HomeMy WebLinkAbout05-16-2022 2022AM05-16
TO: Members of the City Council
Mayor Backus
Department Directors
FROM: Shawn Campbell, City Clerk
SUBJECT: Agenda Modification
DATE: May 16, 2022
The May 16, 2022, City Council agenda is modified to add the following item:
XI. RESOLUTIONS
XI.B Resolution No. 5666 (Hay)
A Resolution authorizing the Mayor to execute a Homeless
Management and Information System Data Sharing Interlocal
Agreement with King County
AGENDA BILL APPROVAL FORM
Agenda Subject A Resolution authorizing the Mayor to execute a
Homeless Management and Information Systems (HMIS) Data Sharing
Interlocal Agreement with King County Regional Homelessness Authority
Date: May 16, 2022
Department: Mayor
Attachments:
Resolution No. 5666
Budget Impact:
Administrative Recommendation:
City Council adopt Resolution No. 5666.
Background for Motion
The Interlocal Agreement between the City of Auburn and King County Regional Homelessness Authority
is to allow for completion of applications to provide assistance to clients that are in need of access to
housing and diversion services.
Background Summary:
The Interlocal Agreement between the City of Auburn and King County Regional Homelessness Authority
is to access the Homelessness Management Information System. This allows for the City to have access
to services and funding through King County and provides a coordinated effort through data collection to
keep accurate numbers of people utilizing these services in the system.
Councilmember: Mulenga Staff: Hay
Meeting Date: May 16, 2022 Item Number:
--------------------------------
Resolution No. 5666
May 16, 2022
Page 1 of 2 Rev. 2018
RESOLUTION NO. 5666
A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF
AUBURN, WASHINGTON, AUTHORIZING THE MAYOR TO
EXECUTE A HOMELESS MANAGEMENT AND
INFORMATION SYSTEM (HMIS) DATA SHARING
INTERLOCAL AGREEMENT WITH KING COUNTY
REGIONAL HOMELESSNESS AUTHORITY
WHEREAS, individuals within the City of Auburn are experiencing homelessness,
and desire available governmental resources to assist them with their housing challenges
and economic needs;
WHEREAS, the novel coronavirus and its impacts to the local economy are likely
to create greater housing and economic needs;
WHEREAS, the City of Auburn wishes to enter into a Homeless Management and
Information System (HMIS) Data Sharing Interlocal Agreement with King County Regional
Homelessness Authority; and
WHEREAS, the HMIS would allow City staff to assist individuals with completing
an online application to provide more effective access to available federal, state, and local
services through the Washington connection benefit portal and carry out other activities
designed to help them maintain eligibility; and,
WHEREAS, there is no additional cost to the City in joining the HMIS Data Share
Agreement with King County Regional Homelessness Authority.
NOW, THEREFORE, THE CITY COUNCIL OF THE CITY OF AUBURN,
WASHINGTON, RESOLVES as follows:
Section 1. The Mayor is authorized to execute the Homeless Management and
Information System (HMIS) Data Sharing Interlocal Agreement with King County Regional
--------------------------------
Resolution No. 5666
May 16, 2022
Page 2 of 2 Rev. 2018
Homelessness Authority, which agreement will be in substantial conformity with the
agreements attached as Exhibit A and Exhibit B.
Section 2. The Mayor is authorized to implement those administrative
procedures necessary to carry out the directives of this legislation.
Section 3. This Resolution will take effect and be in full force on passage and
signatures.
Dated and Signed this _____ day of _________________, 2022.
CITY OF AUBURN
____________________________
NANCY BACKUS, MAYOR
ATTEST:
____________________________
Shawn Campbell, MMC, City Clerk
APPROVED AS TO FORM:
____________________________
Kendra Comeau, City Attorney
0
idir,
tARSkiIX40
4F ®,1 King County Regional Homelessness Authority
King County Regional Homeless Authority (KCRHA) Homeless
Management and Information System (HMIS)
PARTNER AGENCY PRIVACY AND DATA SHARING AGREEMENT
The Homeless Management Information System ("HMIS") is a shared database software
application which confidentially collects, uses, and releases client-level information related to
homelessness. Client information is collected in the HMIS and released to nonprofit and
community housing and services providers, use the information to improve housing and services
quality.
