The URL can be used to link to this page

Home My WebLink About5666 RESOLUTION NO. 5666 A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF AUBURN, WASHINGTON, AUTHORIZING THE MAYOR TO EXECUTE A HOMELESS MANAGEMENT AND INFORMATION SYSTEM (HMIS) DATA SHARING INTERLOCAL AGREEMENT WITH KING COUNTY REGIONAL HOMELESSNESS AUTHORITY WHEREAS, individuals within the City of Auburn are experiencing homelessness, and desire available governmental resources to assist them with their housing challenges and economic needs; WHEREAS, the novel coronavirus and its impacts to the local economy are likely to create greater housing and economic needs; WHEREAS, the City of Auburn wishes to enter into a Homeless Management and Information System (HMIS) Data Sharing Interlocal Agreement with King County Regional Homelessness Authority; and WHEREAS, the HMIS would allow City staff to assist individuals with completing an online application to provide more effective access to available federal, state, and local services through the Washington connection benefit portal and carry out other activities designed to help them maintain eligibility; and, WHEREAS, there is no additional cost to the City in joining the HMIS Data Share Agreement with King County Regional Homelessness Authority. NOW, THEREFORE, THE CITY COUNCIL OF THE CITY OF AUBURN, WASHINGTON, RESOLVES as follows: Section 1. The Mayor is authorized to execute the Homeless Management and Information System (HMIS) Data Sharing Interlocal Agreement with King County Regional Resolution No. 5666 -May 16, 2022 Page 1 of 2 Rev.2018 Homelessness Authority, which agreement will be in substantial conformity with the agreements attached as Exhibit A and Exhibit B. Section 2. The Mayor is authorized to implement those administrative procedures necessary to carry out the directives of this legislation. Section 3. This Resolution will take effect and be in full force on passage and signatures. Dated and Signed this \LP day of c•C" ck..L\ , 2022. CITY OF AUBURN 44e".ANCY 4i147-11S, Mismi eR .."-* dor- -4.11111r ATTEST: AP''RO 41111. " '4"..11111111111111 Shawn Campbell,Campbell, MMCCity Clerk Ken:144,_C* , Attorney Resolution No. 5666 May 16, 2022 Page 2 of 2 Rev.2018 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 Eft n l'44. A lc Kral ci li King County Regional HbmelessnessAuthority 410:0King County Regional Homeless Authority (KCRHA) Homeless Management•.and Information System .(HMIS) PARTNER AGENCY PRIVACY AND DATA SHARING.AGREEMENT The. Homeless Management Information System ("HMIS") is .a shared database software application which confidentially collects, uses; and releases client-level information related to homelessness. Client information is 'collected in the HMIS 'and released to nonprofitand community housing andservices providers, use the information to improve housing and services quality. On behalf of the Seattle/King County.Continuum of Care ("CoC), HMIS is administered by King County Regional Authority on Homelessness (KCRHA) ("KCRHA") in a software application called Clarity Human Services("Clarity"), a product of Bitfocus, Inc. ("Bitfocus"), KCRHA has contracted with Bitfocus to serve as the System Administrator for the HMIS. This.Partner Agency Privacy and Data:Sharing Agreement(the"Agreement"); dated OC)' ?A.2Q2i (the "Effective Date"), is entered intoby and between KCRHA and The . �.- v bUY , ( "Partner Agency,"or"Agency.") (collectively"the in order-too fur-ther-eler-ify-the-r-fights-and-r-esponsibilities-of-the-Parties-regarding-access-to-and use of the HMIS data by the Partner Agency. HMIS has a steering committee(the"KCRHA System Performance Committee;' or simply the "System Performance Committee")to oversee and support the implementation.This is overseen by the KCRHA CoCAdvisory Committee. The group is composed'of various stakeholders including: agencies funded by the U.S..Department of Housing and Urban Development("HUD"), homeless services providers, people experiencing homelessness, local governments,community-based organizations participating in HMIS and other funders. The' procedures for the qualifications and meetings of members of the System Performance Committee, and related matters, shall be set forth in the HMIS Governance Charter of the. System Performance Committee,which may be amended from time to time according to the terms therein. Agency and County agree as follows: 1. General Understandings: • a. In this Agreement,the following terms will have the following meanings: 1, "Client"refers to a consumer of services; 2. "Partner Agency" refers generally to any Agency participating in HMIS. KCR.IIA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 a. "Agency staff" refers to both paid employees and volunteers. 