law enforcement.

We encourage all agencies to have a protocol in place that everyone on staff can easily reference.  

If someone asks or demands that you give them client information from HMIS,  

  1. never fulfill such a request on your own 
  2. never give them access to your computer 
  3. contact your supervisor and ICA immediately 

We will work together to determine the validity and scope of the request. Once we verify the subpoena, ICA will immediately involve our own legal counsel before responding or sharing client information. We are committed to protecting client privacy while meeting legal obligations.

Never share client information without seeking further guidance first. 

What does the HMIS Data Privacy Notice say?

In the Data Privacy Notice (DPN), under the "Who can see information that is listed in HMIS?", it says 

  • We may release your information to protect the health or safety of you or others as required by law. 
  • Others as required by law, including officials with a valid subpoena, warrant, or court order. 

This means that there are certain circumstances under which an agency may be obligated to share client information from HMIS.

What do HMIS policies say about requests for client-level data from law enforcement?  

In Section 5.1 - Baseline Privacy Policy, the policy states 

Escalating Requests for Client-Level Data from Law/Regulatory Enforcement or Other Entities 

In the event a participating agency receives a request (such as a warrant, subpoena, or court order) from law or regulatory enforcement or any other entity for client-level HMIS data containing Personally Identifying Information (PII), the request must be escalated to the HMIS Lead Agency for further vetting and legal consultation. Agencies may not fulfill such a request prior to discussing with the HMIS Lead Agency. If such a request is deemed legal and valid, the HMIS Lead Agency will work with the participating agency to determine how to fulfill the request such that the minimum amount of PII is disclosed.  

To access the full HMIS Policies, visit the Administrative Documents page of this website.

If ICA is directly approached by law enforcement or a federal agency, would agencies whose clients' data was shared be notified?

Yes. ICA will immediately involve our legal counsel if we receive a valid request for client data directly. We will also involve relevant agencies/service providers directly.

Still need help? Contact Us Contact Us