On behalf of the Seattle/King County.Continuum of Care ("CoC"), HMIS is administered by King
County Regional Authority on Homelessness (KCRHA) ("KCRHA") in a software application called
Clarity Human Services ("Clarity"), a product of Bitfocus, Inc. ("Bitfocus"). KCRHA has contracted
with Bitfocus to serve as the System Administrator for the HMIS.
This Partner Agency Privacy and Data Sharing Agreement (the "Agreement"), dated
the "Effective Date"), is entered into by and between KCRHA and
Partner Agency," or"Agency") (collectively"the Parties"), in
order to further clarify the rights and responsibilities of the Parties regarding access to and use
of the HMIS data by the Partner Agency.
HMIS has a steering committee (the "KCRHA System Performance Committee," or simply the
System Performance Committee")to oversee and support the implementation.This is
overseen by the KCRHA CoC Advisory Committee. The group is composed of various
stakeholders including: agencies funded by the U.S. Department of Housing and Urban
Development ("HUD"), homeless services providers, people experiencing homelessness, local
governments, community-based organizations participating in HMIS and other funders. The
procedures for the qualifications and meetings of members of the System Performance
Committee, and related matters, shall be set forth in the HMIS Governance Charter of the
System Performance Committee, which may be amended from time to time according to the
terms therein.
Agency and County agree as follows:
1. General Understandings:
a. In this Agreement,the following terms will have the following meanings:
1. "Client"refers to a consumer of services;
2. "Partner Agency" refers generally to any Agency participating in HMIS.
KCR.1IA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
3. "Agency staff" refers to both paid employees and volunteers.
4. "HMIS" refers to the Homeless Management Information System administered
KCRHA.
s. "Enter(ing)" or"entry" refers to the entry of any Client information into HMIS.
6. "Shar(e)(ing),"or"Information Shar(e)(ing)" refers to the sharing of information
which has been entered in HMIS with another Partner Agency.
7. "Identified Information" refers to Client data that can be used to identify a
specific Client. Also referred to as "Confidential" data or information.
8. "De-identified Information" refers to data that has specific Client demographic
information removed. Also referred to as "non-identifying" information.
b. Client information is collected in the HMIS, and shared with housing and services
providers (each, a "Partner Agency," and collectively, the "Partner Agencies"), which
include community-based organizations and government agencies. Partner Agencies
use the information in HMIS to: improve housing and services quality; coordinate
referral and placements for housing and services, identify patterns and monitor trends
over time; conduct needs assessments and prioritize services for certain homeless and
low-income subpopulations; enhance inter-agency coordination; and monitor and
report on the delivery, impact, and quality of housing and services.
c. Subject to the direction of KCRHA, in its role as HMIS Lead, Bitfocus will act as the HMIS
System Administrator and Software as a Service ("SaaS") provider, and will assume
responsibility for overall project administration; hosting of the HMIS technical
infrastructure; and restricting or allowing access to the HMIS to the Partner Agencies
in accordance with the direction of KCRHA.
d. The Agency recognizes KCRHA as the HMIS Lead to be the decision-making and
direction-setting authority regarding the HMIS, including, without limitation, with
regard to process updates, policy and practice guidelines, data analysis, and software
or hardware upgrades.
e. The Agency will designate a staff member to attend HMIS Agency Administrators
meetings regularly, and the Agency understands that Bitfocus, as the agent of KCRHA,
will be responsible for coordinating HMIS Agency Administrator activities subject to
the direction of KCRHA as the HMIS Lead.
