Back in April, we published a newsletter article called HMIS Data Requests from Courts or Law Enforcement. In that article, we stated that it is "best practice" to loop in your HMIS Lead agency to vet the request. Since then, the Policies & Prioritization Committee has updated our HMIS Policies to directly address this. It is now official in our policies that HMIS-participating agencies must escalate to the HMIS Lead in these situations. Here is the new language, which can be found in Section 5.1 - Baseline Privacy Policy.

Escalating Requests for Client-Level Data from Law/Regulatory Enforcement or Other Entities
In the event a participating agency receives a request (such as a warrant, subpoena, or court order) from law or regulatory enforcement or any other entity for client-level HMIS data containing Personally Identifying Information (PII), the request must be escalated to the HMIS Lead Agency for further vetting and legal consultation. Agencies may not fulfill such a request prior to discussing with the HMIS Lead Agency. If such a request is deemed legal and valid, the HMIS Lead Agency will work with the participating agency to determine how to fulfill the request such that the minimum amount of PII is disclosed.

To access the full HMIS Policies, visit the Administrative Documents page of this website.