The purpose of this HMIS Agency and End User Agreement (hereafter "Agreement") is to document and communicate the requirements for the access and utilization of the Homeless Management Information System (HMIS) for the Kansas Balance of State Continuum of Care (KS BoS CoC) and Johnson County Continuum of Care (JoCo CoC) by Agencies and End Users. The Agency must agree to the below terms for each HMIS End User license within the KS BoS CoC and/or JoCo CoC. All participating agencies and HMIS End Users formally acknowledge the policies, procedures, roles, and responsibilities outlined in this Agreement. That includes the HMIS Policies and Procedures, Release of Information, and Data Privacy & Security Policies.
HMIS is required by the US Department of Housing and Urban Development (HUD) to collect and document the person-level information used to coordinate services. There are several vendors or options of design to choose from that meet the requirements of HUD. Kansas BoS and JoCo CoC's vendor is Bitfocus Clarity Human Services. Clarity Human Services is a client information system designed to store person-level information about the men, women and children who access homeless and other human services in a community. HMIS is used to configure, facilitate, and protect data integrity and sharing among Contributing HMIS Organizations (CHO's) for the purpose of producing an unduplicated count of homeless persons, understanding patterns of service use, and measuring the effectiveness of homeless programs. Through the HMIS, agencies and clients benefit from improved internal and external coordination that guides services, system planning, and reporting in the CoC region.
Each Continuum of Care (CoC) is responsible for designating the HMIS Vendor and HMIS Lead Agency. Kansas Housing Resource Corporation (KHRC) has been designated as the lead agency for the KS BoS CoC and has entered into a contractual agreement with Kansas Statewide Homeless Coalition (KSHC) to provide HMIS System Administration and enter into Agreements with CHO's. The JoCo CoC has designated KSHC as the HMIS Lead for Johnson County.
The HMIS Administrative Team (also known as the HMIS Team) consists of the Director of HMIS & CES, HMIS System Coordinators, and HMIS System Administrators. The HMIS team provides HMIS administration, support, training and allocates agency/user licenses in accordance with HMIS Policies and Procedures. The HMIS Oversight Committee is responsible for establishing policies, procedures, and protocols for functions essential to the viability and success of HMIS, including, but not limited to, data privacy, data quality, analysis, reporting and data sharing protocols. Please refer to the HMIS Policies and Procedures for a full list of HMIS Roles and Responsibilities.
This Agreement is made and executed as of 12-20-2023, by and between Kansas Statewide Homeless Coalition ("KSHC"), the Organization or Agency (as documented below), and the HMIS End User (as documented below) regarding access and use of the HMIS System ("Clarity"). Both the HMIS Participating Agency and the HMIS End User are held accountable to the terms of this Agreement.
Protected Personal Information (“PPI”) is defined as client-level identifying information, including, without limitation, information about names, birth dates, gender, race, social security number, phone number, residence address, photographic likeness, employment status, income verification, public assistance payments or allowances, food stamp allotments, or other similar information.
HMIS training will be provided at no cost. This training is mandatory for all individuals creating and maintaining client records in HMIS, including enrollments, assessments, services, housing check-ins, accessing CES within HMIS, etc. Proof of training completion is kept on file with the Kansas Statewide Homeless Coalition. Training must be completed once every two years unless the CoC requires training to be completed sooner due to major changes in HUD HMIS Data Standards, best practices, or HMIS policies and procedures. All CHO's are responsible for connecting prospective Users with HMIS staff in order to gain access to Clarity.
All HMIS End Users are responsible for reaching out to the Help Desk Ticketing System at https://kshc.freshdesk.com with questions.
KS BoS and JoCo CoC operate HMIS in compliance with applicable civil rights and fair housing laws and requirements. All HMIS End Users must comply with nondiscrimination and equal opportunity provisions of federal civil rights laws including but not limited to the Fair Housing Act, Section 504 of the Rehabilitation Act, Title VI of the Civil Rights Act, Title II of the Americans with Disabilities Act, Title III of the Americans with Disability Act, and U.S. Department of Housing and Urban Development Equal Access Rule. There shall be no discrimination of any person or group of persons on account of race, color, creed, religion, sex, marital status, sexual orientation, age, handicap, ancestry, or national origin in the operation of HMIS.
- All HMIS End Users must not decline to assist or serve clients if they refuse to share their personal information within HMIS.