2. Confidentiality:
a. Agency will not:
i. enter information into HMIS which it is not authorized to enter; and
KCR.EIA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
2. designate information for sharing which it is not authorized to share, under any
relevant federal, state, or local confidentiality laws, regulations or other
restrictions applicable to Client information.
b. Agency represents that (check applicable items) for the purposes of the
organization's participation in the HMIS:
it is; is not; a "covered entity" whose disclosures are restricted under
HIPAA (45 CFR 160 and 164); More information about "covered entities"
can be found here: http://www.hhs.gov/ocr/privacy/hipaa/
understanding/coveredentities/i ndex.html
it is; is not; a program whose disclosures are restricted under Federal
Drug and Alcohol Confidentiality Regulations: 42 CFR Part 2;
If Agency is subject to any laws or requirements which restrict Agency's ability to
either enter or authorize sharing of information, Agency will ensure that any
entry it makes and alldesignations for sharing fully comply with all applicable
laws or other restrictions.
c. To the extent that information entered by Agency into HMIS is orbecomes subject to
additional restrictions, Agency will immediately inform County in writing of such
restrictions.
d. Agency shall comply with the Violence Against Women and Department of Justice
Reauthorization Act of 2005 (VAWA) and Washington State RCW 43.185C.030. No
Identified Information may be entered into HMIS for Clients in licensed domestic
violence programs (Victim Service Providers) or for clients actively fleeing domestic
violence situations.
e. Agency shall not enter confidential information regarding HIV/AIDS status, in
accordance with RCW 70.02.220. If funding (i.e., HOPWA) requires HMIS use, those
clients' data shall be entered without Identifying Information.
3. Information Collection, Release and Sharing Consent:
a. Collection of Client Identified information: An agency shall collect client identified
information only when appropriate to the purposes for which the information is
obtained or when required by law. An Agency must collect client information by
lawful and fair means and, where appropriate, with the knowledge or consent of the
individual.
1. The Agency will use the Client Consent to Data Collection and Release of
Information form,describing how client information may be collected,used,and
released by KCRHA and the CoC in the administration of the HMIS. Only the
standard, County-issued Client Consent to Data Collection and Release of
Information form may be used.
KCRHA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
2. The Agency must maintain appropriate documentation of informed client
consent, in writing and signed by each client, to participate in the HMIS. All
documentation must be provided to KCRHA within ten (10) days upon request.
3. Consent Status and collection method used must be documented in HMIS by the
agency creating the record for each household member.
b. Obtaining Client Consent: In obtaining client consent, each adult Client in the
household must sign the approved King County HMIS Client Consent to Data Collection
and Release of Information form to indicate consent to enter Client identified
information into HMIS. If minors are present in the household, at least one adult in
the household must consent minors by writing their names on the Client Consent to
Data Collection and Release of Information form. If any adult member of a household
does not provide written consent, identifying information may not be entered into
HMIS for anyone in the household. Unaccompanied youth aged 13 or older may
consent to have their personally identifying information entered in HMIS.
a. Revoking Consent: A Client may withdraw or revoke consent for Client identified
information collection by signing the Client Revocation of Consent form. The Agency
will follow KCRHA's policies for creating de-identified clients and all non-identifying
information for the client shall be entered into the HMIS. If a Client revokes their
consent, Agency is responsible for obtaining a Client Revocation of Consent form
signed by the client and immediately contacting the HMIS System Administrator
Bitfocus Inc)at: kcsupport@bitfocus.com or 206.444.4001 x2 to have the client record
de-identified according to KCRHA's policies.
Consent may be revoked verbally for records pertaining to drug/alcohol treatment
and for records where client is actively fleeing domestic violence. If consent is revoked
verbally to the Agency, the Agency will inform Bitfocus of such revocation
immediately.
The Agency is prohibited from removing identified information from HMIS directly but
is responsible for notifying Bitfocus Inc and the CE program to ensure that Client can
be contacted for a housing referral if applicable.