4; "HMIS" refers to the Homeless Management Information System.administered -. . - • -KCRHA. _ _ .. . ._ . . .. .. . ... .. s. "Enter(ing)" or"entry" refers to the entryof.any Client information into HMIS. 6. "Shar(e)(ing),"or"Information Shar(e)(ing)" refers to the sharing of information which has been'entered in HMIS with another Partner Agency. 7. "Identified Information" refers to. Client data that can be used to identify a specific Client. Also referred to as "Confidential" data or information. "Deidentified-Inforrtation"-refers-to data-that has specific Clierst'deinograp trio information removed. Also referred to'as "non-identifying" information. b. Client information :is collected in the HMIS, and shared with housing and services providers (each, a "partner Agency," and collectively, the "Partner Agencies"), which include community-based organizations and government agencies. Partner Agencies use the information in HMIS to: improve. housing and services quality; coordinate referral and placements for housing and services, identify patterns and monitor trends over time;;conduct needs assessments and prioritize services for certain homeless and low-income subpopulations; enhance inter-agency coordination; and monitor and report on the delivery, impact, and quality of housing and services. c. Subject to the direction of KCRHA, in its role as HMIS Lead, Bitfocus will:act as the HMIS System Administrator and Software as a Service ("SaaS") provider, and will assume responsibility—for—over-all—project administr-ati;on;hosting—of—the—HMIS—technical . . . . infrastructure;and restricting or allowing accessto the HMIS to the Partner Agencies in accordance with the direction of KCRHA. d. The Agency recognizes KCRHA as the HMIS Lead to be the decision-making and direction-setting authority regarding the HMIS, including, without limitation, with regard to'process:updates, policy and practice guidelines, dataanalysis, and software or hardware upgrades. e. The Agency will designate a staff member to attend HMIS Agency Administrators meetings regularly, and the-Agency understands that Bitfocus, as the agent.of KCRHA, will be responsible for coordinating HMIS Agency Administrator activities subject to the direction of KCRHA as the HMIS Lead. 2. Confidentiality: a. Agency will not: 1. enter information into HMIS which it is not authorized to enter; and KOWA_HMIS Partner Agency Privacy And Data Sharing Agreement-May 2022. JocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 2. designate information forsharing which it is not authorized to share, under any relevant federal, state, or local confidentiality laws, regulations or other _restrictions applicable to Client_information, -: b. Agency represents that (check applicable Items) for the purposes of the organization's participation in the HMIS: ❑ ❑ it is; ®is not;a "covered entity"whose disclosures are restricted under HIPAA (45 CFR 160 and 164); More information about"covered entities" can be found here: http://www.hhs.gov/ocr/privacy/hipaa/ understanding/coveredentities/index.html ❑ 0 it is; Chis not; a program whose disclosures are restricted under Federal Drug and Alcohol Confidentiality Regulations:42 CFR Part 2; If Agency is subject to'any laws or requirements which restrict.Agency's ability to either enter or authorize sharing of information, Agency will ensure that any entry it makes and all;designations for sharing fully comply with all applicable laws:or other restrictions. c. To the extent that information entered.by Agency into HMIS is or becomes subject to additional restrictions, Agency will immediately inform County in writing of such restrictions. d. Agency shall comply with the Violence Against Women and Department of Justice Reauthorization Act of 2005 (VAWA) and Washington State RCW 43.185C.030. No Identifi-e-d-Information-may-b-e entered-into-HMIS-for Cli-e-nts-in licensed dorrrestic violence programs (Victim Service Providers) or for clients actively fleeing domestic violence situations. e. Agency shall not enter confidential information regarding HIV/AIDS status, in accordance with RCW 70.02.220. If funding(i.e., HOPWA) requires HMIS use, those clients' data shall be entered without Identifying Information. 3. Information Collection, Release and Sharing Consent: • a. Collection. of Client Identified information: An agency shall collect client identified information only when appropriate to the purposes for which the information is obtained or when required by law. An Agency must collect client information by • lawful and fair means and, where appropriate, with the knowledge or consent of the individual. 