- All HMIS End Users must inform all HMIS participants of their ability to file a nondiscrimination complaint at the time of entering an HMIS profile, program enrollment or program exit in accordance with the HMIS Policies and Procedures.
Each HMIS participant will be required to sign an HMIS Release of Information (ROI) form or give verbal permission to the witness that will share and store participant information for purposes of program enrollment, client creation, completion of assessments, etc. The signature of this ROI does not require a HMIS participant to enter PPI into the HMIS system. All HMIS participants will be informed of this right by the HMIS End User and/or the agency to ensure that the participant is aware that services can be provided without entering PPI into the system. The HMIS participant should be provided with the HMIS Data Collection Notice and the Privacy Notice.
All HMIS End Users and CHO's are required to comply with all federal and state laws and regulations and with all HMIS policies and procedures relating to the collection, storage, retrieval, and dissemination of client information. As well as, acknowledge that certain types of personal, health and financial data are protected by Government regulations and laws, including but not limited to the Privacy Act of 1974 (5 U.S.C. 552a et seq.), HIPAA Privacy Rule (104-191 P.L.), the HITECH ACT, Public Law 111-005, the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act of 1999. The Parties further mutually acknowledge that there are administrative, civil, or criminal penalties for disclosure or misuse of data. Employ reasonably appropriate measures to detect virus or spyware infection and deploy all reasonably appropriate resources to efficiently disinfect any affected systems as quickly as possible.
As an HMIS End User, you and your agency will have access to certain confidential information. As such, the HMIS End User and Agency agree that (including staff, volunteers, and board members) they will not at any time disclose confidential information and/or material without the consent of the HMIS participant. Unauthorized disclosure of confidential information shall be considered a material breach of this Agreement. At all times, client releases will be secured before confidential client information is exchanged. Confidential client information will be handled with the utmost discretion and judgment.
- All HMIS End Users understand that they must log out of the HMIS after each use to prevent a breach in client confidentiality and system security.
- All HMIS End Users are required to notify their HMIS Administrator of any suspicion or notice of a security breach or abuse of client confidentiality through the Help Desk ticketing system at https://kshc.freshdesk.com
Each HMIS End User must ensure the following security measures:
- Each HMIS workstation computer password information, including each authorized user’s identification information, is kept electronically and physically secure.
- Documents printed from HMIS are sent to a printer in a secure location where only authorized users have access.
- Non-authorized persons must be unable to view any HMIS workstation computer monitor.
- Each HMIS workstation computer has antivirus software with current virus definitions (i.e., within the past twenty-four (24) hours).
- Each HMIS workstation computer has and uses a hardware or software firewall.
- Unencrypted PPI can not be electronically stored or transmitted in any fashion (including, without limitation, by hard drive, flash drive, email, etc.) The HMIS team may provide PPI during the HMIS Oversight Committee Meetings (which are closed to the public) for the purposes of reporting, recieving client updates, reviewing HMIS grievance/complaints and in the assistance of completing HMIS Help Desk Tickets.
- Hard copies of PPI (including, without limitation, client files, intake forms, printed reports, etc.) are stored in a physically secure location and properly destroyed when no longer needed.
- Users not participating in HMIS for more than 60 days will be locked out due to non-activity.
- All HMIS End Users will not share or disclose their username or password information.
- Passwords must be changed annually, but HMIS Staff recommends users change them every 90 days. If log in information is lost or forgotten, HMIS End Users should reach out to the HMIS team through the Help Desk ticketing system at https://kshc.freshdesk.com.
- All HMIS End Users are required to review and agree to the HMIS Policies and Procedures, HMIS User Manual, Privacy Policies, and the HMIS Data Quality Plan
- All HMIS End Users will not use HMIS with intent to defraud the federal, state, or local government; an individual entity; or to conduct any other illegal activity.
- All HMIS End Users are responsible for understanding and complying with funder data collection and reporting requirements as well as informing the HMIS Steering Committee of any violations of HMIS policies, procedures, data quality, or privacy and security. This can be done hrough the Help Desk ticketing system at https://kshc.freshdesk.com.
HMIS End Users must ensure that participant information is shared only when needed to access housing and supportive services and not shared when information is not necessary for the coordination or delivery of services.
