SOC2 Series: Why Data Security Is Crucial for HMIS Comparable Databases

Keeping Domestic Violence (DV) Victims & Their Data Safe

DV victims face additional threats when their private data is not properly secured. There’s always the concern that perpetrators will be able to find them if DV victim data is not thoroughly protected.

Since a continuum of care (CoC) is a complex network of care providers, case managers, and support agencies taking a whole person care approach to serving those experiencing homelessness, numerous people may interact with a single client record. Unfortunately, even the most judicious and well-intentioned members of a CoC can mistakenly undermine DV victim data security, enabling private information to end up in the wrong hands. 

To prevent this, the U.S. Department of Housing and Urban Development (HUD) prohibits CoC-funded programs operated by victim service providers from entering data into a HMIS; instead, many VSPs choose to operate a separate database. This separate database has to abide by stringent data security protocols. Failure to protect DV victim data not only puts your clients at further risk of harm, but could result in your community losing vital funding—undermining the livelihoods of the people you aim to help.

Compliance With Central Agencies

HUD has an extensive list of compliance requirements. Clarity Human Services ensures you adhere to all of them, among other common regulatory standards.

Here are several:

• VOCA: Upholds the VOCA stipulations to guarantee that your client’s privacy is kept confidential and safe.
• VAWA: Strictly adheres to the VAWA confidentiality provisions, safeguarding client PII and protecting client privacy.
• HIPAA: When properly configured, Clarity Human Services is fully HIPAA-compliant, significantly exceeding the current minimum standards required by HUD.
• HUD: The system fully meets and exceeds the criteria established in the HMIS Proposed Rule and 2004 Data and Technical Standards Notice. 

Let’s take a look at some of the essential data security elements in a DV database that goes beyond the minimum standards.

HMIS Features Crucial to DV Database Security 

Clarity has many features related to data security, but here are a few designed to specifically enhance the privacy of DV victims.

Privacy-First Features

If needed, you can mark the entire client record as private, de-identifying all information. For other records, you can determine how and what information needs to be restricted, even down to individual files. 

Here are several identifiers and associated safeguarding measures: 

• Client Name: Make the client name private, enabling them to be known only by a system-assigned unique identifier.
• Contact Information: Maintain client privacy by making all contact information private.
• Program & Service History: Easily remove or hide program enrollment and service history from the client record.
• Assessments: Keeps client assessments private with the toggle of a switch.
• Files & Forms: Files and forms can be stored at both the client and program levels—and all of them can be marked as private. 
• Secure Notes: Clarity Human Services enables the use of Notes at the client, program, and service level locations, so users can log important details at various points of the client journey and access them in the client History tab.

Limit User Permissions With Custom Access Roles

Data security success hinges on the right people having access to client information on a need-to-know basis. So whether it’s a new staff member in training or a seasoned veteran, Clarity makes sure private DV information is reserved for the proper team members.

Among such capabilities:

• System administrators can create unlimited unique access roles that dictate what users can view, write, edit, and delete. 
• Any areas of the system to which the end-user is denied access are eliminated from view, providing a seamless user experience on any access role, and ensuring the security of sensitive client data.

By equipping your administrator with access to these built-in features, you can be confident the most marginalized in your community remain protected while they obtain important care and services. 

Benefits of a SOC2 Certified HMIS

To better align with HUD requirements, a “DV comparable database” and homeless management information system (HMIS) vendor can become Systems and Organizations 2 (SOC2) certified. Established by the American Institute of Certified Public Accountants, SOC2 is a voluntary compliance benchmark that informs how an organization should maintain its data. 

For greater assurance surrounding data security, your CoC should seek out a DV database vendor that is SOC2 certified. In doing so, you’ll partner with an HMIS replete with all the right features to guarantee DV database security. 

Designed and built by Bitfocus, Clarity Human Services DV comparable database is a sophisticated, customizable, and secure system that prioritizes security.

Clarity Human Services is a rigorous HMIS and DV comparable database created by Bitfocus to connect your community's most vulnerable populations to the most effective services and resources available to them. We’ve streamlined the service provider workflow and analytics necessary to support informed decision-making. Contact us today to learn more about how Clarity can keep your DV clients safe.