HomePolicy and Standards DocumentsPrinter Friendly Version

Policy and Standards Documents

This book will include the Policies and Procedures manual, the Data Quality Standards document, and any other administrative documents important to HMIS.

1. Data Quality Standards

1.1. Data Quality Standards

The Data Quality Standards document was voted in by the Balance of State CoC board, represented by all 17 regions, and is effective as of June 2020.

1.2. Meeting Data Collection and Reporting Requirements for Victim Services Agencies

2. Policies and Procedures Manual

2.1. Amendment in Response to the COVID-19 Pandemic

Amendment to the Homeless Management Information System (HMIS) Policies and Procedures Manual Ohio Balance of State Continuum of Care in Response to the COVID-19 Pandemic

Ohio Balance of State Board Approval Date:
March 23, 2020

Current Policy

IV. Security Standards, 3. Data Access Location

Policy: Users will ensure the confidentiality of client data, following all security policies in this document and adhering to the standards of ethical data use, regardless of the location of the connecting computer. All users are prohibited from accessing the HMIS database from any location other than the designated and approved work site.

Procedure: All Policies and Procedures and security standards will be enforced regardless of the location of the connecting computer. All HMIS related data entry will be processed at a designated and approved work site. A System Administrator will provide any additional clarification.

Amendment

Effective March 18, 2020 and until further notice, this amendment allows current HMIS users who need to access HMIS during the COVID-19 pandemic to do so while working remotely. This amendment does NOT change any of the other requirements for accessing HMIS, so any connection to HMIS regardless of data access location still must meet the other Security Standards listed in Section IV; particularly under sub-section A, items 5 and 6, with regard to Virus Protection and Firewalls.

Additionally a new policy and procedure is being added to address access from a Wireless (Wifi) internet source.

IV. Security Standards, 12. Wireless Access (Wifi)

Policy: A CHO and all authorized HMIS users must protect client level data, especially Personally Identifying Information (PII), while accessing HMIS from a device connected to the internet via a wireless network.

Procedure: Each Wireless or Wifi network that is being used to connect to the internet for the purpose of accessing HMIS must adhere to the following standards: a) the Wireless Network configuration must utilize a secure password to gain access or connect to the network or hot spot, and must use password encryption such as WEP, WPA or WPA2, b) the password must be stronger than the default password set by the network device.  Under no circumstances should an open or unsecured wireless network be used to connect to any network or the internet when accessing HMIS from the connected device.


2.2. What Region am I in?

Ohio is divided by HUD into 9 Continua of Care (CoCs). Eight of the nine CoCs are "Entitlement" CoCs and basically contain the more populated counties in Ohio: Franklin (Columbus), Hamilton (Cincinnati), Montgomery (Dayton), Mahoning (Youngstown), Stark (Canton), Summit (Akron), Cuyahoga (Cleveland), and Lucas (Toledo). The ninth CoC is called the Ohio Balance of State CoC, which includes the rest of the 80 counties in Ohio.

Given that the Ohio Balance of State is so large, it is divided further into 17 Homeless Planning Regions.


2.3. Policies and Procedures

The Policies and Procedures manual was voted in by the Balance of State CoC Board in May 2020.

2.4. Security Breaches Protocol

Ohio BoSCoC HMIS Security Breach Protocol

 Rationale: The Policies and Procedures manual identifies the Security Standards applicable to all Ohio Balance of State Continuum of Care (BoSCoC) HMIS end users and Covered Homeless Organizations (CHOs). Breaches of these standards, including, but not limited to, sharing of username and passwords and emailing Personally Identifying Information (PII), are cause for serious concern and could potentially jeopardize client confidentiality. This protocol outlines the process that the HMIS Management Committee will use to respond to HMIS security breaches.

 Policy: This process specifically applies to HMIS Security Breaches, though depending on the gravity of the breach, the HMIS Management Committee may opt to immediately and permanently revoke licensure, as specified in the Policies and Procedures manual.

 Procedure: Any type of security breach will be deemed an offense for response via this protocol. The following information provides a description of what will occur once any breach has been detected:

  •  First Offense:
    • Inactivate login immediately.
    • User must take and pass the Privacy and Security quiz to get license back.
  • Second Offense:
    • Inactivate login immediately.
    • Notify the user’s supervisor and Executive Director or equivalent.
    • Notify the HMIS Lead Agency (COHHIO)
    • May notify ODSA, HUD, or VA, who may withhold funding or take other action due to violation of the agency’s grant agreement, at HMIS Lead Agency’s (COHHIO) discretion.
    • License may be reactivated at HMIS Lead Agency’s (COHHIO) discretion.
  • Third Offense: 
    • License revoked permanently.
    • Further actions taken as necessary, such as reporting to funder or notifying clients of the data breach.

 Additional Information:

 These actions apply to any licensed HMIS user who breaches any of the security policies listed in Section IV (Security Standards) of the Ohio BoSCoC HMIS Policies and Procedures Manual.

 If the login of a person who no longer works at the agency is shared, the agency will be in direct violation of its Agency Agreement with COHHIO. As such, in this case, the procedure would begin as if it were a Second Offense.