1. The Agency will use the Client Consent to Data Collection and Release of Information form,describing how client information may be collected,used,and released by KCRHA and the CoC in the administration of the HMIS. Only the standard, County-issued Client Consent to Data Collection and Release of Information form may be used. KCRHA HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022 DocuSign Envelope ID:F9F80766-8257-445C-8397-FB566B082953 2. The Agency must maintain appropriate documentation of informed client consent, in writing and signed by each client,, to ''participate in the HMIS. All documentation must be provided-to KCRHA wthin.:ten 11Q)day-s upon request. _ . 3. Consent Status and collection method used must be documented in HMIS by the • agency creating the record for each household member. b. Obtaining Client Consent: In obtaining client consent, each adult Client in the household must sign the approved King County HMIS Client Consent to Data Collection and Release of Information form to indicate consent to enter Client identified informationinto HMIS. If minors are present in the'household,:at least one adult in __ __... .. _ .__..__...the-household_must-consent_minor-s b-y-writing-their_names-on=the-Client Consent=to---- ----= Data Collection and Release of Information form. If any adult member of a household does not provide written.consent, identifying information may not be entered into HMIS for anyone in the household.. Unaccompanied youth aged 13 or older may consent to have their personally identifying information entered in HMIS. a. Revoking Consent: A Client may withdraw or revoke, consent for Client identified information collection by signing the Client Revocation of Consent form. The Agency will follow KCRHA's policies for creating de-identified clients and, all non-identifying. information for the client shall be entered into the HMIS. If a Client revokes their consent, Agency is responsible for obtaining a Client Revocation of Consent form signed by the client and immediately contacting the HMIS 'System .Administrator (Bitfocus Inc)at: kcsupport@bitfocus.corn or 206.444.4001 xato have the client record. de-identified according to KCRHA's policies. Consent may be revoked verbally for records pertaining to drug/alcohol treatment and fors-records where-client is-aotivel-y-fleein&dome-Stib-violenc€„1-f-consent is-r-e-voked verbally to: the Agency, the Agency will inform .Bitfocus of 'such revocation immediately. The Agency is prohibited from removing identified information from HMIS directly but is responsible for notifying Bitfocus Inc and the.CE program to ensure that Client can be contacted for a housing referral if applicable. • 2. No Conditioning of Services: Agency will not condition any services upon or decline to provide any services to a Client based upon a Client's refusal to allow entry of identified information into HMIS. 3. Re-release Prohibited: Agency shall not release any Client identifying information received from HMIS to any-other person or organization without written Client consent,except when required by law..Any requests forinformation from or related to HMIS,that are for purpose other than providing services to clients in the routine course of business; should be sent to Bitfocus and KCRHA. The Agency will also been encouraged to seek its own legal advice if required'by law to provide identifying confidential client information. 4. Client Inspection/Correction: Agency will allow a Client to inspect and obtain a copy of his/her own personal information. Agency will, also allow a Client to correct information KCRH.A HMIS Partner Agency Privacy And Data Sharing Agreement—May 2022 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 that is inaccurate. Corrections may be made byway of a new entry that is in addition to but is nota replacement for an older entry. 5. Training/Assistance: Agency will permit access to HMIS Only after the authorized user receives appropriate confidentiality training including that provided by Bitfocus, KCRHA, and/or WA Department of Commerce. Agency will also conduct ongoing basic confidentiality training for all persons with access toHMIS-and will train all persons who may receive:information produced from HMIS on the confidentiality of such information. Agency will participate in such training provided from time to time'by the HMIS System Administrator. The HMIS System Administrator will be reasonably evailable:during defined _ _._ .__.._._weekday__business._h.o.urs__for_._.techni.cal_._assistance—.