2. No Conditioning of Services: Agency will not condition any services upon or decline to
provide any services to a Client based upon a Client's refusal to allow entry of identified
information into HMIS.
3. Re-release Prohibited: Agency shall not release any Client identifying information received
from HMIS to any other person or organization without written Client consent,except when
required by law.Any requests for information from or related to HMIS that are for purpose
other than providing services to clients in the routine course of business, should be sent to
Bitfocus and KCRHA. The Agency will also been encouraged to seek its own legal advice if
required by law to provide identifying confidential client information.
4. Client Inspection/Correction: Agency will allow a Client to inspect and obtain a copy of
his/her own personal information. Agency will also allow a Client to correct information
KCRHA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
that is inaccurate. Corrections may be made by way of a new entry that is in addition to but
is not a replacement for an older entry.
5. Training/Assistance: Agency will permit access to HMIS only after the authorized user
receives appropriate confidentiality training including that provided by Bitfocus, KCRHA,
and/or WA Department of Commerce. Agency will also conduct ongoing basic
confidentiality training for all persons with access to HMIS and will train all persons who
may receive information produced from HMIS on the confidentiality of such information.
Agency will participate in such training provided from time to time by the HMIS System
Administrator. The HMIS System Administrator will be reasonably available during defined
weekday business hours for technical assistance (i.e. troubleshooting and report
generation).
6. Retention of paper copies of personally identifying information: Agencies must develop
and adopt policies governing the retention of paper records containing personally
identifying information.The policy must define how long paper records are retained after
they are no longer being actively utilized, and the process that will be used to destroy the
records to prevent the release of personally identifying information.The policy must
require the destruction of the paper records derived from an HMIS no longer than seven
years after the last day the person was served by the Agency.
7. Information Entry Standards:
a. Information entered into HMIS by Agency will be truthful, accurate and complete to
the best of Agency's knowledge.
b. Agency will not solicit from Clients or enter information about Clients into the HMIS
database unless the information is required for a legitimate business purpose such as
to provide services to the Client, to conduct program evaluation, to administer the
program, or to comply with regulatory requirements.
c. Agency will only enter information into HMIS database with respect to individuals that
it serves or intends to serve, including through referral.
d. The Agency will adhere to the KCRHA HMIS Standard Operating Policies("SOPs"), HMIS
Security Plan, Continuous Data Quality Improvement Process, HMIS Data Standards
Manual, HMIS Data Standards Data Dictionary, and other HMIS regulations issued by
the U.S. Department of Housing and Urban Development("HUD").
e. Agency will not alter or over-write information entered by another Agency.
f. Discriminatory comments based on race, ethnicity, ancestry, skin color, religion, sex,
gender identity,sexual orientation, national origin,age,familial status,or disability are
not permitted in the HMIS and will subject a user or Agency to immediate suspension.
8. Use of HMIS:
a. Agency shall be responsible for complying with all HMIS policies and procedures, and
for establishing and maintaining the HMIS Security Plan that is designed to ensure the
KCRHA HMIS Partner Agency Privacy And Data Sharing Agreement May 2022
security and confidentiality of the data from HMIS to which Agency has access. This
includes protection against any anticipated threats or. hazards to the security or
integrity of HMIS data, and protection against unauthorized access to or use of HMIS
Data that could result in substantial harm or inconvenience to KCRHA or any client or
HMIS user.
b. The Agency will utilize the HMIS as part of the Coordinated Entry (CE) system in
accordance with the CE Standard Operating Procedures. Use of HMIS for CE includes,
but is not limited to, entering data for the approved CE tools in order to place clients
into the priority pool for referral to housing programs, and accepting referrals for
clients from the Coordinated Entry system.
c. Agency will not access identifying information for any individual for whom services
are neither sought nor provided by the Agency.
d. If the Agency wishes to provide information from HMIS beyond information related
solely to services provided by the Agency, it must first inform and receive approval
from KCRHA as the HMIS lead.
e. Agency will use HMIS database for legitimate business purposes only.
f. Agency will not use HMIS in violation of any federal or state law, including, but not
limited to, copyright, trademark and trade secret laws, and laws prohibiting the
transmission of material,which is threatening, harassing, or obscene. -
Agency will not use the HMIS database to defraud federal, state or local governments,
individuals or entities, or conduct any illegal activity.