 If there are multiple HMIS security breaches within one agency the HMIS Management Committee may require a response from the agency, over and beyond the protocol listed above.

 To obtain a login, contact the COHHIO HMIS Department at hmis@cohhio.org for training. Users will receive a license after successfully completing training.

 

2.5. Participation Fee Policy

Beginning January 1, 2017 the Ohio BoSCoC HMIS will be charging fees for participation. This policy was adopted by the CoC Board 05/27/2016. A webinar introducing the policy was held 06/01/2016. Attached is a copy of the policy and the webinar slides.

On 06/10/2016 a FAQ document was released to address common questions asked during the webinar (attached).

2.6. Guidance for Non-Participating Homeless Dedicated Projects and HMIS Participation

Please find COHHIO's guidance on how to include Non-Participating projects data into HMIS:

3. HMIS Governance Charter

3.1. HMIS Governance Charter

The BoSCoC HMIS Governance Charter outlines who the CoC has designated as HMIS Lead (COHHIO), which vendor the CoC and HMIS Lead have selected to provide the HMIS (Mediware, formerly Bowman Systems) and the responsibilities of all interested parties. It was updated June 2017.

4. Guidance on Respecfully Asking Sexual Orientation and Gender Identitiy (SOGI) Questions

4.1. Respectfully Asking Sexual Orientation and Gender Identity (SOGI) Questions

The information below is pulled from the document located at: https://www1.nyc.gov/assets/acs/pdf/lgbtq/Respectfully_Asking_SOGI_Questions.pdf , attached.


Respectfully Asking Sexual Orientation and Gender Identity (SOGI) Questions

There are some circumstances when it is appropriate for staff to affirmatively try to
provide an opportunity for youth to disclose their sexual orientation and/or gender
identity (SOGI). Often, this will be raised when discussing the need for residential and/or
foster care placement options and medical and/or community supports. This information
may also prove relevant to decisions regarding educational services, the PINS and
delinquency diversion processes, disposition, reunification and placement. The purpose
of this guidance is to assist staff members when they are unsure about how best to raise
these issues with a child, youth and/or family member. Provider agency staff members
are also encouraged to reach out to their agency’s designated LGBTQ Point Person for
further guidance.

1. Professional Responsibilities. All ACS and provider staff must meet the individual
needs of children, youth, and families regardless of their actual or perceived sexual
orientation, gender identity, gender expression, or relationship/partnership status.
Discrimination on the basis of these categories is prohibited, and under no
circumstance is any staff member to attempt to convince an LGBTQ child or youth to
reject or modify their sexual orientation, gender identity, or gender expression.
Furthermore, staff members are prohibited from imposing their personal,
organizational and/or religious beliefs on all families, including LGBTQ children,
youth or families.

2. Never Assume. Staff should not assume that all children and youth in care are
straight (i.e. heterosexual), non-transgender, or gender conforming. Similarly, staff
should not assume that LGBTQ children or youth are identifiable by stereotypical
mannerisms or characteristics. They should also avoid the assumption that all
LGBTQ children and youth have similar life experiences or share a common sense of
community. They should examine their own beliefs and attitudes that might
negatively impact their professional responsibilities to LGBTQ children and youth,
because all staff owe a professional duty to competent care to LGBTQ youth.

3. Create an Affirmative Work Environment. Staff should create a positive
environment in their work spaces that welcomes and affirms LGBTQ people.
Displaying recognizable symbols of support, such as rainbow flags, signals to
LGBTQ young people that they are in a safe, welcoming, and trusting setting and
may be more likely to self-disclose their sexual orientation and/or gender identity to
staff when ready.

4. Use Appropriate Terminology. If a child, youth and/or family member discloses
that they are LGBTQ, all staff are required to show unconditional support by
speaking with them about it utilizing appropriate, respectful, inclusive, and genderneutral language.

Examples of such language include, but are not limited to: lesbian, gay, bisexual, transgender, gender
non-conforming, sexual orientation, gender identity, “involved with someone,” “partner,” “spouse.”

The staff member may be required to disclose the LGBTQ status of the child or youth,
along with circumstances where the staff member will ask the child or youth for
permission to disclose their sexual orientation and/or gender identity. Staff should
also be prepared to work effectively with transgender and gender non-conforming
(TGNC) youth and affirm their gender identities in ways that are most appropriate for
the youth, including referring to them by the names and pronouns they prefer and
allowing them to dress, groom and express mannerisms consistent with their gender
identities.

5. Interviewing an LGBTQ Youth. LGBTQ youth often experience hostility and
rejection because of their actual or perceived sexual orientation or gender identity –
this hostility and rejection may not be apparent to staff, so appropriate measures must
be taken to speak privately with the youth during investigations. The staff must use
inclusive language signaling to the young person that they will be treated with dignity
and respect regardless of their identity.

6. Interviewing the Parent/Caretaker. Only when the youth has already identified
openly as LGBTQ to the parents (or other primary caretaker) and the alleged
abuse/and or maltreatment directly related to the child’s perceived or actual sexual
orientation, gender identity and/or gender expression shall the staff interview with
parents include a discussion of the child’s actual or perceived SOGI. In this instance,
take the following measures:

Focus the interview on eliciting from the parents their attitudes and beliefs about
LGBTQ people.