A CHO may use or disclose PII from an HMIS under the following circumstances:
- To provide or coordinate services to an individual:
- For functions related to payment or reimbursement for services
- To carry out administrative functions, including but not limited to legal, audit, monitoring, personnel, oversight and management functions or for creating de-identified PII.
- All CHOs must comply with or consult the HMIS Oversight Committee before providing any information outside of the above stated standards.
- All HMIS End Users understand that they may only view, obtain, disclose, or use the database information that is necessary to perform their job responsibilities.
KSHC conducts Data Quality Reports to evaluate data timeliness, completeness, consistency, and accuracy.
- HMIS End Users/HMIS Participating Agencies are required to correct any identified data errors, provide the reasons that the data is not incorrect or unable to be changed.
- HMIS End Users will not misrepresent client records and other transactions in HMIS by knowingly entering inaccurate information (e.g., users will not purposely enter inaccurate information on a new record or override the information entered by another agency).
- HMIS End Users will enter data into the HMIS within the timeframe as specified in the Data Quality Plan. Timely data entry prevents duplication of client records and other shared transactions, such as enrollments and services. It also allows good quality data for both program-specific and aggregate reports. CHOs and their HMIS users may be held liable in the event that a preventable duplication occurs as a result of missing, late, or incomplete data entry. Repetitive lack of timely entry can result in official reports of concern and possible findings against the CHO and could culminate in suspension of HMIS access.
- Collect all HUD mandatory data elements, according to the data completeness and accuracy requirements.Take all steps reasonably necessary to verify the information provided by clients for entry into the HMIS, and to see that it is correctly entered into the HMIS by the CHO user.
- Immediately notify HMIS Staff when a programmatic, personnel, or other issue arises that precludes the CHO from entering the HMIS data within the allowed timeframe. By informing the HMIS Staff in a timely fashion, HMIS Staff and the CHO can work together to craft an interim solution that is minimally disruptive to the HMIS as a whole.
- Take all steps reasonably necessary to ensure that no profanity, offensive language, malicious information or discriminatory comments based on race, ethnicity, religion, national origin, disability, age, gender, or sexual orientation are entered into the HMIS.
- Allow the CoC and/or HMIS staff to conduct periodic monitoring and reviews of the original documentation in client files to ensure data accuracy. This monitoring is limited only to the client information relevant to HMIS data collection.
- All CHO's are required to maintain a minimum of two active users at all times. HMIS staff must be notified when an HMIS user leaves the agency and will no longer access HMIS through the Help Desk Ticketing System at https://kshc.freshdesk.com.
- All CHO's are responsible for designating a HMIS Primary Contact and a Secondary Contact person.
Terms of Agreement
Either party has the right to terminate this Agreement with a 30-day prior written notice to the other party. KHRC/KSHC reserves the right to amend this Agreement with a 30-day notice sent to all CHOs. If either party believes the other to be in default of any one or more of the terms of this Agreement, that party will notify the other in writing of such default. The other party shall then have ten (10) days in which to cure such default. If such default is cured within such period, this Agreement will continue in effect. If such default is not cured within such period, the non-defaulting party shall have the right to declare the Agreement to be immediately terminated. If this Agreement is terminated, KHRC/KSHC and its remaining CHOs shall retain their right to the use of all client data previously entered by the terminating CHO, subject to any restrictions requested by the client. Upon termination, further access to HMIS will be restricted.
Prior to HMIS Access, you agree that you must:
- Complete the New User Training at the following link: LMS New User Training
- Understand that KSHC may immediately suspend access to any HMIS End User/HMIS Participating Agency for the purpose of investigating any suspicion of breaching this Agreement and any verified breach of this Agreement will result in immediate termination of access.
- Understand that the HMIS End User and/or Agency may terminate this agreement in writing by submitting a ticket to the Help Desk ticketing system at https://kshc.freshdesk.com.
- If you are having issues accessing or creating an account in FreshDesk, the Help Desk ticketing system, please send an email to HMIS@kshomeless.com.
HMIS Help Desk Ticket Submission (FreshDesk)
KS BoS CoC and JoCo CoC 2023 HMIS Policies and Procedures
HUD 2024 HMIS Data Dictionary
HUD 2024 HMIS Data Standards Manual
Clarity-HMIS Article Search Engine
Clarity-HMIS Log In Assistance Article/Password Requirements
Clarity-HMIS Log In Page
By signing this Agreement, you agree to comply with the above terms and conditions.