(i.e._tr_oublesho.oting__and—r_epor_t--.... ._..—.------- generation). 6. 'Retention of paper copies of personally identifying information: Agencies must develop and adopt policies governing the retention of paper records containing personally identifying information.The policy must define how long paper records,are retained after they are no longer being actively utilized, and the process that will be used to destroy the records to prevent the.release of personally identifying information.The policy must require the destruction of the paper records derived from an.HMIS no longer.than seven years after the last day the person was served by the Agency. 7. Information Entry Standards: a. Information entered into HMIS by Agency will be truthful, accurateand complete to the best of Agency's knowledge. b. Agency-will-notrsoIicit fr-om_Client-s-or-enter-information-abput-Clients-into the-HMIS - database unless the informationis.required for a legitimate business purpose such as to provide services to the Client, to conduct program evaluation, to administer the program, orto comply with regulatory requirements. • c. Agency will only enter information into HMIS database with respect to individuals that it serves or intendsto serve, including through referral. d. The Agency will adhere to the KCRHA HMIS Standard Operating.Policies("SOPs"),HMIS Security Plan, Continuous Data Quality Improvement Process, HMIS Data Standards Manual, HMIS Data Standards Data Dictionary, and other HMIS regulations issued by the U.S. Department of Housing and Urban Development("HUD"). e. Agency will notalteror over-write information entered by another.Agency. f. Discriminatory comments based on'race, ethnicity, ancestry, skin color, religion, sex, gender identity,sexual orientation,national origin,age,familial status,or disability are not;permitted in the HMIS and will subject a user or Agency to Immediate suspension. 8. Use of HMIS: a. Agency shall be responsible for complying with all HMIS policies and procedures, and for establishing and maintaining the HMIS.Security Plan that is designed to ensure the KCRHA HMIS.Partner Agency.Privacy And Data Sharing Agreement—May 2022. DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 security and confidentiality of the data from HMIS to which Agency has access. This includes protection against:any anticipated threats or hazards to the security or • -integrityof-HMI&data;-and'protection against unauthori-ted-access..to-oruse-of-HMIS • • -• • Data that could result in substantial harm.or•inco.nvenience to KCRHA or any client or. HMIS user-. b, The .Agency Will 'utilize' the -HMIS as part of the Coordinated Entry (CE) system in accordance'with the CE Standard Operating.Procedures. Use of HMIS for CE,includes, but is not limited to, entering data for the approved.CE toolS in order to place clients -— - -- - - into-the-pr-ior-ity-pool-for-refer-r-al-to=housing--pr-ogr-ams—and--accepting-•.referrals-for-------•--- clients from the:Co.o.rdinated Entry system. c. Agency will not access identifying information for any individual for whom services are.neither sought nor provided by the Agency. d. If the.Agency wishes.to provide information from HMIS beyond information related .solely to services provided by the Agency, it must first inform and receive approval • from KCRHA as the HMIS lead. e. Agency will use HMIS database for legitimate business purposes only. • f. Agency will not use HMIS in violation of any federal or state law, including, but not limited to, .copyright, trademark.and trade secret haws, and laws prohibiting.the transmission of material, which'is threatening, harassing, or obscene. Agency will not use the .HMIS database to defraud federal, state or local'governments, i.nd.ivid.uals_oLent ities-,_br_con.d.u:ct_an-y-iil.egate.ctivity-. 9. Monitoring:and audits: County reserves the right to monitor agency.privacy practices and • compliance with'the provisions of this agreement through document review and site visits. Monitoring and audit visits may be performed by County staff or by Bitfocus. 