9. Monitoring and audits: County reserves the right to monitor agency privacy practices and
compliance with the provisions of this agreement through document review and site visits.
Monitoring and audit visits may be performed by County staff or by Bitfocus.
10. Proprietary Rights of the HMIS:The Agency and Bitfocus as the HMIS System Administrator,
understand and recognize that they are custodians of HMIS data and not owners of HMIS
data.
11. Technical Administrator and Security Officer:
a. Each HMIS Partner Agency must also designate a Technical Administrator(the"Partner
Agency Technical Administrator") and a Security Officer (the "Partner Agency Security
Officer") to fulfill the responsibilities detailed in the HMIS Partner Agency Technical
Administrator and Security Officer Agreement.
b. The Agency will comply with the HMIS Security Plan which includes completing the
semi-annual Security Compliance Checklist.
c. The Partner Agency must perform a background check on any End User:
i. Designated as a Partner Agency Technical Administrator,
2. Designated as a Partner Agency Security Officer, or
KCR.IIA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
3. Granted administrator-level access in HMIS.
Such background check must be completed and the results approved by the Partner
Agency Executive Director or Acting Executive Director before the End User is (i)
granted with a Technical Administrator or Security Officer title, or both, as
applicable, and (ii) granted administrator- level access in HMIS. The results of the
background check must be retained by the Partner Agency in the End User's
personnel file and must be provided to KCRHA upon request.
12. Incidents of unauthorized access:As outlined in the HMIS Security Plan,should confidential
and/or legally protected client data be divulged to unauthorized third parties, Agency shall
be responsible for complying with all applicable federal and state laws and regulations and
shall be solely responsible for the costs associated with any and all activities and actions
required. Agency shall take appropriate action to address any incident of unauthorized
access to HMIS.These actions must include:
a. Immediately working to remedying or mitigating the issue that resulted in such
unauthorized access;
b. Notifying KCRHA within 24 hours of any incident of unauthorized access to HMIS data,
or any other breach in the Agency's security that materially affects County or HMIS;
c. Upon request from KCRHA,Agency shall provide a corrective action plan that addresses
the incident and is designed to ensure compliance by its officers, employees, agents,
and subcontractors with the confidentiality provisions in this Agreement; and
d. Agency will be responsible for notifying all impacted clients.
13. Guidelines on Removing Partner Agencies or Users
Voluntary Removal: If a Partner Agency or user no longer wants to access the HMIS, they
simply need to inform Bitfocus of such decision. In the case of user removal, it is the
Partner Agency's responsibility to contact Bitfocus in a timely manner so the User ID can
be deactivated to prevent unauthorized access to the system. A Partner Agency
requesting removal from the HMIS understands the following:
a. The Partner Agency will receive upon request one copy of the data it has input into
the HMIS. Such copy will be in a format determined by Bitfocus and approved by the
System Performance Committee. The Partner Agency will be given an appropriate
description of the data format.
b. The data the Partner Agency enters into the system will remain in the system for the
purposes of producing aggregate non-identifying reports. Any Partner Agency
information will remain in the system but will be marked as inactive.
KCRfIA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
c. The Partner Agency understands and accepts any ramifications of not participating in
the HMIS, including impacts on coordinated entry.
