Privacy and Security: Data Privacy Concerns For Users
Entering and accessing data comes with a high degree of responsibility on behalf of organizations and users.
Key responsibilities
Posting the Posted Data Privacy Notice. A CHO (Covered Homeless Organization) must adhere to this Policy describing its practices for the processing of PII (Personal Identifying Information) and must provide a copy of this Policy to any individual upon request. If a CHO maintains a public web page, the CHO must post the current version of this Policy on the web page. A CHO must post Alaska CoC Statewide Consumer Notice stating the availability of this Policy to any individual who requests a copy.
Providing each client with the Consumer Notice. This Notice MUST BE posted within any organization who has signed an Alaska CoC (Continuum of Care) Statewide Interorganizational Data Sharing and Coordinated Services Agreement (see below) and is involved in the uses and disclosures of PII covered under Alaska CoC Statewide Consumer Notice. This Notice must be available for clients to see easily, and intake staff are expected to explain it to clients as they seek services from our homeless services systems.
Responding to client grievances. Questions or complaints about the Alaska CoC Statewide Privacy Policy may be submitted to the CHO where the client receives services. Complaints received by the CHO specific to the Alaska CoC Statewide Privacy Policy should be submitted to the AKHMIS (Alaska Homeless Management Information System) Lead Agency's Project Manager. If there is no resolution, the Executive Directors of the AK CoCs, in consultation with the AK CoCs' Executive Committees, will oversee final arbitration. All other complaints will follow the CHOs grievance procedure as outlined in the CHO's handbook.
Keeping intake forms or printed information from AKHMIS in a secure file. This applies to any client-level data for entry in AKHMIS or reported out of AKHMIS. Hard copies shall be stored in a secure environment that is inaccessible to the public or staff not requiring access. Hard copies shall not be left out in the open or unattended. Hard copies shall be shred when disposal is necessary.
Not sharing passwords. ICA (Institute for Community Alliances) will generate usernames and passwords within the administrative function of the software. Each user accessing the AKHMIS must have his / her / own username and password to access the system sharing of usernames and passwords is forbidden.
Abiding by minimum necessary use. Users are bound by the User Agreement to only view, obtain, disclose, or use AKHMIS information necessary to perform their jobs. Access to client-level information in the AKHMIS by persons accessing the system (AKHMIS Users) will be restricted to the minimum level necessary to complete job duties.
Logging out if you walk away. If staff from a CHO will be gone for an extended period, staff should log off the data entry system and shut down the computer.
Notify the Help Desk within 24 hours if a staff person is leaving your organization or no longer needs AKHMIS access. [Tip: add a step to your employee departure documentation to make sure this happens consistently!] Supervisors are required to advise ICA via the AKHMIS Help Desk when a user no longer needs a license within 24 hours of when a user no longer needs to access the AKHMIS.
Immediately notify ICA of any real or potential security breaches. Comprehensive data privacy requirements and consequences for violating those requirements are spelled out in the AKHMIS Policies & Procedures, the AKHMIS User Agreement, the Alaska CoC Statewide Privacy Policy and the Alaska CoC Statewide Security Policy.