10. Proprietary Rights:of the HMIS:The Agency and Bitfocus as the HMISSystem Administrator, understand and recognize that they are custodians of HMIS data-and .not.owners of HMIS • data. 11. Technical'Administrator and Security Officer: a. Each HMIS Partner Agency must.also designate a Technical Administrator(the"Partner Agency Technical Administrator") and a Security Officer(the "Partner Agency Security Officer") to fulfill the responsibilities detailed in the_HMIS Partner Agency Technical Administrator and Security.OfficerAgreement. b. The Agency will, comply with the HMIS Security Plan which includes completing the semi=annual Security Cornpliance•.Checklist, • c. The Partner Agency must perform a background check.on any End User: 1. Designated as a Partner Agency Technical Administrator, 2. Designated as•a Partner.Agency:Sectirity Officer, or KeRHA HMIS Partner Agency Privacy And Data Sharing:Agreement-May 2022 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 3. Granted administrator-level access in HMIS. • Such background check must be completed and the results approved by the Partner -_ --Agency orActing-Executive Director-before-th-e--End-User-is-(i) - - granted with a Technical Administrator or Security Officer title, or both, as applicable, and (ii) granted administrator- level access in HMIS. The results of the • background check must be retained by the Partner Agency in the End User's personnel file and.must be provided to KCRHA upon request. 12. Incidents of unauthorized access:As outlined in the HMIS Security Plan,.should confidential _._ ____ ._..___.— —atld/ E egaJJ_y._{zrQtected�J.i nt_data.be_divsa.lged.to_unauthorized th.ir-d_pa:rties,_Age.ncy_.s.h.all—.___ ___— be responsible for complying with all applicable federal and state laws and regulations and shall be solely responsible for the costs associated with any and all activities and actions required. Agency shall take appropriate action to address any incident of unauthorized • access to HMIS.These actions must include: a. Immediately working to remedying or mitigating the issue that resulted in such unauthorized access; b. Notifying KCRHA within 24 hours of any incident of unauthorized access to HMIS data, or any other breach in the Agency's security that materially affects County or HMIS; c. Upon request from KCRHA,Agency shall provide:a corrective action plan that addresses the incident and is designed to ensure compliance by its officers, employees, agents, and-subcontractors with the-confidentiality-pr-ovisions=in=this-Agr-eement;-and d. Agency will be responsible for notifying all impacted clients. . 13, Guidelines on Removing Partner Agencies or Users • Voluntary Removal; If a Partner Agency or user no.longer wants to accessthe HMIS,they 'simply need to inform Bitfocus of such decision. In the case of user removal, it is the Partner Agency's responsibility to contact Bitfocus in a timely manner so the User ID can be deactivated to prevent unauthorized access to the system. A Partner Agency requesting removal from:the HMIS understands the following: • • a. The Partner Agency will receive upon request one copy of the data it has:input into the HMIS. Such copy will be in a format determined by Bitfocus and approved by the System Performance Committee. The Partner Agency will be givenan appropriate description of the data format. b. The data the Partner Agency enters into the system will remain in the system for the purposes of producing aggregate non-identifying reports. Any Partner Agency information will remain in the system but will be marked as inactive. KeRHA HMIS Partner Agency Privacy And Data Sharing Agreement May 2022. • DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 c. The Partner Agency understands and accepts any ramifications of not participating in the HMIS, including impacts on.coordinated entry. Involuntary Removal: It is vital for the KCRHA and Bitfocus to provide a secure service for all Users. Any actions)that threaten the integrity of the system will not be tolerated. a. Bitfocus reserves the right tomodify, limit,or suspend any user account or remove any Partner Agency at any time if there is a security risk to the system. b. Any improper Use of the HMIS is subject to immediate.suspension of the user's — — — — - account The penaltiesimposed•on-a-user for-improper-system-usewill-vary-based-on------ --- --� the level of the offense.Typically the user will receive a warning upon the first offense. However, if the offense is severe enough, Bitfocus reserves the right to disable the account immediately and., in extreme cases, to disable all users' access at the Partner Agency in question. c. Bitfocus will contact the Partner Agency within one business day of any such -suspension. d.. If a user's account is suspended, only the Executive Director (or acting Executive Director) fora Partner Agency may request account re-activation. Suspended users may be required.to attend additional training before having their access reinstated. e. In the event that a Partner Agency is removed from,the system, it must submit a written request for reinstatement to KCRHA and Bitfocus. If the Partner Agency is not reinstated ti the,system after review of I s instatement request,the Partner Agency will be given one copy of its data upon request in a format that will be determined by Bitfocus and approved by the System Performance Committee. (The Partner Agency will also be provided with a description of the.data format.) Data will not be given to the Partner Agency until all hardware (firewalls, etc.) belonging to Bitfocus is returned. Any fees paid for participation in the HMISwill-not be returned. 