Involuntary Removal: It is vital for the KCRHA and Bitfocus to provide a secure service for all
Users. Any action(s)that threaten the integrity of the system will not be tolerated.
a. Bitfocus reserves the right to modify, limit, or suspend any user account or remove
any Partner Agency at any time if there is a security risk to the system.
b. Any improper use of the HMIS is subject to immediate suspension of the user's
account.The penalties imposed on a user for improper system use will vary based on
the level of the offense.Typically the user will receive a warning upon the first
offense. However, if the offense is severe enough, Bitfocus reserves the right to
disable the account immediately and, in extreme cases,to disable all users' access at
the Partner Agency in question.
c. Bitfocus will contact the Partner Agency within one business day of any such
suspension.
d. If a user's account is suspended, only the Executive Director (or acting Executive
Director)for a Partner Agency may request account re-activation. Suspended users
may be required to attend additional training before having their access reinstated.
e. In the event that a Partner Agency is removed from the system, it must submit a
written request for reinstatement to KCRHA and Bitfocus. If the Partner Agency is not
reinstated into the system after review of its reinstatement request,the Partner
Agency will be given one copy of its data upon request in a format that will be
determined by Bitfocus and approved by the System Performance Committee. (The
Partner Agency will also be provided with a description of the data format.) Data will
not be given to the Partner Agency until all hardware (firewalls, etc.) belonging to
Bitfocus is returned. Any fees paid for participation in the HMIS will not be returned.
14. Limitation of Liability and Indemnification: No party to this Agreement shall assume any
additional liability of any kind due to its execution of this agreement of participation in the
HMIS. It is the intent of the parties that each party shall remain liable,to the extent provided
by law, regarding its own acts and omissions; but that no party shall assume additional
liability on its own behalf or liability for the acts of any other person or entity except for the
acts and omissions of their own employees, volunteers, agents or contractors through
participation in HMIS. The parties specifically agree that this agreement is for the benefit
of the parties only and this agreement creates no rights in any third party.
15. Standard Terms and Conditions
a. This Agreement is the complete and exclusive statement of agreement between the
parties, and it supersedes all prior agreements, oral or written, relating to the subject
matter of this Agreement.
KC FIA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
b. Neither party shall have the right to assign or transfer any rights or obligations under
this Agreement without the prior written consent of the other party.
c. This Agreement shall remain in force until revoked in writing by either party with thirty
30) days' advance written notice. Notwithstanding the foregoing, if there is credible
evidence regarding potential or actual breach of this Agreement and the nature of the
breach threatens the integrity of the HMIS, KCRHA as the HMIS Lead will have the right
to immediately suspend or restrict the access rights of the breaching party to the HMIS
pending investigation and resolution of the matter to the extent reasonably required
to protect the integrity of the system.
d. If this Agreement is terminated, KCRHA and all participating Partner Agencies maintain
their rights to the use of all client information previously entered into the HMIS,subject
to the terms of this Agreement and other applicable rules, regulations, and
agreements.
e. Upon any such termination of this Agreement, the Agency may request and receive
one export copy of all data entered by it into the HMIS from the Effective Date up to
the date of termination. If such a copy is requested, the Partner Agency will be
responsible for reimbursing KCRHA for the costs associated with producing the report.
f. This Agreement may be amended or modified only by a written agreement signed and
executed by both parties.
g. This Agreement is made for the purpose of defining and setting forth the rights and
responsibilities of KCRHA as the HMIS Lead, Bitfocus as an agent of KCRHA, and the
Agency. It is made solely for the protection of KCRHA, Bitfocus, the Agency, and their
respective heirs, personal representatives,successors,and assigns. No other individual
or entity shall have any rights of any nature under this Agreement or by reason hereof.
Without limiting the generality of the preceding sentence, no End User of the HMIS in
her or his capacity as such and no current,former, or prospective client of any Partner
Agency shall have any rights of any nature under this Agreement or by reason hereof.
h. Unless otherwise prohibited by law or KCRHA policy, the parties agree that an
electronic copy of a signed contract,or an electronically signed contract, has the same
force and legal effect as a contract executed with an original ink signature. The term
electronic copy of a signed contract" refers to a transmission by facsimile, electronic
mail, or other electronic means of a copy of an original signed contract in a portable
document format. The term "electronically signed contract" means a contract that is
executed by applying an electronic signature using technology approved by KCRHA.