Refrain from divulging to the parents any personal details the youth may have
told the staff about their sexual orientation or gender identity, without the express
consent of the youth.

If the parent displays negative attitudes about LGBTQ people, even when deeply
rooted in religious beliefs and cultural values, and the alleged abused and/or
maltreatment are related to the youth’s perceived or actual sexual orientation,
gender identity, or gender expression, the staff must determine whether those
attitudes are impacting the youth’s immediate safety as well as whether those
attitudes may put the youth at risk for future physical or emotional harm.

7. Always Maintain Confidentiality. LGBTQ children and youth face great risk of
abuse or neglect when their sexual orientation and/or gender identity are disclosed to
a parent or primary caretaker, particularly when the disclosure occurs without the
youth’s consent and/or in an inappropriate manner. As such, information related to a
child or youth’s sexual orientation and/or gender identity must be kept private, should
not be shared with anyone without the child or youth’s express consent, unless
otherwise authorized or required by law.

In general, staff are prohibited from disclosing a child or youth’s sexual
orientation and/or gender identity to other individuals or agencies, without
the child or youth’s permission. Please note that some examples of
permissible disclosure include, but are not limited to: if the information is
necessary to determine safety or if a judge orders the disclosure.

Staff shall inform child or youth during engagement of services and when
age-appropriate of the need for their case record information to be shared
with other legally authorized individuals, including but not limited to, the
courts, school, medical services, agency staff, and all other legally
authorized persons.

Pursuant to state and federal laws governing confidentiality, staff are
given information related to a child or youth’s sexual orientation and/or
gender identity so that they may fulfill their responsibilities (i.e.
adequately provide services, and plan for the health, safety, permanency
and well-being of youth and their families).

8. Implement Uniform Data Collection. All staff are encouraged to use intake
forms that include age-appropriate questions about a child or youth’s sexual
orientation and gender identity in demographic sections, but should not make it a
requirement that children and youth answer these questions. This recommendation
is directed to providers that already have some cultural competency with LGBTQ
children and youth. For consistency throughout the system, ACS endorses the
following sexual orientation and gender identity demographic questions:

Gender Identity Questions

o What is your sex?
o Female
o Male

o When a person’s sex and gender do not match, they might think of themselves
as transgender. Sex is determined at birth based on anatomy. Gender is how a
person feels. Which one response best describes you?
o I am not transgender
o I am transgender and identify as a boy or man
o I am transgender and identify as a girl or woman
o I am transgender and identify in some other way

o A person’s appearance, style, dress, or the way they walk or talk may affect
how people describe them. How do you think other people would describe
you?
o Very feminine
o Mostly feminine
o Somewhat feminine
o Equally feminine and masculine
o Somewhat masculine
o Mostly masculine
o Very masculine

o A youth has a right to use a preferred name and pronoun. Would you like us to
use a preferred name? If yes, what?
o What pronouns do you use?
o Male pronouns (i.e. he/him/his)
o Female pronouns (i.e. she/her/hers)
o Other ____________

o Do you feel safe, in light of your gender identity or gender expression?
o Yes
o No
o If no, what are you most concerned about?

Sexual Orientation Questions

o Which of the following best describes you?
o Straight (Heterosexual)
o Lesbian
o Gay
o Bisexual
o Asexual
o Not Sure/Questioning

o Do you feel safe, in light of your sexual orientation?
o Yes
o No
o If no, what are you most concerned about?

9. Identify Family Resources for LGBTQ Youth. Providers often assume that
families of LGBTQ children and youth are not supportive. Many do not see families
as a potential resource for helping their LGBTQ children and youth attain
permanency. The following are suggestions for providers to begin asking LGBTQ
children and youth about their familial relationships:

How does your family react to your sexual orientation and/or gender identity?

Provide supportive counseling as needed, and connect youth with LGBTQ
community resources and programs listed in the ACS LGBTQ Resource Guide
found here:
http://www.nyc.gov/html/acs/downloads/pdf/lgbtq/LGBTQ-Youth-CommunityResource-Guide.pdf.

Are you aware of community and/or online resources for LGBTQ youth and
families? Be prepared to offer additional resources from the ACS LGBTQ
Resource Guide. Brainstorm positive family role models to help a family learn
new ways to support and care for their LGBTQ child and youth (i.e. PFLAG and
similar family support groups).

Assess the level of family rejection and related health risks the LGBTQ child or
youth may be experiencing by using the Family Acceptance Project’s Mental
Health assessment Protocol screener found at:
http://familyproject.sfsu.edu/files/Mental_Health_Assessment%20Protocol.pdf.
Refer and follow up with families, as needed, to provide education and family
counseling.

When working with the LGBTQ child or youth’s parent(s), let them know that
negative reactions to their child’s LGBTQ identity can have a serious impact on
their child’s health and mental health. Encourage parents and caregivers to
decrease rejecting behaviors that increase their LGBTQ children’s risk for health
and mental health problems.

Help families identify supportive behaviors that help protect against risk and help
promote their LGBTQ child’s well-being.