14. Limitation of Liability and Indemnification: No party to this Agreement shall assume any additional liability of any kind due to its execution of this agreement of participation in the HMIS. Itis the intent of the parties that each party shall remain liable,to the extent provided by law, regarding its own acts and omissions;. but that no party shall assume additional liability on its own behalf or liability for the acts ofany other person or entity except for the • acts and omissions of their own employees, volunteers, agents or contractors through • • participation in HMIS. The parties specifically agree that this agreement is for the benefit of the parties only and this agreement creates no rights in any third party. 15. Standard Terms and Conditions a. This Agreement is the complete and exclusive statement of agreement between the parties, and it supersedes all prior agreements, oral or written, relating to the subject matter of this Agreement. KC;R11.A HMIS Partner Agency Privacy And Data Sharing Agreement-May 2022 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 b. Neither party shall have the right to assign or transfer any rights or obligations under this Agreement without the prior written consent of the other party. c. This Agreement shall remain in force until revoked in writing by either party with thirty (30) days' advance written notice. Notwithstanding.the foregoing, if there is credible evidence regarding potential or actual breach of this Agreement and the nature of the breach threatens the Integrity of the HMIS;KCRHA as the HMIS.Iead:will have the right to immediately suspend or restrict the access rights of the breaching party to the HMIS pending investigation and resolution of the matter to the extent reasonably required -to-protect-the Integrity-of-the-system. _. ...._.._.__._ �...-------._.-.-.--_-----...--. ---...--.--... d. If this Agreementis terminated, KCRHA andall participating.Partner Agencies maintain their rights to the use of all'client information previously entered into the HMIS,subject to the terms of this Agreement and other applicable rules, regulations, and agreements. e. Upon any such termination of this Agreement, the.Agency may request and receive one export copy of all data entered by it into the HMIS from the Effective Date up to the date of termination. If such a copy is requested, the Partner Agency will be • responsible for reimbursing KCRHA for the costs associated with producing the report. f. This Agreement maybe amended or modified only by a written agreement signed and executed by both parties. g. This Agreement is:made for the purpose of definingandsetting forth the rights and responsibilities of KCRHA as the HMIS Lead, Bitfocus as an agent of KCRHA, and the Agency. It is made solely for the protection of KCRHA, Bitfocus, the Agency, and their respective heirs, persorial representatives, successors,and assigns. No other individual or entity shall have any rights ofany nature under this Agreement or by reason hereof. • Without limiting the generality of the preceding sentence, no End User'of the HMIS in her or his capacity as such and no current,former, or prospective client of any Partner Agency shall have any rights of any nature under this Agreement Or by reason hereof. h. . Unless otherwise prohibited by law or KCRHA policy; the parties agree that an electronic copy of a signed contract, or an electronically signed contract, has the same force and legal effect as a contract executed'with an original ink signature. The-term "electronic copy of a signed contract" refers to a transmission by facsimile, electronic mail, or other electronic means of a copy of an original signed contract in a portable document format. The term "electronically sighed contract" means a contract that is executed by applying an electronic signature using technology approved by KCRHA. KCRHA HMIS Partner Agency Privacy And Data Sharing Agreement--May 2022. DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 • -King-County-Region-al-R°egion-al Homeless-Authority-Homeless Management - -- Information System (HMIS.) PARTNER AGENCY PRIVACY AND DATA.SHARING