KCRIIA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
King County Regional Homeless Authority Homeless Management
Information System (HMIS)
PARTNER AGENCY PRIVACY AND DATA SHARING AGREEMENT
This Partner Agency Privacy and Data Sharing Agreement (the "Agreement") is entered into by
and between KCRHA and
Partner Agency," or"Agency") (collectively"the Parties"), in order to clarify the rights and
responsibilities of the Parties regarding access to and use of the HMIS data by the Partner
Agency.
By signing, I agree to fulfill all of the responsibilities enumerated in the HMIS Partner Agency
Privacy and Data Sharing Agreement.
Executive Director Printed Name
Executive Director Signature Date
King County Regional Authority on Homelessness
Designated KCRHA Representative Printed Name
Designated KCRHA Representative Signature Date
KCRHA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022
1/ Bitfocus
KCRHA
q® t
King County Regional Homelessness Authority
King County Homeless Management and Information System (HMIS)
PARTNER AGENCY TECHNICAL ADMINISTRATOR AND SECURITY
OFFICER AGREEMENT
This Agreement is entered into by and between King County Regional Authority on
Homelessness ("KCRHA") and the undersigned parties in order to establish the responsibilities
described herein and to confirm compliance with required background check requirements as
set forth below. KCRHA reserves the right to request access to the Partner Agency records and
place of business for monitoring compliance with this Agreement.
The King County Homeless Management Information System ("HMIS") is a shared
database and software application which confidentially collects, uses, and shares client-level
information related to homelessness in King County. On behalf of the King County Continuum
of Care ("CoC"), HMIS is administered by KCRHA and Bitfocus, Inc. ("Bitfocus") in a software
application called Clarity Human Services ("Clarity").
Clients must consent to the collection, use, and release of their information, which helps
the CoC to provide quality housing and services to homeless and low-income people. Client
information is collected in HMIS and released to housing and services providers (each, a
Partner Agency," and collectively,the "Partner Agencies"), which include community-based
organizations and government agencies. Partner Agencies use the information in HMIS:to
improve housing and services quality; coordinate referral and placements for housing and
services;to identify patterns and monitor trends over time; to conduct needs assessments and
prioritize services for certain homeless and low-income subpopulations; to enhance inter-
agency coordination; and to monitor and report on the delivery, impact, and quality of housing
and services.
Pursuant to the HMIS Standard Operating Policies and the HMIS Security Plan, each
HMIS Partner Agency must designate a technical administrator, also referred to as the HMIS
Agency Lead, (the "Partner Agency Technical Administrator") and a security officer(the
Partner Agency Security Officer")to fulfill the responsibilities enumerated below.
Furthermore,the Partner Agency Technical Administrator and the Security Officer may be the
same person.
HMIS Partner Agency Technical Administrator/Security Officer Agreement-May 2022 Page 1 of 4
The Partner Agency Technical Administrator is responsible for:
Overseeing the Partner Agency's compliance with the most recent versions of the
Partner Agency Privacy and Data Sharing Agreement and Memorandum of
Understanding and all other applicable plans,forms, manuals, standards, agreements,
policies, and governance documents;
Detecting and responding to violations of any applicable HMIS plans,forms, manuals,
standards, agreements, policies, and governance documents;
Serving as the primary contact for all communication related to the HMIS at the Partner
Agency and forwarding such information to all Partner Agency authorized agents and
representatives ("HMIS End Users," or simply "End Users") as she or,he deems
appropriate;
Ensuring complete and accurate data collection by Partner Agency End Users as
established by HMIS plans,forms, manuals, standards, agreements, policies, and
governance documents;
Providing first-level End User support;
Requesting End User account access;
Ensuring the Partner Agency maintains adequate internet connectivity;
Maintaining complete and accurate Partner Agency and program descriptor data in
HMIS;
Working with Bitfocus to configure provider preferences (including assessments,
referrals, services, etc.) in HMIS;
Completing agency-level reporting and/or supporting agency programs according to
applicable reporting standards established by the U.S. Department of Housing and
Urban Development ("HUD") and local funders; and
Performing authorized imports of client-level data.
The Partner Agency Security Officer is responsible for:
Conducting a complete and accurate semi-annual review of the Partner Agency's
compliance with all applicable plans,forms, manuals, standards, agreements, policies,
and governance documents;
Completing the HMIS Semi-Annual Compliance Certification Checklist (the "Checklist"),
and forwarding the Checklist to the HMIS System Administrator, as defined therein;
Continually monitoring and maintaining security of all staff workstations and devices
used for HMIS data entry which includes, but is not limited to, ensuring workstation
computers are password-protected and locked when not in use, ensuring that non-
authorized persons are unable to view any HMIS workstation computer monitor, and
ensuring that documents printed from HMIS are sent to a printer in a secure location
where only Authorized Persons have access;
Safeguarding client privacy by ensuring Partner Agency and Partner Agency End User
HMIS Partner Agency Technical Administrator/Security Officer Agreement-May 2022 Page 2 of 4
compliance with all HUD Rules;
If Agency agrees to allow access to HMIS from agency computers and Portable
Electronic Devices, assure compliance with the HMIS Partner Agency Privacy and Data
Sharing Agreement standards.
Investigating potential and actual breaches of either HMIS system security or client
confidentiality and security policies, and immediately notifying the County and the
System Administrator, as defined in the Checklist, of substantiated incidents;
Developing and implementing procedures for managing new, retired, and compromised
local system account credentials;
Developing and implementing procedures that will prevent unauthorized users from
connecting to any private Partner Agency networks;
Ensuring all Partner Agency End Users sign and execute the HMIS End User Agreement;
and
Ensuring all Partner Agency End Users complete the required New User General
Training, and Annual Security and Privacy Training, as well as all other mandatory
trainings; retaining documentation of training completion; and forwarding such
documentation to the HMIS System Administrator.
As required by HUD,the Partner Agency shall perform a background check on any End User
who is:
Designated as a Partner Agency Technical Administrator,
Designated as a Partner Agency Security Officer, or
Granted agency manager-level access in HMIS.
The Partner Agency Executive Director shall ensure that such background checks are completed
and shall approve the results before the End User is (i) granted a Technical Administrator or
Security Officer title, or both, as applicable, or (ii) granted agency manager- level access in
HMIS.The results of the background check shall be retained by the Partner Agency in the End
User's personnel file. A background check may be conducted once for each End User unless
otherwise required.
HMIS Partner Agency Technical Administrator/Security Officer Agreement-May 2022 Page 3 of 4
i"• KCRHAt
Air King County Regional Homelessness Authority
King County Homeless Management and Information System (HMIS)
PARTNER AGENCY TECHNICAL ADMINISTRATOR AND SECURITY
OFFICER AGREEMENT
Partner Agency Name:
On behalf of the Partner Agency, I will be fulfilling the role of(check all that apply):
D Partner Agency Technical Administrator
D Partner Agency Security Officer
By signing, I agree to fulfill all of the responsibilities enumerated above for my role.
HMIS End User Printed Name
HMIS End User Signature Date
I certify that a background check has been completed on the End User named above,that I
approve the results, and that a copy of the results is filed with the End User's personnel file.
Further, I certify that Partner Agency will ensure the End User named above performs each of
these functions.
Partner Agency Executive Director Printed Name
Partner Agency Executive Director Signature Date
HMIS Partner Agency Technical Administrator/Security Officer Agreement-May 2022 Page 4 of 4