AGREEMENT This Partner Agency Privacy and.Data Sharing Agreement(the "Agreement") is entered into by and between KCRHA and Tht t)k. v "Partner Agency,"or"Agency") (collectively"t a Parties"), in order to clarify the rights and responsibilities of the Parties regarding access to and use of the HMIS data by the Partner Agency. By signing, I agree to fulfill all of the responsibilities enumerated in the HMIS Partner Agency Privacy and Data Sharing Agreement. • • Nancy Backus Executive Director Printed Name r— S e—DocuSigned by: i"�c�rw� ccus 6/1/2022 `--Atet869b3/3S4eo... Executive'Director.Signature Date King County Regional Authority on Homelessness • Helen Howell Designated KCRHA Representative Printed Name ,--DocuSigned by: tk-d,un, Nwtit, , 12/20/2022 �--auvnSasa GEbu4nu... . Designated KCRHA Representative Signature Date • KCRFJ..A"HMIS Partner Agency Privacy And Data Sharing Agreement May 2022 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 • vs BitfOCus • King comity RegiorialHemalessnessAmhority King County Homeless Management and Information.System (HMIS) PARTNER AGENCY TECHNICAL ADMINISTRATOR AND SECURITY OFFICER AGREEMENT This Agreement is entered into by and between King County.Regional Authority on Homelessness ("KCRHA") and the undersigned parties in order to establish the responsibilities described herein and to.confirm compliance with required background check requirements as set forth below. KCRHA reserves the right torequest access to the Partner Agency records and place of business for monitoring compliance with this'Agreement. The King County Homeless Management Information System ("HMIS")is a shared database and software application which confidentially collects, uses, and shares client-level information related to homelessness in King County. On-behalf of the.KingCounty Continuum of Care ("CoC"), HMIS is.administered by KCRHA and Bitfocus, Inc..("Bitfocus") ina software ap.plicati.an_cane..d..Clarity...H.u.m:an_S.ervices...(...Clarity.._)....... . . ..... .. ._ .._.... . .. . _.................._............ ._........ ..._.......................... Clients must consent.to.the collection, use, and release of their information,.which helps the CoC to provide quality housing and services to homeless and low-income people. Client information is collected in HMIS'and released to housing and services:providers (each, a "Partner Agency," and collectively,the."Partner Agencies".),which include community-based organizations and.government agencies. Partner Agencies use'the.information in HMIS:to improve housing and services quality; coordinate referral and placements for housing and services;,to identify patterns and monitor trends over time;to'conduct needs assessments and prioritize services for certain homeless and low-income subpopulations;to enhance inter- agency coordination; and to monitor and report on the delivery, impact, and:quality of housing and services. Pursuant to-the HMIS.Standard Operating'Policies and the HMIS Security Plan, each HMIS Partner Agency must designate a technical administrator,also referred to as the HMIS Agency Lead, (the. P.artner Agency Technical Administrator") and a sseCurity officer(the "Partner Agency SecurityOffice'r")to fulfill the responsibilities enumerated below. 'Furthermore, the Partner Agency Technical Administrator and the Security Officer may be the same person. HMIS Partner Agency TechnicalAdministrator/Security Officer Agreement-May 2022 Page 1 of 4 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 The Partner Agency Technical Administrator is-responsible for:. • Overseeing the Partner Agency's compliance with the most recent versions of the • - -• Partner-Agency-Privacy and-Data S.haringAgreement-and'Memorandum-of= -- - - Understandingand all other applicable plans,forms, manuals, standards, agreements, policies, and governance documents; • Detecting and responding to violations of any applicable HMIS.plans,forms, manuals, standards, agreements, policies, and governance documents; •. Serving as the primary contact for all communication related to the HMIS.at the Partner Agency and forwarding such information to all Partner-Agency authorized agents and representatives ("HMIS End Users," or simply"End Users")as she or he deems appropriate; • Ensuring complete and accurate data collection by Partner Agency End Users as established by HMIS plans,forms, manuals, standards, agreements, policies; and governance documents;. • Providing first-level.End User support; • Requesting End User account access; • Ensuring the Partner Agency maintains adequate Internet connectivity; • Maintaining complete and accurate Partner Agency and program descriptor data in HMIS; • Working with Bitfocus to configure provider preferences (including:assessments, referrals, services, etc.) in HMIS; • • o Completing agency-level reporting and/or Supporting agency programs according to applicable reporting standards established.by.the U.S. Department of Housing and Urban Development.("HUD") and local funders; and • Performing authorized imports of client-level data. The Partner Agency Security Officer is responsible for: • Conducting a complete and accurate semi-annual review of the Partner Agency's compliance with all applicable plans,forms, manuals, standards, agreements, policies, and governance documents; • Completing the HMIS'Semi-Annual Compliance Certification Checklist (the "Checklist"), andforwarding the Checklist to the HMIS System Administrator, as defined therein; • Continually monitoring and maintaining security of all staff workstations and devices . • used for HMIS data entry which includes, but is not limited to, ensuring workstation computers are password-protected and locked when not in use, ensuring that non- authorized,persons:are Unable to view any HMIS workstation computer monitor, and ensuring that documents printed from HMIS are sent to a printer in a secure location where only Authorized Persons have.access; • Safeguarding client privacy by ensuring Partner Agency and Partner Agency End User HMIS Partner Agency Technical Administrator/Security Officer Agreement-May 2022 Page 2 of 4 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 compliance with all HUD Rules; • If Agency agrees to allow access to HMIS from agency computers and Portable Electronic Devices, assure compliance_with the HMIS Partner Agency Privacy and Data Sharing Agreement standards. • Investigating potential and actual breaches of either HMIS system security or client confidentiality and security policies, and immediately.notifying the County and the System Administrator, as defined in the Checklist, of substantiated incidents,; •• Developing and implementing procedures for managing new, retired, and compromised local system account credentials; - - • -Developing and:implementing-procedures-that-will-prevent-unauthoriie-d-users-from— — -- -- - connecting to any private Partner Agency networks; • Ensuring all Partner Agency End Users sign and execute the HMIS End User Agreement; and • Ensuring all Partner. Agency End Users complete the required New User General Training; and Annual Security and Privacy Training, as well-as all other mandatory trainings; retaining documentation of training completion; and forwarding such documentation to the HMIS System Administrator. As required by HUD,,the Partner Agency shall perform a background check on any End User who is: • Designated as a Partner Agency Technical Administrator, • Designated as a Partner Agency Security Officer, or • Granted agency manager-level access in HMIS. The Partner Agency.Executive Director shall ensure that such background.checks are completed and Shall approve the results before the End User is 0).granted a Technical Administrator or Security Officer title, or both, as applicable, or(li) granted agency manager-level access in HMIS.The results of the background check shall be retained by the Partner Agency in the End User's personnel file..A background check may be conducted once for each End User unless otherwise required. HMIS Partner Agency Technical Administrator/Security Of Agreement May 2022 Page 3 of 4 DocuSign Envelope ID:F9FB0766-8257-445C-8397-FB566B082953 JAA p0 Ong Com),Reuinnqf Homelessness Authority King County Homeless Management and Information System (HMIS) PARTNER AGENCY TECHNICAL ADMINISTRATOR AND SECURITY OFFICER AGREEMENT Partner Agency Name: (T °F AU-AA rie? On behalf of the Partner Agency, I Will be fulfilling the role.of(check all that apply): Partner Agency Technical Administrator Iril"Partner Agency Security Officer By signing, I agree to fulfill all &the responsibilities enumerated above fOr my role. ,,/ hT HMIS End User Printed Name,' HMIS End User Signatur: Date I certify that a background check has been completed on the End User named above, that I approve the results, and that a copy of the results is filed With the End User'spersonnel file. Further, I certify that Partner Agency will ensure the End USer named above performs each of these functions. Nancy Backus Partner Agency Executive Director Printed Name ,e—DocuSigned by: ffopti-I)ackuts 6/1/2022 -*AECEB89537354C0... Partner Agency Executive Director Signature Date HMIS Partner Agency Technical Administrator/Security Officer Agreement-May 2022 Page 4 of 4